Is there a native option to setup a static IP address for a google cloud API Gateway? As far as I researched, looks like I have to setup a cloud load balancer in front of the API Gateway and then use the static IP of the load balancer. I am not sure how to do this. My goal is to only give access to my API gateway via IP address? I am looking for any documentation/articles on this regard. Thanks in advance.
2
- You can't do that. But can you describe your requirements? Why do you need to use an IP address instead of a FQDN?guillaume blaquiere– guillaume blaquiere2021-04-13 15:14:10 +00:00Commented Apr 13, 2021 at 15:14
- @guillaumeblaquiere No, I don't want a domain name, I just want to give them a constant IP address so that I am not giving them the hashed api gateway url. Maybe I am not looking for the right thing here. Currently I am giving them a url which has the gateway name, the hash and gateway.dev url. I was looking if I can map this to a static IP address so that it can be whitelisted in another application in another domain to egress?davidbilla– davidbilla2021-04-13 16:58:18 +00:00Commented Apr 13, 2021 at 16:58
Add a comment |
1 Answer
I don't know and don't understand your requirement, but you can achieve this with a trick with HTTPS load balancer.
- Create an external HTTPS load balancer. Use HTTP frontend (so not secure/encrypted) else you will have certificate's checks issues if you use HTTPS with a certificate and if you hit the IP.
- Create an internet network endpoint group that points to your API Gateway URL
- If it doesn't work, add a header in your backend service named
hostand with the API gateway base URL as value (without thehttps://prefix)
- If it doesn't work, add a header in your backend service named
I don't like this design because you add a useless layer (and thus an additional (and useless) potential point of failure) and you will be charge for the load balancer (about $15 per month)
answered Apr 13, 2021 at 18:19
guillaume blaquiere
76.6k3 gold badges65 silver badges102 bronze badges
4 Comments
davidbilla
Agreed. I'm looking to convince them to add the gateway url for whitelisting and not the static ip. Thank you.
fuzzi
I'm trying to whitelist the static IP of the API Gateway, but it appears that even with this setup, the outbound IP of the API Gateway doesn't appear to be the static one of the load balancer. Any insight on this? I can't figure out how to provide an IP for another service to add to their whitelist.
guillaume blaquiere
@fuzzi can you create a new question with more detail on where do you want a static IP (in front of the API Gateway (ingress) or when the API gateway forward the request (egress))
fuzzi
Thank you @guillaumeblaquiere - I have created a new question with more detail. Reference: stackoverflow.com/questions/71400414/…