本文主要是介绍APIGateway 私有API的VPC endpoint是否开启DNS有什么区别,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
APIGateway 私有API的VPC endpoint是否开启DNS有什么区别
未启用私有DNS
-
从vpc内访问APIGateway regional api(非私有API)不受影响,会将APIGateway的解析为公有IP
$ curl https://region-app-id.execute-api.cn-north-1.amazonaws.com.cn/dev [{"id": 1,"type": "fish","price": 249.99},{"id": 2,"type": "fish","price": 124.99},{"id": 3,"type": "fish","price": 0.99} ]
-
从vpc内访问私有API
无法使用私有DNS名称调用私有API,私有DNS名称没有解析结果$ curl https://private-app-id.execute-api.cn-north-1.amazonaws.com.cn/dev curl: (6) Could not resolve host: hc31cifr6a.execute-api.cn-north-1.amazonaws.com.cn
使用特定于终端节点的公有DNS主机名调用私有API成功
$ curl https://vpce-xxxxx-8xxxxxgm.execute-api.cn-north-1.vpce.amazonaws.com.cn/dev -H'x-apigw-api-id:app-id' [{"id": 1,"type": "dog","price": 249.99},{"id": 2,"type": "cat","price": 124.99},{"id": 3,"type": "fish","price": 0.99} ]
启用了私有DNS
-
从vpc内访问Regional api受影响,解析为私有IP
$ curl -v https://app-id.execute-api.cn-north-1.amazonaws.com.cn/dev * Host app-d.execute-api.cn-north-1.amazonaws.com.cn:443 was resolved. * IPv6: (none) * IPv4: 10.0.10.240, 10.0.150.229 * Trying 10.0.10.240:443... * Connected to cpvnfwf97a.execute-api.cn-north-1.amazonaws.com.cn (10.0.10.240) port 443 * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 / prime256v1 / rsaEncryption * ALPN: server accepted http/1.1 * Server certificate: * subject: CN=*.execute-api.cn-north-1.amazonaws.com.cn * start date: Dec 17 00:00:00 2023 GMT * expire date: Nov 29 23:59:59 2024 GMT * subjectAltName: host "app-id.execute-api.cn-north-1.amazonaws.com.cn" matched cert's "*.execute-api.cn-north-1.amazonaws.com.cn" * issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M01 * SSL certificate verify ok. * Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * using HTTP/1.x > GET /dev HTTP/1.1 > Host: app-id.execute-api.cn-north-1.amazonaws.com.cn > User-Agent: curl/8.5.0 > Accept: */* > < HTTP/1.1 403 Forbidden < Server: Server < Date: Mon, 10 Jun 2024 02:26:05 GMT < Content-Type: application/json < Content-Length: 23 < Connection: keep-alive < x-amzn-RequestId: 202d0b5f-744a-4b06-b129-9936e066e3be < x-amzn-ErrorType: ForbiddenException < x-amz-apigw-id: apigw-id < * Connection #0 to host cpvnfwf97a.execute-api.cn-north-1.amazonaws.com.cn left intact {"message":"Forbidden"}
-
从vpc内访问Private api
使用私有DNS名称调用私有API成功$ curl https://app-id.execute-api.cn-north-1.amazonaws.com.cn/dev [{"id": 1,"type": "dog","price": 249.99},{"id": 2,"type": "cat","price": 124.99},{"id": 3,"type": "fish","price": 0.99} ]
使用特定于终端节点的公有DNS主机名调用私有API成功
$ curl https://vpce-xxxxx-84szh5gm.execute-api.cn-north-1.vpce.amazonaws.com.cn/dev -H'x-apigw-api-id:app-id' [{"id": 1,"type": "dog","price": 249.99},{"id": 2,"type": "cat","price": 124.99},{"id": 3,"type": "fish","price": 0.99} ]
这篇关于APIGateway 私有API的VPC endpoint是否开启DNS有什么区别的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!