Skip to content

feat(apigateway): alb integration #36247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
badmintoncryer wants to merge 13 commits into
base: main
Choose a base branch
from
Open

feat(apigateway): alb integration #36247

badmintoncryer wants to merge 13 commits into from
+37,080 −12

Conversation

@badmintoncryer
Copy link
Contributor

@badmintoncryer badmintoncryer commented Nov 30, 2025
edited
Loading

Issue # (if applicable)

None

Reason for this change

REST API now supports private integration with ALB using VPC Link V2, without requiring a Network Load Balancer as an intermediary.

https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html

Description of changes

Added a new AlbIntegration class that enables direct integration between API Gateway REST API and Application Load Balancers using VPC Link V2.

  • Automatic VPC Link V2 creation if not provided
  • VPC Link reuse for multiple ALBs in the same VPC
  • Support for both proxy (HTTP_PROXY) and custom (HTTP) integration types
  • Support for imported ALBs with VPC information

Security Group Handling

The security group configuration follows the same pattern as the existing HTTP API (APIGatewayV2) ALB integration (HttpAlbIntegration):

  • By default, VpcLink is created with empty SecurityGroupIds (no security groups attached)
  • Users can optionally provide a custom VpcLink with explicit security groups for stricter security controls

This design ensures consistency between REST API and HTTP API when integrating with ALBs.

Describe any new or updated permissions being added

No new IAM permissions are added.

Description of how you validated changes

Add both unit and integ tests.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation aws-cdk-automation requested a review from a team November 30, 2025 15:33
@github-actions github-actions bot added p2 distinguished-contributor [Pilot] contributed 50+ PRs to the CDK labels Nov 30, 2025
@aws-cdk-automation aws-cdk-automation added the pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes. label Nov 30, 2025
@pahud pahud mentioned this pull request Nov 30, 2025
Open
badmintoncryer
badmintoncryer commented Dec 1, 2025
View reviewed changes
badmintoncryer
badmintoncryer commented Dec 1, 2025
View reviewed changes
badmintoncryer
badmintoncryer commented Dec 2, 2025
View reviewed changes
badmintoncryer
badmintoncryer commented Dec 2, 2025
View reviewed changes
@badmintoncryer
Copy link
Contributor Author

badmintoncryer commented Dec 4, 2025
edited
Loading

  • Review unit test
  • investigate vpc link security group setting

@aws-cdk-automation aws-cdk-automation removed the pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes. label Dec 6, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 6, 2025
edited
Loading

TestsPassed ☑️SkippedFailed ❌️
Security Guardian Results52 ran49 passed0 skipped3 failed
TestResult
Security Guardian Results
packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.alb-integration.js.snapshot/AlbIntegrationIntegDefaultTestDeployAssert7B33A2E6.template.json
iam-no-wildcard-actions-inline.guard❌ failure
packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.alb-integration.js.snapshot/AlbIntegrationTestStack.template.json
ec2-no-open-security-groups.guard❌ failure
iam-no-wildcard-actions-inline.guard❌ failure

@github-actions
Copy link
Contributor

github-actions bot commented Dec 6, 2025
edited
Loading

TestsPassed ☑️SkippedFailed ❌️
Security Guardian Results with resolved templates52 ran49 passed0 skipped3 failed
TestResult
Security Guardian Results with resolved templates
packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.alb-integration.js.snapshot/AlbIntegrationIntegDefaultTestDeployAssert7B33A2E6.template.json
iam-no-wildcard-actions-inline.guard❌ failure
packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.alb-integration.js.snapshot/AlbIntegrationTestStack.template.json
ec2-no-open-security-groups.guard❌ failure
iam-no-wildcard-actions-inline.guard❌ failure

@badmintoncryer badmintoncryer marked this pull request as ready for review December 7, 2025 02:39
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Dec 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

distinguished-contributor [Pilot] contributed 50+ PRs to the CDK p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@badmintoncryer @aws-cdk-automation