How to configure AWS API Gateway for Jira Application
This article describes about how to configure the AWS API Gateway to use your Jira REST APIs. The main benefits come when you want to share your Jira application API resources with any other integrated services like Microsoft teams, Slack, Git etc.
Using API Gateway's Usage plan, you can even charge your consumers based on their usage. Also there are many advantages that comes in hands like requests throttling, WAF restriction, secured connection, authentication and authorization, etc. For more details, visit Click here
Download API definition file
The APIs definition file is found on this link.
Click on the three dots and 'Download OpenAPI Spec'
Import API definition file into API Gateway
Open your AWS console, Click on 'Create API' -> 'REST API private' -> 'Import'
Upload the swagger or OpenAPI file
Select 'Import from Swagger or Open API 3' -> 'Select Swagger file' -> Upload the downloaded OpenAPI file.
Now you will see the main page of API Gateway console, with the created Jira resources from our import.
Configure VPC link
Till this point, you have configured the front end of API Gateway. Now its time to actually your created API resources with your Jira server running on the backend.
Also create one VPC Endpoint for the communication between your API and the VPC of your server.
For more security, we have selected everything private here. If there is no load balancer running for your Jira server, go ahead and create one. I create a Network load balancer in front of Jira for the requests from API gateway to successfully passthrough.
Then i create a VPC link to connect to point to the load balancer (private connection).
Click 'Create VPC' -> 'VPC link for REST APIs' -> Target NLB (select the newly created NLB).
Select your API on the API Gateway console
Click on Settings -> Endpoint Configuration -> Endpoint Type (Select private) -> Enter the created VPC Endpoint ID.
Thus the communication is established successfully.
Configure your API
As the connection is already in place, now integrate your API with the backend Jira server.
Select your API on the API Gateway console, Click on the method, the sample here is GET method of /rest/api/2/application-properties resource VPC Link
Select 'Integration Request' -> 'Integration Type' -> Select VPC Link
Proxy Integration
Check on 'Use Proxy Integration'
On VPC Link -> Enter the created VPC Link
On Endpoint URL -> Specify the URL as your-nlb-dnslink/rest/api/2/application-pro.. Click on 'Save'
Select 'Method Response' -> If there is no HTTP status available, Click on 'Add Response' and add 200 status.
Again Click on method (here GET method) -> Actions -> Enable CORS. The above action will automatically add the other required responses, OPTION method and also enables CORS.
Then Click on 'Test' and test your API responses.
Deploy your API
Click on '/' path -> Actions -> Deploy API. Deployment Stage -> New Stage -> Enter the name -> Enter the description -> 'Deploy'
Oops, you are getting an error, that no resource policy is attached with your API.
To resolve that error, enter the below contents in the 'Resource Policy'. This is to give invoke permission to your API.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:<region>:<vpcID>:<apiID>/*/*/*",
"Condition": {
"StringNotEquals": {
"aws:sourceVpce": "<vpceID>"
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:<region>:<vpcID>:<apiID>/*/*/*"
}
]
}
Congratulations!
After deploying, with the generated deployed URL you can test your API calls. Now you can consume these APIs from Postman or Developer Portal or any tool of your choice.
Tips
If you want to customize the deployed API URL, then you can go for 'Custom Domain Names' option on AWS API Gateway.
AWS API Gateway cannot accept requests from untrusted sources, hence while testing your APIs from any applications, pass the hostname of your API in the header along with the API call request (-H hostname or the deployed URL name)