Bu sayfa henüz yerel dilinizde mevcut değildir. Daha fazla dil seçeneği eklemek için yoğun bir şekilde çalışıyoruz. Desteğiniz için teşekkür ederiz.

Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
Software Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
Help Center/ API Gateway/ User Guide/ Creating a Gateway

Creating a Gateway

Updated on 2024-12-02 GMT+08:00

This section describes how to create a gateway. You can create APIs and use them to provide services only after a gateway is created.

Constraints

There are some limitations on creating a gateway. If you cannot create a gateway or a gateway fails to be created, check the following items:

  • Gateway quota

    By default, your account can be used to create five gateways in a project. To create more dedicated gateways, submit a service ticket to increase the quota.

  • Permissions

    You must be assigned both the APIG Administrator and VPC Administrator roles or assigned the APIG FullAccess policy to create a gateway.

    You can also be granted permissions using custom policies. For details, see APIG Custom Policies.

  • Number of available private IP addresses in the subnet

    The basic, professional, enterprise, and platinum editions of APIG require 3, 5, 6, and 7 private IP addresses. A platinum X requires 4 more private IP addresses than the previous edition. Check that the subnet you choose has sufficient private IP addresses on the VPC console.

Network Environment

  • Workload

    Gateways are deployed in VPCs (workloads). Cloud resources, such as Elastic Cloud Servers (ECSs), in the same workload can call APIs using the private IP address of the gateway deployed in the workload.

    You are advised to deploy your gateways in the same workload as your other services to facilitate network configuration and secure network access.

    NOTE:

    VPCs (workloads) where gateways have been deployed cannot be changed.

  • EIP

    To allow public inbound access to the APIs deployed in a gateway, create an Elastic IP (EIP) and bind it to the gateway.

    NOTE:

    For APIs whose backend services are deployed on a public network, APIG automatically generates an IP address for public outbound access, and you do not need to create an Elastic IP (EIP).

  • Security group

    Similar to a firewall, a security group controls access to a gateway through a specific port and transmission of communication data from the gateway to a specific destination address. For security purposes, create inbound rules for the security group to allow access only on specific ports.

    The security group bound to a gateway must meet the following requirements:

    • Inbound access: To allow the APIs in the gateway to be accessed over public networks or from other security groups, configure inbound rules for the security group to allow access on ports 80 (HTTP) and 443 (HTTPS).
    • Outbound access: If the backend service of an API is deployed on a public network or in another security group, add outbound rules for the security group to allow access to the backend service address through the API calling port.
    • If the frontend and backend services of an API are bound with the same security group and VPC as the gateway, no inbound or outbound rules are needed to allow access through the preceding ports.

Procedure

  1. Go to the Buy Gateway page.

    NOTE:
    • ELB load balancing is enabled by default after gateways are purchased in regions except LA-Mexico City1 and CN North-Beijing1. Gateways with load balancing enabled do not support security groups. To disable access from specific IP addresses, use access control policies.
    • ELB functions as a load balancer for gateways, which support cross-VPC access. Gateways with public inbound access enabled are randomly assigned an EIP and cannot use an existing EIP.

  1. Set the gateway parameters by referring to the following table.

    Table 1 API gateway parameters

    Parameter

    Description

    Billing Mode

    Billing mode of the dedicated gateway. Options: Pay-per-use.

    Region

    A geographic area where the gateway will be deployed. Deploy the gateway in the same region as your other services to allow all services to communicate with each other through subnets within a workload. This reduces public bandwidth costs and network latency.

    AZ

    A physical region where resources use independent power supplies and networks. Availability zones (AZs) are physically isolated but interconnected through an internal network.

    To enhance gateway availability, deploy the gateway in multiple AZs.

    APIG does not support gateway migration across AZs.

    Gateway Name

    Gateway name.

    Edition

    The basic, professional, enterprise, and platinum editions are available. The number of concurrent requests allowed varies depending on the gateway edition. For more information, see Specifications.

    NOTE:

    Currently, platinum edition 2 and later are available only in CN North-Beijing4, CN East 2, ME-Riyadh, and CN-Hong Kong.

    Scheduled Maintenance

    Time period when the gateway can be maintained. The technical support personnel will contact you before maintenance.

    Select a time period with low service demands.

    Enterprise Project

    Select an enterprise project to which the gateway belongs. This parameter is available only if your account is an enterprise account.

    For details about resource usage, migration, and user permissions of enterprise projects, see Enterprise Management User Guide.

    Public Inbound Access

    Determine whether to allow the APIs created in the gateway to be called by external services using an EIP. To enable this function, assign an EIP to the dedicated gateway. You will need to pay for the EIP usage.

    NOTE:
    • Gateways with Public Inbound Access enabled in regions except LA-Mexico City1 and CN North-Beijing1 are randomly assigned an EIP and cannot use an existing EIP. Set a bandwidth that meets your service requirements for public inbound access. The bandwidth will be billed by hour based on the pricing of the EIP service.
    • APIs in the gateway can be called using independent or debugging domain names. There is a limit on the number of times that APIs in an API group can be called per day using the debugging domain name. To overcome the limitation, bind independent domain names to the API group and ensure that the domain names have already been CNAMEd to the EIP of the gateway to which the API group belongs.

      For example, you have an HTTPS API (path: /apidemo) with public access enabled. The API can be called using "https://{domain}/apidemo", where {domain} indicates an independent domain name bound to the group of the API. The default port is 443.

    Public Outbound Access

    Determine whether to allow backend services of the APIs created in the gateway to be deployed on public networks. Set a bandwidth that meets your service requirements for public outbound access. The bandwidth will be billed by hour based on the pricing of the EIP service.

    Network

    Select a VPC and subnet for the dedicated gateway.

    • Select the created VPC and subnet from the drop-down list.
    • Select the shared VPC and subnet from the drop-down list.

      VPC owners can share the subnets in a VPC with one or multiple accounts through Resource Access Manager (RAM). Through VPC sharing, you can easily configure and manage multiple accounts' resources at low costs. For more information about VPC and subnet sharing, see VPC Sharing.

    • Create a VPC and subnet by clicking Create VPC. For details, see Creating a VPC.

    Security Group

    Select a security group to control inbound and outbound access.

    If the backend service of an API is deployed on an external network, configure security group rules to allow access to the backend service address through the API calling port.

    NOTE:

    If public inbound access is enabled, add inbound rules for the security group to allow access on ports 80 (HTTP) and 443 (HTTPS).

    VPC Endpoint Service

    Name of a VPC endpoint service to create when you buy the gateway. The gateway then can be accessed using the endpoint service.

    If a name is specified, the VPC endpoint service name to display on the VPC Endpoints tab will be in the format "{region}.{Specified VPC endpoint service name}.{VPC endpoint service ID}". If no name is specified, the displayed name will be in the format "{region}.apig.{VPC endpoint service ID}".

    Tags

    Tags classify your gateways to facilitate search, analysis, and management. If no tag is available, click View predefined tags or enter a tag key and value to create one.

    Alternatively, set tags on the Tag Management Service (TMS) console by referring to Configuring Gateway Tags.

    NOTE:

    If your organization has configured tag policies for APIG, add tags to gateways based on the policies. If a tag does not comply with the policies, gateway creation may fail. Contact your organization administrator to learn more about tag policies.

    Description

    Description about the gateway.

  2. Click Next.
  3. Confirm the gateway configurations, read and confirm your acceptance of the service agreement, and click Pay Now. The gateway is created with the status displayed on the screen.

Follow-Up Operations

After the gateway is created, you can create and manage APIs in this gateway. Go to the Gateway Information page. It shows the gateway details, network configurations, and configuration parameters.

You can modify the gateway name, description, scheduled maintenance time window, security group, and EIP.

Before deleting a gateway, ensure that the deletion will not impact your services.

Sitemizi ve deneyiminizi iyileştirmek için çerezleri kullanırız. Sitemizde tarama yapmaya devam ederek çerez politikamızı kabul etmiş olursunuz. Daha fazla bilgi edinin

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback