Step 7: Configure access routing

This page applies to Apigee, but not to Apigee hybrid.

View Apigee Edge documentation.

What you're doing in this step

In this step, you choose whether to expose your new cluster to external requests or to keep it private (and only allow requests from within the firewall).

The manner in which you access the API proxy depends on whether you decide to allow external requests or restricted requests to internal only:

Access Type Description of the configuration and deployment process
External

Allow external access to your API proxy using the Apigee provisioning wizard.

The wizard deploys a Hello World proxy to your runtime instance for you. You can then send a request to the API proxy from your administration machine or any network-enabled machine, whether it is within or outside the firewall.

Internal

Allow only internal access to your API proxy using the Apigee provisioning wizard.

You download the Hello World proxy from GitHub and then deploy it to your runtime instance. You must then create a new VM inside the network and connect to it. From the new VM, you can send a request to the API proxy.

Each of these approaches is presented on a tab in the instructions below.

Perform the step

External Access

This section describes how to configure routing when you're using the Apigee provisioning wizard and you want to allow external access to your API proxy.

To configure routing for external access in the Apigee provisioning wizard:

  1. If it is not currently open, open the Apigee provisioning wizard. The wizard returns to the next incomplete install task.
  2. Click Edit next to Access routing.

    The Configure access view displays:

    Configure access

  3. Select Enable internet access. The wizard displays additional options for configuring the instance.

  4. (Optional) You can change the virtual machine instance name to something more meaningful. As part of the provisioning process, Apigee creates a managed instance group (MIG) containing multiple VMs to proxy traffic between the load balancer and the Apigee runtime. To change the VM instance name, click Edit and make your changes.
  5. Select a subnetwork name from the dropdown menu. For example: default.
  6. Select whether to supply a certificate you manage or use a Google-managed certificate.
    • Supply a self-managed certificate:
      1. Generate a certificate/key pair if you don't already have one. For test environments, this can be a self-signed certificate. For a production system you should use a certificate signed by a Certificate Authority. See also Using self-managed SSL certificates
      2. In the respective fields, browse your file system and attach the files containing the certificate and private key. Both should be PEM-formatted.
    • Use a Google-managed certificate. To use a Google-managed certificate, do not enter a signed certificate or RSA private key. See also Using Google-managed SSL certificates.
  7. Click Set access.

    Apigee prepares your instance for external access. This includes creating firewall rules, uploading certificates, and creating a load balancer.

    This process can take several minutes to complete.

  8. When Apigee finishes setting up your runtime's access, you'll notice that there is a blue check mark next to all steps in the wizard:

    Configure access to env group

  9. Click Continue and go to the next step: Deploy a sample proxy.

Internal Access

This section describes how to configure routing when you're using the Apigee provisioning wizard and you do not want to allow external access to your API proxy. Instead, you want to limit access to internal requests only that originate from within the VPC.

To configure routing for internal access in the Apigee provisioning wizard:

  1. Select No internet access. The wizard displays the internal link that you can use to access your new cluster:

    Configure access no access

  2. Make a note of the IP address displayed in this view. This IP address is the internal access point for all requests. You will send a request to this IP address from a machine that is also inside the VPC.
  3. Click Continue to complete this step in the wizard.
  4. When Apigee finishes setting up your routing rules, you'll notice that there is a blue check mark next to all steps in the wizard:

    Configure done

  5. Click Continue and go to the next step: Deploy a sample proxy.

If you encounter errors during this part of the process, see Troubleshooting.


1 2 3 4 5 6 7 NEXT: Deploy sample proxy