Stay organized with collections Save and categorize content based on your preferences.
Creating multi-region deployments for API GatewayPreview
This product or feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of the Service Specific Terms. Pre-GA products and features are available "as is" and might have limited support. For more information, see the launch stage descriptions.
This tutorial shows you how to configure an HTTP(S) load balancer to enable multi-region deployments for API Gateway.
Creating an HTTP(S) load balancer to support multi-region deployments of API Gateway can improve availability and decrease latency for your service by serving from more than one region. You can further minimize latency and maximize uptime with cross-region routing, which serves requests from the available region closest to your user.
For the purposes of this tutorial, you will configure a single, non-regional URL scheme that works anywhere in the world, but serves user requests from the closest API Gateway deployment. With this configuration, requests are ideally routed to the region that provides minimal latency to the user. In the event that the closest region is unavailable or over capacity, the request is routed to a different region to ensure availability.
Before you beginBefore configuring your multi-region deployment, follow the API Gateway Quickstart to deploy a Cloud Run service and create a gateway that points to that service.
For this tutorial, deploy your service to two different regions. For example, you can deploy two API Gateway instances:
my-gateway-eu to a region in Europemy-gateway-us to a region in the USIn this tutorial, you will create a serverless network endpoint group (NEG) and an external HTTP(S) load balancer in a Cloud project. This requires either a project owner or editor role, or the following Compute Engine IAM roles:
Create an SSL certificate resourceTo create an HTTPS load balancer, an SSL certificate resource must be added to the load balancer's front end. Create an SSL certificate resource using either a Google-managed SSL certificate or a self-managed SSL certificate.
Google-managed certificates. Using Google-managed certificates is recommended because Google Cloud obtains, manages, and renews these certificates automatically. To create a Google-managed certificate, you must have a domain and the DNS records for that domain in order for the certificate to be provisioned. If you don't already have a domain, you can get one from Google Domains. Additionally, you will need to update the domain's DNS A record to point to the load balancer's IP address created in a later step. For detailed instructions, see Using Google-managed certificates.
Self-signed certificates. If you do not want to set up a domain at this time, you can use a self-signed SSL certificate for testing.
This tutorial assumes that you have already created an SSL certificate resource.
If you want to test this process without creating an SSL certificate resource (or a domain as required by Google-managed certificates), you can still use the instructions on this page to set up an HTTP load balancer instead.
Create the HTTP(S) load balancerCreate a serverless NEG for each API Gateway instance.
A network endpoint group (NEG) specifies a group of backend endpoints for a load balancer. A serverless NEG is a backend that points to a service like API Gateway, as shown in the figure below:
To create a serverless NEG for each gateway instance, run the following command, where:
gcloud beta compute network-endpoint-groups create SERVERLESS_NEG_NAME \ --region=REGION_ID \ --network-endpoint-type=serverless \ --serverless-deployment-platform=apigateway.googleapis.com \ --serverless-deployment-resource=GATEWAY_ID
For example:
gcloud beta compute network-endpoint-groups create api-gateway-serverless-neg-eu \ --region=europe-west1 \ --network-endpoint-type=serverless \ --serverless-deployment-platform=apigateway.googleapis.com \ --serverless-deployment-resource=my-gateway-eu
Repeat this command to create a serverless NEG for the next gateway instance, using the appropriate values for the second gateway instance, for example,api-gateway-serverless-neg-us for my-gateway-us in the us-central1 region.
Create a backend service to define how Cloud Load Balancing distributes traffic.
The backend service configuration contains a set of values, such as the protocol used to connect to backends, various distribution and session settings, health checks, and timeouts, as shown in the figure below:
To create a backend service and add your serverless NEG as a backend to the backend service, run the following commands, where:
gcloud compute backend-services create BACKEND_SERVICE_NAME \ --global \
gcloud compute backend-services add-backend BACKEND_SERVICE_NAME \ --global \ --network-endpoint-group=SERVERLESS_NEG_NAME \ --network-endpoint-group-region=REGION_ID
For example:
gcloud compute backend-services add-backend api-gateway-backend-service \ --global \ --network-endpoint-group=api-gateway-serverless-neg-eu \ --network-endpoint-group-region=europe-west1
Repeat this command to add the second serverless NEG to the backend service, using the appropriate values for the second serverless NEG, for example, api-gateway-serverless-neg-us for my-gateway-us in the us-central1 region.
Create a URL map to route incoming requests to the backend service, as shown in the figure below:
To create the URL map, run the following command, where:
gcloud compute url-maps create URL_MAP_NAME \ --default-service BACKEND_SERVICE_NAME
For example:
gcloud compute url-maps create api-gateway-url-map \ --default-service api-gateway-backend-service
This example URL map only targets one backend service representing a single gateway, so host rules or path matchers are not required. If you have more than one backend service, you can use host rules to direct requests to different services based on the host name. Use path matchers to direct requests to different services based on the request path.
For example:
gcloud compute url-maps add-path-matcher api-gateway-url-map \ --path-matcher-name=my-pm2 \ --default-service=my-host-default-backend \ --path-rules="/video=video-service,/video/*=video-service" \ --new-hosts my-hosts.com
gcloud compute url-maps add-host-rule api-gateway-url-map \ --hosts=my-app-domain \ --path-matcher-name=my-app-path-matcher
To learn more about host rules and path matchers, see the URL Map documentation.
Create an SSL certificate for your target proxy, as shown in the figure below:
To create an HTTPS load balancer, an SSL certificate resource is required for the HTTPS target proxy. You can create an SSL certificate resource using either a Google-managed SSL certificate or a self-managed SSL certificate. Using Google-managed certificates is recommended.
To create a Google-managed certificate, you must have a domain. If you do not have a domain, you can use a self-signed SSL certificate for testing.
To create a Google-managed SSL certificate resource:
gcloud compute ssl-certificates create SSL_CERTIFICATE_NAME --domains DOMAIN
To create a self-managed SSL certificate resource:
gcloud compute ssl-certificates create SSL_CERTIFICATE_NAME \ --certificate CRT_FILE_PATH \ --private-key KEY_FILE_PATH
Create a target HTTP(S) proxy to route requests to your URL map, as shown in the figure below:
To create the target proxy, use the following command, where:
gcloud compute target-http-proxies create TARGET_HTTP_PROXY_NAME \ --ssl-certificates=SSL_CERT_NAME --url-map=URL_MAP_NAME
For example:
gcloud compute target-http-proxies create api-gateway-https-proxy \ --ssl-certificates=hello-cert --url-map=api-gateway-url-map
Create a forwarding rule to route incoming requests to the proxy, as shown in the figure below:
Use the following command to create the forwarding rule, where:
gcloud compute forwarding-rules create HTTPS_FORWARDING_RULE_NAME \ --target-https-proxy=TARGET_HTTPS_PROXY_NAME \ --global \ --ports=443
For example:
gcloud compute forwarding-rules create my-fw \ --target-https-proxy=api-gateway-https-proxy \ --global \ --ports=443
If you have a custom domain, this step is required to set up the DNS settings for your domain to point to the new IP address of your service. It is also required if you created an HTTP(S) load balancer with a Google-managed certificate (which requires a domain). Allocating and using a static IP address is recommended when used with DNS. The specific instructions for this step depend on your DNS provider.
To send traffic to the load balancer, the DNS record of your domain (in this tutorial, my-app-domain) must point to the IP address(es) of the load balancer.
To find the IP address of your global forwarding rule, use this command:
gcloud compute forwarding-rules list
Update your domain's DNS A or AAAA record to point to the load balancer's IP address so that traffic sent to the existing custom domain URL is routed through the load balancer instead. It may take as little as several seconds or as long as several hours for DNS to propagate this change to the DNS server.
Test to confirm that that your gateway is receiving traffic using curl or by visiting the URL in your browser. For example: https://my-app-domain
Upon testing, you should see the response generated by the Cloud Run service. For example, this may be a "Hello World" HTML page or another expected response generated by the backend service directly. This means your request is going through the load balancer, and the backend service is instructing the load balancer to send it to your gateway.
Before implementing a multi-region deployment of API Gateway, consider the following:
API Gateway does not currently support health checks. With the cross-region routing configuration outlined above, if your gateway or its backend service returns errors in one region but the overall API Gateway infrastructure in the region is available and has capacity, your HTTP(S) load balancer will not direct traffic away to other regions.
Combining different regions in a single forwarding rule requires Premium Tier pricing. For more information on calculating pricing and usage, see Network Service Tiers pricing.
When using multi-region serving, we recommend using a globally replicated managed data storage solution such as Cloud Spanner to make sure that all data is managed globally.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-07 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["This tutorial demonstrates how to configure an HTTP(S) load balancer to enable multi-region deployments for API Gateway, enhancing service availability and minimizing latency by serving user requests from the closest available region."],["Implementing a multi-region deployment involves creating serverless Network Endpoint Groups (NEGs) for each API Gateway instance in different regions and configuring a backend service to manage traffic distribution."],["The setup requires a URL map to route incoming requests to the backend service and a target HTTP(S) proxy along with a forwarding rule to direct requests to the proxy, which involves creating either Google-managed or self-managed SSL certificates."],["To ensure that traffic is correctly directed to the load balancer, DNS records for custom domains must be updated to point to the load balancer's IP address after configuring the multi-region setup."],["While API Gateway does not support health checks, and using multiple regions in a forwarding rule requires premium pricing, it's recommended to use a globally replicated data storage solution like Cloud Spanner for optimal performance."]]],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4