We’ve been self-hosting n8n on-prem and it has been a tremendous help for our IT deparment with growing interest in other areas as well. With automation, though, came the decision to reduce our management role and overhead as well, and when combined with having to deal with a series of power and network outages, we have begun looking at at n8n Cloud as an alternative.
However, we need the ability to interact with API endpoints behind our internal load balancer in AWS. Accessing internal resources has not been a problem when self-hosting from behind our own network, but we are now having to contemplate how this can be achieved when hosted by n8n instead.
We’ve explored self-hosting n8n in ECS or K8 in AWS, but between the cloud computing costs and the n8n Enterprise subscription, the total cost ends up being quite high and we would still need to manually update the application.
Has anyone managed to use n8n Cloud to access internal API endpoints and other resources without exposing them publicly? VPN? Trusts?
use AWS WAF to protect your internal API service and allow access based on set of criteria (quite complex and expensive solution)
Use TLS authentication, but I don’t know if n8n can handle that (I suppose it can’t)
use Bastion host as a proxy server (quite compex but cheap solution)
use AWS lambda to proxy requests to the internal API service. I think it’s the best, cheapest and easiest solution, that can be connected to the n8n. Drawbacks: it may work only with JSON data, which is up to 2MB maximum. No files or other binary data. However, you can easiliy design the file logic and huge JSON structures with S3 bucket. You also need some basic programming skills (e.g. for python you only need requests, json and boto3 libraries and about 20-30 lines of code to setup the solution). AWS lambda can be attached to the internal subnet where you service is located.