Creating a responder gateway Creating an external responder gateway Searching for responder gateways Viewing associated links Deleting responder gateways

Responder gateways

Responder gateways are RTB Fabric infrastructure components that serve as connection points for customer gateways. Responder gateways receive requests from requester gateways and forward them to responder gateways, then return responses through the same pathway. Gateways operate colocated with your VPC and provide routing, load balancing, and processing capabilities. You maintain complete control over your bidding algorithms, response logic, and data processing, while RTB Fabric provides the secure infrastructure for connectivity.

Creating a responder gateway

Create a new responder gateway that can respond to bid opportunities.

Note

You are responsible for the data you process through RTB Fabric, including ensuring that personally identifiable information (PII) is handled according to your privacy requirements and applicable regulations.

To create a responder gateway

Sign in to the AWS Management Console and open the RTB Fabric console at https://console.aws.amazon.com/rtbfabric.
In the navigation pane, choose Responder gateway.
Choose Create responder gateway.
In the Responder gateway information section, for Gateway description, enter a description of the gateway's purpose. The description can have up to 255 characters.
In the VPC configuration section, configure the network settings:
1. For VPC ID, enter a valid VPC ID. For example: vpc-01f345ad6524a6d7.
2. For Subnet ID, enter the IDs of 1-5 subnets, separated by commas. Subnets must have at least 200 free IP addresses. These subnets should match your core workload deployment subnets or be secondary CIDR subnets within the same Availability Zones.
3. For Security group ID, enter the IDs of 1-5 security groups, separated by commas. We recommend you create new security groups for your gateways for security.
In the Responder endpoint configuration section, choose an endpoint type from the dropdown and configure the fields for that type:
- Domain name — Configure a direct endpoint using a domain name.
  1. For Domain name, enter a fully qualified domain name (FQDN) where you want your gateway to be accessed. Valid characters are a-z, A-Z, 0-9, periods (.), and hyphens (-). Maximum length is 253 characters.
  2. For Port number, enter the network port number where your gateway will listen for incoming traffic. Enter an integer from 1 to 65535. Common ports are 80 and 443.
  3. For Protocol, select either HTTP or HTTPS.
  4. (HTTPS only) For CA certificate chain, enter the CA certificate chain for your domain. Include the intermediate and root certificates in PEM format. Maximum size: 2048 characters.
- EKS — Configure a managed endpoint that points to a Kubernetes cluster.
  1. For EKS Endpoints resource name, enter the name of the Kubernetes Endpoints resource. Must be a DNS label with a maximum of 63 characters.
  2. For EKS Endpoints resource namespace, enter the Kubernetes namespace where the Endpoints resource is located.
  3. For Cluster API server endpoint URI, enter the EKS cluster API server endpoint URL. Must be a valid URI.
  4. For Cluster API server CA certificate, enter the base64-encoded CA certificate chain for the EKS API server.
  5. For Cluster name, enter the name of the EKS cluster.
  6. For IAM role, select an IAM role with ec2:DescribeSubnets permission that is associated with EKS RBAC.
  7. For Port number, enter the network port number. Enter an integer from 1 to 65535.
  8. For Protocol, select either HTTP or HTTPS.
  9. (HTTPS only) For Domain name, enter the fully qualified domain name for the endpoint.
  10. (HTTPS only, optional) For CA certificate chain, enter the CA certificate chain in PEM format.
- Auto Scaling group — Configure a managed endpoint using EC2 Auto Scaling groups.
  1. For Auto Scaling groups, select one or more Auto Scaling groups that will receive traffic.
  2. For IAM role, select an IAM role that grants RTB Fabric permission to discover instances in the Auto Scaling groups.
  3. For Port number, enter the network port number. Enter an integer from 1 to 65535.
  4. For Protocol, select either HTTP or HTTPS.
  5. (HTTPS only) For Domain name, enter the fully qualified domain name for the endpoint.
  6. (HTTPS only, optional) For CA certificate chain, enter the CA certificate chain in PEM format.
  7. (Optional) To enable health checks, configure the Health check configuration section. For details, see Health checks for Managed Endpoints.
Choose Create Gateway.
Your new responder gateway appears in the gateways list with an Activating status. The gateway status will remain Activating for 2-5 minutes until creation is complete.

After creating your gateway, you can view its details, monitor performance metrics, and make configuration changes as needed.

Updating gateway description

You can update the gateway description using the RTB Fabric API. For more information, see the AWS RTB Fabric API Reference.

Listener configuration

A listener configuration defines which protocols a gateway with external links accepts for incoming traffic. By default, a gateway listens on a single protocol (HTTPS). With multiprotocol support, you can configure a gateway to accept both HTTP and HTTPS traffic simultaneously using the listenerConfig parameter.

The listenerConfig contains a protocols list that specifies one or two protocols:

["HTTPS"] — The gateway accepts HTTPS traffic only (default).
["HTTP", "HTTPS"] — The gateway accepts both HTTP and HTTPS traffic.

Multi-protocol support is useful when you need to support partners that send traffic over HTTP while also serving HTTPS traffic with TLS termination. When both protocols are enabled, the gateway provisions listeners for each protocol on the public ingress cluster.

Note

If you enable both HTTP and HTTPS, TLS certificate association and SNI-based certificate resolution apply only to HTTPS connections. HTTP connections bypass TLS termination entirely.

Use the following command to create a responder gateway using the AWS Command Line Interface (AWS CLI).

Create a responder gateway with required parameters


$ aws rtbfabric create-responder-gateway \
--description "My RTB responder gateway" \
--vpc-id vpc-01f345ad6524a6d7 \
--subnet-ids subnet-abc12345 subnet-def67890 \
--security-group-ids sg-12345678 \
--port 443 \
--protocol HTTPS \
--client-token "unique-client-token-123" \
--endpoint-url https://rtbfabric.us-east-1.amazonaws.com \
--region us-east-1

Create with optional domain name and trust store configuration


$ aws rtbfabric create-responder-gateway \
--description "My RTB responder gateway" \
--vpc-id vpc-01f345ad6524a6d7 \
--subnet-ids subnet-abc12345 subnet-def67890 \
--security-group-ids sg-12345678 \
--domain-name responder.example.com \
--port 443 \
--protocol HTTPS \
--client-token "unique-client-token-123" \
--trust-store-configuration certificateAuthorityCertificates="-----BEGIN CERTIFICATE-----..." \
--tags Environment=Production Team=RTB \
--endpoint-url https://rtbfabric.us-east-1.amazonaws.com \
--region us-east-1

Create with multi-protocol listener configuration (HTTP and HTTPS)


$ aws rtbfabric create-responder-gateway \
--description "My RTB responder gateway" \
--vpc-id vpc-01f345ad6524a6d7 \
--subnet-ids subnet-abc12345 subnet-def67890 \
--security-group-ids sg-12345678 \
--port 443 \
--protocol HTTPS \
--listener-config '{"protocols":["HTTP","HTTPS"]}' \
--client-token "unique-client-token-123" \
--gateway-type EXTERNAL \
--managed-endpoint-configuration '{"autoScalingGroups":{"autoScalingGroupNames":["my-asg-name"],"roleArn":"arn:aws:iam::123456789012:role/MyASGRole"}}' \
--endpoint-url https://rtbfabric.us-east-1.amazonaws.com \
--region us-east-1

Create with EKS managed endpoint configuration


$ aws rtbfabric create-responder-gateway \
--description "My EKS responder gateway" \
--vpc-id vpc-0abc1234def567890 \
--subnet-ids subnet-0abc1234def567890 subnet-0def5678abc901234 \
--security-group-ids sg-0abc1234def567890 \
--port 443 \
--protocol HTTPS \
--gateway-type EXTERNAL \
--managed-endpoint-configuration '{"eksEndpoints":{"endpointsResourceName":"my-bidder-service","endpointsResourceNamespace":"bidding-ns","clusterApiServerEndpointUri":"https://ABCDEF1234567890.gr7.us-east-1.eks.amazonaws.com","clusterApiServerCaCertificateChain":"LS0tLS1CRUdJTi...base64-encoded-CA-cert...LS0tLS1FTkQ=","clusterName":"my-eks-cluster","roleArn":"arn:aws:iam::123456789012:role/MyEksEndpointDiscoveryRole"}}' \
--client-token "550e8400-e29b-41d4-a716-446655440000" \
--endpoint-url https://rtbfabric.us-east-1.amazonaws.com \
--region us-east-1

Logging

When logging is configured, default sampling behavior applies. Service logs capture all error logs (error_log sampling rate of 1) and no filter logs (filter_log sampling rate of 0). To modify sampling rates after creation, see UpdateLink in the AWS RTB Fabric API Reference.

Creating an external responder gateway

Create an external responder gateway in RTB Fabric if you do not already have one. Inbound external links require an external gateway — a gateway type designed for receiving traffic from endpoints outside RTB Fabric.

Use the following command to create an external responder gateway using the AWS Command Line Interface (AWS CLI).

Create an external responder gateway with HTTP


$ aws rtbfabric create-responder-gateway \
--description "External gateway for inbound external links" \
--vpc-id vpc-0abc123def456 \
--subnet-ids subnet-0abc123 subnet-0def456 \
--security-group-ids sg-0abc123 \
--port 80 \
--protocol HTTP \
--managed-endpoint-configuration '{"autoScalingGroups":{"autoScalingGroupNames":["my-asg-name"],"roleArn":"arn:aws:iam::123456789012:role/MyASGRole"}}' \
--gateway-type EXTERNAL \
--endpoint-url https://rtbfabric.us-east-1.amazonaws.com \
--region us-east-1

Create an external responder gateway with HTTPS


$ aws rtbfabric create-responder-gateway \
--description "External gateway for inbound external links" \
--vpc-id vpc-0abc123def456 \
--subnet-ids subnet-0abc123 subnet-0def456 \
--security-group-ids sg-0abc123 \
--port 443 \
--protocol HTTPS \
--managed-endpoint-configuration '{"autoScalingGroups":{"autoScalingGroupNames":["my-asg-name"],"roleArn":"arn:aws:iam::123456789012:role/MyASGRole"}}' \
--gateway-type EXTERNAL \
--endpoint-url https://rtbfabric.us-east-1.amazonaws.com \
--region us-east-1

Create an external responder gateway with EKS managed endpoints


$ aws rtbfabric create-responder-gateway \
--description "External gateway with EKS endpoint discovery" \
--vpc-id vpc-0abc123def456 \
--subnet-ids subnet-0abc123 subnet-0def456 \
--security-group-ids sg-0abc123 \
--port 443 \
--protocol HTTPS \
--managed-endpoint-configuration '{"eksEndpoints":{"endpointsResourceName":"my-bidder-service","endpointsResourceNamespace":"bidding-ns","clusterApiServerEndpointUri":"https://ABCDEF1234567890.gr7.us-east-1.eks.amazonaws.com","clusterApiServerCaCertificateChain":"LS0tLS1CRUdJTi...base64-encoded-CA-cert...LS0tLS1FTkQ=","clusterName":"my-eks-cluster","roleArn":"arn:aws:iam::123456789012:role/MyEksEndpointDiscoveryRole"}}' \
--gateway-type EXTERNAL \
--endpoint-url https://rtbfabric.us-east-1.amazonaws.com \
--region us-east-1

Key parameters:

--gateway-type EXTERNAL — Required. Creates an external gateway that supports inbound external links.
--managed-endpoint-configuration — Required for external gateways. Specifies the backend that receives traffic. Provide either an autoScalingGroups configuration (with ASG names and a role ARN) or an eksEndpoints configuration (with EKS cluster details).
--protocol — HTTP or HTTPS. Choose based on whether you want TLS termination at the gateway.
--port — The port the gateway listens on (for example, 80 for HTTP or 443 for HTTPS).

Searching for responder gateways

Use the search functionality in the console to locate specific gateways in your environment. The gateways table displays key information including gateway ID, status, name, associated links, and creation date.

To search for responder gateways

Sign in to the AWS Management Console and open the RTB Fabric console at https://console.aws.amazon.com/rtbfabric.
In the navigation pane, choose Responder gateways.
In the Find responder gateways search box, enter your search criteria to locate specific gateways.
The table automatically filters to show matching gateways as you type.
If no gateways exist, the console displays No responder gateways with an option to create your first gateway.

Use the following command to get details for a specific responder gateway using the AWS Command Line Interface (AWS CLI).

Get details for a specific responder gateway


$ aws rtbfabric get-responder-gateway \
--gateway-id "rtb-gw-kasoi29asfdhn" \
--endpoint-url https://rtbfabric.us-east-1.amazonaws.com \
--region us-east-1

Viewing associated links

Each responder gateway can have associated links that connect it to requester gateways. You can view these links and their details through the console.

To view associated links for a responder gateway

On the Responder gateways page, select the radio button next to the responder gateway you want to view.
Choose View details to see comprehensive information about the gateway, including its configuration, status, and associated resources.
Choose the Associated links tab to view existing links and their details.

Use the following command to list all links associated with a specific responder gateway using the AWS Command Line Interface (AWS CLI).

List all links associated with a gateway


$ aws rtbfabric list-links \
--gateway-id "rtb-gw-dsj34i23nsllka" \
--endpoint-url https://rtbfabric.us-east-1.amazonaws.com \
--region us-east-1

List links with pagination


$ aws rtbfabric list-links \
--gateway-id "rtb-gw-dsj34i23nsllka" \
--max-results 10 \
--next-token "token" \
--endpoint-url https://rtbfabric.us-east-1.amazonaws.com \
--region us-east-1

Deleting responder gateways

When you no longer need a responder gateway, you can delete it from your environment. This action is irreversible and will terminate all bidding activities associated with the gateway.

We recommend deleting unused responder gateways to optimize resource usage and costs. AWS may delete unused gateways after 30 days of inactivity to manage infrastructure resources.

Warning

Deleting a responder gateway is permanent and cannot be undone. Check your gateway metrics to verify there is no active traffic before proceeding with deletion.

To delete a responder gateway

On the Responder gateways page, select the radio button next to the responder gateway you want to delete.
Choose Delete from the action buttons at the top of the page.
If the gateway has associated links, a dialog appears with the message "To delete this gateway, you must first delete all of its associated links. You can delete links on the Links table." Follow the provided instructions to delete associated links first, then return to delete the gateway. For more information, see Deleting links.
If the gateway has no associated links, confirm the deletion when prompted.

Use the following command to delete a responder gateway using the AWS Command Line Interface (AWS CLI).

Delete a responder gateway


$ aws rtbfabric delete-responder-gateway \
--gateway-id "rtb-gw-kasoi29asfdhn" \
--endpoint-url https://rtbfabric.us-east-1.amazonaws.com \
--region us-east-1

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Requester gateways

Managed endpoints