# Networking

![api architecture diagram](https://user-images.githubusercontent.com/808475/103417256-dd6e9700-4b3e-11eb-901e-90425f1f8fd4.png)

All APIs share a single API load balancer. By default, the API load balancer is public. You can configure your API load balancer to be private by setting `api_load_balancer_scheme: internal` in your cluster configuration file (before creating your cluster). This will make your API only accessible through [VPC Peering](https://docs.cortexlabs.com/0.29/clusters/cortex-cloud-on-aws/index/vpc-peering).

The SSL certificate on the API load balancer is autogenerated during installation using `localhost` as the Common Name (CN). Therefore, clients will need to skip certificate verification when making HTTPS requests to your APIs (e.g. `curl -k https://***`), or make HTTP requests instead (e.g. `curl http://***`). Alternatively, you can enable HTTPS by using a [custom domain](https://docs.cortexlabs.com/0.29/clusters/cortex-cloud-on-aws/index/custom-domain) or by [creating an API Gateway](https://docs.cortexlabs.com/0.29/clusters/cortex-cloud-on-aws/index/https) to forward requests to your API load balancer.

There is a separate load balancer for the Cortex operator. By default, the operator load balancer is public. You can configure your operator load balancer to be private by setting `operator_load_balancer_scheme: internal` in your cluster configuration file (before creating your cluster). You can use [VPC Peering](https://docs.cortexlabs.com/0.29/clusters/cortex-cloud-on-aws/index/vpc-peering) to enable your Cortex CLI to connect to your cluster operator from another VPC.