Is there a way to set up api gateway endpoint for lambda functions to be only accessible internally ? I don't want it to be expose to the public.
2
-
Possible duplicate of Limit access to lambda or api gateway to a specific vpcEle– Ele2018-01-15 17:25:50 +00:00Commented Jan 15, 2018 at 17:25
-
For those looking for accessing over VPN. Check this solution how-to-access-private-api-gateway-over-on-prem-vpnSivaram Kumar– Sivaram Kumar2020-05-02 16:30:05 +00:00Commented May 2, 2020 at 16:30
Add a comment
|
3 Answers
API Gateway has released a new Private Endpoint feature, which makes this possible.
The API Gateway Private Endpoint will only be accessible from VPC and it requires setting up an Interface VPC Endpoints which will be used to access the endpoint. Also, it will be required to setup a Resource Policy to grant access to the API from your VPCs and VPC endpoints.
In order to access the API endpoint from your on premises network, you can either establish a AWS Direct Connect connection or AWS VPN Connection from your on premise to the Amazon VPC.
1 Comment
DarkArtistry
If i set a private end point that is access through the vpc endpoint ... when the lambda is invoked, can it actually make http calls the the internet and receive a response ?
Unfortunately, no. At the moment API Gateway Invoke URLs are public. Making them private is not possible.
You can secure your API Gateway Rest API using either IAM roles or custom authorizers.
Comments
Yes, now you can configure AWS API Gateway with private link. follow the link, but you can only access the endpoint from VPC and if you want to access that end point from your data center you will need Direct Connect.
