Home > Software design >  AWS API Gateway with resource policy V.S. with VPC Endpoint
AWS API Gateway with resource policy V.S. with VPC Endpoint

Time:01-12

I'm trying to create a private API using AWS API Gateway. In my understanding, I have 2 options to implement private API Gateway, 1) restrict sources with API Gateway resource policy and 2) restrict sources within a VPC with VPC Endpoint.

My question is: For option 1, can I set the condition in resource policy to allow traffics only from a specific VPC and achieve the same result as option 2?

# API Gateway resource policy
{
  ...

  "Condition": {
    "StringEquals: {
      "aws:sourceVpc": "vpc-123abc"
    }
  }
}

If yes, what's the different between them? What are the advantages to adopt VPC Endpoint to implement private API Gateway?

CodePudding user response:

Here are the ways you can use to access private API gateways: How to invoke a private API

The condition that works with VPC endpoints in your case is aws:SourceVpce, with here the ID of execute-api endpoint that you deployed in your aws account. Here you can find list of AWS global condition context keys: AWS global condition context keys.

Page link:https//www.codepudding.com/Softwaredesign/260270.html

Prev:CREATE_FAILED | AWS::S3::Bucket, the invisible bucket is exist?
Next:Cloud Formation Template errors
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding