Only allow Lambda functions to call API Gateway

1
votes

I have serverless project currently running on api-gateway pointing to 2 aws lambda functions. Each lambda function can handle their route too. For example

/service/1/public/{proxy+} point to lambda function 1
/service/2/public/{proxy+} point to lambda function 2

Now the problem is I want to add apis like this

/service/1/internal/{proxy+} point to lambda function 1

Those internal apis should only called by code inside lambda function 1 or 2 (via httpclient). Can I setup a private path like this?

1
amazon-web-servicesaws-lambdaaws-api-gatewayaws-serverless

1 Answers

1
votes

Yes, private endpoints for api gateway was released on June 2018. Here is the summary of steps you need to perform:

Setting up a private endpoint

Getting up and running with your private API Gateway endpoint requires just a few things:

  • A virtual private cloud (VPC) configured with at least one subnet and DNS resolution enabled.
  • A VPC endpoint with the following configuration:
    • Service name = “com.amazonaws.{region}.execute-api”
    • Enable Private DNS Name = enabled
    • A security group set to allow TCP Port 443 inbound from either an IP range in your VPC or another security group in your VPC
  • An API Gateway managed API with the following configuration:
    • Endpoint Type = “Private”
    • An API Gateway resource policy that allows access to your API from the VPC endpoint

For more details see: https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-endpoints/