AWS API Gateway access private API Gateway in another account

0
votes

Is it possible to have a (public) AWS API Gateway in account A access a private API Gateway sitting in account B?

If so, how is this configured?

This article describes the setup, but uses a VPC within account A with an NLB and VPC peering.

Are there any other alternatives?

1
amazon-web-servicesaws-api-gateway
What is your definition of private? Do you mean private API Gateway that resides in a VPC?Chris Williams
Do you have VPC peering set up between account A and B? Else, does API GW in account B allow access to a VPC in account A in its resource policy?Paradigm
Yes that's correct, if you image an architecture of many backend microservices (perhaps one per account or some shared in a single account) and one public API Gateway in a central account that exposes a subset of those APIs, for centralised api key/usage plan management.isshesure
I've linked an article that describes a VPC peering approach, I wondered if there are any alternatives that may scale better? i.e. as the number of backend service accounts grow.isshesure

1 Answers

1
votes

Apart from the VPC peering approach, you can implement your use case using Lambda functions (placed in a VPC in account A) and the private API in account B allowing the VPC in account A access in its resource policy. Also note, the two VPCs should be in the same region for this setup.

How it would look:

  • Public API in account A has integration set up with a Lambda function in the same account

  • Lambda function is placed inside a VPC (let's call this VPC A)

  • Private API in account B allows VPC A access in its resource policy

  • Lambda function in account A should now be able to invoke the private API and return the required data