amazon-web-servicesaws-api-gatewayamazon-vpcaws-http-apiaws-rest-api

Is it possible to make an AWS HTTP API gateway private?


Using AWS Direct Connect, we've built a network between our on-premise and our AWS VPC. We've developed a web application that users will access from within the on-prem network. We're using the HTTP API Gateway, which uses a VPC Link to connect to the private ALB. We've used a Custom Domain Name with the HTTP API Gateway and disabled the default endpoint. The domain name is registered in a private hosted zone on Route 53.

We want to keep all the traffic between the clients and the API Gateway within our private network. However, we can see that the requests going to the HTTP API Gateway leave our network because the custom domain name for the API Gateway resolves to a public IP address.

Is there a way to assign a private IP address to the HTTP API Gateway? Or any other way to keep the traffic within our network?

One option is to switch to the REST API Gateway and make its endpoint type Private. However, the HTTP API Gateway suits our needs much better with its simplicity. It also has the option for connectivity to an ALB using VPC Link, which the REST Gateway lacks.


Solution

  • Sadly no, the HTTP APIs do not support Private APIs. Whatever solution you will use, HTTP API endpoint must be public.

    You have to use REST API, or create your own fully custom solution if REST API is out of question.