I'm trying to create a private API using AWS API Gateway. In my understanding, I have 2 options to implement private API Gateway, 1) restrict sources with API Gateway resource policy and 2) restrict sources within a VPC with VPC Endpoint.
My question is: For option 1, can I set the condition in resource policy to allow traffics only from a specific VPC and achieve the same result as option 2?
# API Gateway resource policy
{
...
"Condition": {
"StringEquals: {
"aws:sourceVpc": "vpc-123abc"
}
}
}
If yes, what's the different between them? What are the advantages to adopt VPC Endpoint to implement private API Gateway?
Here are the ways you can use to access private API gateways: How to invoke a private API
The condition that works with VPC endpoints in your case is aws:SourceVpce , with here the ID of execute-api endpoint that you deployed in your aws account. Here you can find list of AWS global condition context keys: AWS global condition context keys .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.