Amazon API Gateway private API to AWS Lambda

API Gateway (private) → AWS Lambda

Create an private API Gateway integrated with Lambda

This pattern deploys an Amazon API Gateway private API with a Lambda integration.

The AWS Lambda function is written in Python3.9. The function returns a small message and a status code to the caller.

The private API can only be invoked from the VPC endpoint defined in its resource policy

< Back to all patterns

Language:: Python
Framework:: AWS SAM

Download this pattern (.zip)

View this pattern on GitHub

Clone repo

git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/apigw-private-lambda

Deploy

sam deploy

Testing

To create the private API you need to already have in your environment : a VPC with an internet gateway, a public subnet with a NAT and an EC2 instance, a Security Group that allows port 443 from anywhere, a VPC Endpoint for execute-api associated with the private subnet, the security group and with Private DNS names ENABLED

To be able to invoke a private API you need to : Log into an instance that is in the same VPC and subnet as your VPC Endpoint and in the same security group or which security group is allowed to make requests to the Enpoint's security group

On the instance, open a terminal and execute the curl command with the API URL

Cleanup

Delete the stack: sam delete.

Additional resources

How to invoke a private API

Create an interface VPC endpoint for API Gateway execute-api

Created by:

Alice Goumain

Cloud Support Engineer in Serverless @ AWS

Follow on LinkedIn