Amazon Private Amazon API Gateway with a public custom domain

Internal Load Balancer → VPC Endpoint → Amazon API Gateway REST API

Create a Amazon Private API Gateway with a public custom domain.

This pattern creates an Amazon Private API Gateway that is only accessible through VPC endpoints, with public custom domain name resolution for internal only access through an Amazon internal Application Load Balancer.

This architecture is intended for use cases which require private APIs, which are only accessible from on-premises via VPN or Direct Connect, while the DNS can be resolved publicly.

< Back to all patterns

Language:: Python
Framework:: AWS CDK

Download this pattern (.zip)

View this pattern on GitHub

Clone repo

git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/private-apigw-public-custom-domain

Deploy

cdk deploy

Testing

See the GitHub repo for detailed testing instructions.

Cleanup

Delete the stack: cdk destroy.

Additional resources

Private REST APIs in API Gateway

Working with public hosted zones

Create an Application Load Balancer

Created by:

Nils Brandes

Nils is an AWS Solutions Architect with over 7 years of experience helping enterprise-level manufacturing and industrial companies architect and implement large-scale cloud solutions.

Follow on LinkedIn

Bruno Quintas

Bruno Quintas is an AWS Principal Cloud Operations Architect. He's been at AWS for more than 10 years and has held different roles spanning Support Engineering, Technical Account management and Solutions Architecture

Follow on LinkedIn