- Mais recentes
- Mais votos
- Mais comentários
Private API Gateway endpoints cannot be invoked using IP addresses.
As mentioned in this blog post - https://aws.amazon.com/blogs/compute/integrating-amazon-api-gateway-private-endpoints-with-on-premises-networks/
Note: Call the DNS endpoint of the API Gateway for the HTTPS certificate to work. You cannot call the IP address of the endpoint directly.
For Public API Gateway endpoints, it is possible to get static IP addresses by using AWS Global Accelerator, as explained in this blog post - https://aws.amazon.com/blogs/networking-and-content-delivery/accessing-an-aws-api-gateway-via-static-ip-addresses-provided-by-aws-global-accelerator/
Private APIs are accessed via VPC Endpoints (powered by PrivateLink). We create ENIs in the relevant subnets and their IP will not change, unless you delete the endpoint and recreate it.
That being said, Your client will not be able to invoke the API using IPs, unless they ignore the TLS certificate that is sent from API Gateway.
Why do you need static IPs for your APIs?
Conteúdo relevante
- AWS OFICIALAtualizada há 3 anos
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há um ano
Hi Uri, because our security team want to whitelist the IP from API Gateway and doesn't want to whitelist whole subnet. Thanks for your explanation
So you are trying to access the API from your on-prem?
Yes, we access API from on-perm via direct connect / VPN