- Newest
- Most votes
- Most comments
You are correct. HTTP tasks do not support private endpoints. To call thise endpoints, you will need to use a Lambda function that you attache to the VPC and let it make the call.
API Gateway with private integration wouldn't work as the Step function will not be able to resolve the DNS.
You could block external access to the API with a policy or IAM authentication. It works and it should have a lower latency, but a Lambda function is easier. And if you use Step Functions, probably latency is not a concern
There is now an easier way to accomplish this. We launched, "Amazon EventBridge and AWS Step Functions announce integration with private APIs" on Dec 1st. This will meet your needs. Jeff Barr covers it in his blog and we just did an AWS OnAir show, including a re:Post Live segment where we cover this question and use case. Check it out!
Relevant content
- asked 8 months ago
- asked 10 months ago
- asked a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
API Gateway with private integration wouldn't work as the Step function will not be able to resolve the DNS.
Actually, this is another option. API Gateway has private or public endpoints, and also, public or private integrations (using VPC link). In this case the recommendation is to use an API Gateway with a Public endpoint, which can be accessed from EventBridge, and a private integration, using VPC Link, to the internal API.
Creating a public endpoint would no longer mean it is a private and defeats the whole purpose. I implemented this with lambda function attached to the VPC and invoking the private API from that.