Use lambda (account A) to invoke vpc endpoint (account a) to call the private api (account b)


I have a lambda and a vpc endpoint in account a. I have configured the Lambda to be in the same vpc and subnets/security group as the VPC Endpoint. In account b, I have a private api, which I am trying to call from the lambda in account a.

In the code for my lambda, I am a bit confused when trying to invoke this. This is code from my lambda_handler function:

 headers = {
        'Host': f"{api_id}.execute-api.{region}",
        'x-apigw-api-id': api_id,
        'Content-Type': 'application/json'  # Set content type to JSON

    # Extract the payload from the event
    payload = json.loads(event.get('body', '{}'))

    http = urllib3.PoolManager()
        # Make a POST request to the private API in Account B
        encoded_data = json.dumps(payload).encode('utf-8')
        response = http.request(
        # Check if the request was successful
        if response.status == 200:
            return {
                'statusCode': 200,
                'body': json.dumps({
                    'message': 'Request to private API was successful',
                    'data': json.loads('utf-8'))
            return {
                'statusCode': response.status,
                'body': json.dumps({
                    'message': 'Failed to invoke private API',
    except Exception as e:
        return {
            'statusCode': 500,
            'body': json.dumps({
                'message': 'Error invoking private API',
                'error': str(e)

vpce_url is my vpc endpoint dns name in account a api_url is the invoke url for my private api in account b

I am unsure which I should be using to call the http.request with urllib3. I am also unsure if I am redirecting the vpce correctly to the private api by using the request headers, specifically Host and x-apigw-api-id.

1 Answer


I think by correctly setting the Host or x-apigw-api-id header and using the vpce_url in the http.request call, your Lambda function should be able to invoke the private API Gateway in Account B through the VPC Endpoint in Account A.

Enter image description here


profile picture
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions