API Gateway - Outbound static IP

Question

Hi,

I've configured a public REST API Gateway to serve as a reverse proxy for a couple of our internal services, the primary purpose of this is for https. Browsers seem to not like mixed http/https traffic.

I now have the need to be able to access a vendors internal system, while giving my users access to some of the data I'd be pulling from them. However, they don't want to expose their service publicly. So I'm hoping that there is a way to assign a static IP to the API gateway when it makes outbound calls and to the vendors system.

I know I can put a Lambda behind the API gateway and put that into a VPC with NAT and what not, but we don't need the traffic to be routed this way.

Any ideas how to make the API Gateway have an outbound static IP that I can then give to my vendor?

Accepted Answer

You cannot configure API Gateway with a static IP address. Instead, the method you describe (Lambda, VPC, NAT Gateway) is the way to achieve this.

Answer

Instead of using a static IP for API Gateway when it is calling the backend, you may want to consider using this - https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html

As mentioned in this document - "You can use API Gateway to generate an SSL certificate and then use its public key in the backend to verify that HTTP requests to your backend system are from API Gateway. This allows your HTTP backend to control and accept only requests that originate from Amazon API Gateway, even if the backend is publicly accessible."

API Gateway - Outbound static IP

Relevant content