Private API Gateway static IP
Hi there,
May I know if the private API Gateway has static ip or dynamic ip?
Private API Gateway endpoints cannot be invoked using IP addresses.
As mentioned in this blog post - https://aws.amazon.com/blogs/compute/integrating-amazon-api-gateway-private-endpoints-with-on-premises-networks/
Note: Call the DNS endpoint of the API Gateway for the HTTPS certificate to work. You cannot call the IP address of the endpoint directly.
For Public API Gateway endpoints, it is possible to get static IP addresses by using AWS Global Accelerator, as explained in this blog post - https://aws.amazon.com/blogs/networking-and-content-delivery/accessing-an-aws-api-gateway-via-static-ip-addresses-provided-by-aws-global-accelerator/
Private APIs are accessed via VPC Endpoints (powered by PrivateLink). We create ENIs in the relevant subnets and their IP will not change, unless you delete the endpoint and recreate it.
That being said, Your client will not be able to invoke the API using IPs, unless they ignore the TLS certificate that is sent from API Gateway.
Why do you need static IPs for your APIs?
So you are trying to access the API from your on-prem?
Yes, we access API from on-perm via direct connect / VPN
Relevant questions
Static IP for lambda
Accepted Answerasked a year agoconvert Dynamic IP address to Static IP
asked 2 years agoLambda static outbound IP address without NAT gateway
asked 2 years ago{"message":"forbidden"} when accessing private API Gateway
asked 2 years agoPublic Endpoint IP addresses static or dynamic?
asked 6 months agoCalling Private API from Lambda in VPC
Accepted Answerasked 2 years agoStatic IP for all outbound calls from Lambda
Accepted Answerasked 4 months agoPrivate API Gateway static IP
asked a month agoPrivate Route 53 to API Gateway
Accepted Answerasked 7 months agoPrivate API Gateway URL is not accessible
asked 3 years ago
Hi Uri, because our security team want to whitelist the IP from API Gateway and doesn't want to whitelist whole subnet. Thanks for your explanation