By using AWS re:Post, you agree to the Terms of Use
/Private API Gateway static IP/

Private API Gateway static IP

0

Hi there,

May I know if the private API Gateway has static ip or dynamic ip?

2 Answers
2

Private API Gateway endpoints cannot be invoked using IP addresses.

As mentioned in this blog post - https://aws.amazon.com/blogs/compute/integrating-amazon-api-gateway-private-endpoints-with-on-premises-networks/

Note: Call the DNS endpoint of the API Gateway for the HTTPS certificate to work. You cannot call the IP address of the endpoint directly.

For Public API Gateway endpoints, it is possible to get static IP addresses by using AWS Global Accelerator, as explained in this blog post - https://aws.amazon.com/blogs/networking-and-content-delivery/accessing-an-aws-api-gateway-via-static-ip-addresses-provided-by-aws-global-accelerator/

answered a month ago
1

Private APIs are accessed via VPC Endpoints (powered by PrivateLink). We create ENIs in the relevant subnets and their IP will not change, unless you delete the endpoint and recreate it.

That being said, Your client will not be able to invoke the API using IPs, unless they ignore the TLS certificate that is sent from API Gateway.

Why do you need static IPs for your APIs?

EXPERT
answered a month ago
  • Hi Uri, because our security team want to whitelist the IP from API Gateway and doesn't want to whitelist whole subnet. Thanks for your explanation

  • So you are trying to access the API from your on-prem?

  • Yes, we access API from on-perm via direct connect / VPN

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions