- Newest
- Most votes
- Most comments
API Gateway doesn't care where the requests are coming from (except for private APIs). This means that they can be from the same region, from other regions, or from clients all over the world. All it cares is that the client presents the right credentials.
API Gateway supports several authorization methods: IAM, Cognito and custom. In your case, because the API clients are actually services running in AWS, I would recommend using IAM authorization. You will need to establish an API Gateway resource policy that allows the other accounts to call the API. You will also need to create IAM roles in the other accounts that allow access to the API.
You can find more information here.
To add to that, when you make requests from your Account B in Region B, or Account C in Region C using the IAM authorization, you'll need to sign the request using AWS SigV4 (see https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
For some additional info, please have a look at this post which covers a number of scenarios for building a global application or API .. https://repost.aws/questions/QUSs8ODCyJSRWR7mawaUIl4g/multi-region-strategy-for-api-gateway
Relevant content
- asked 3 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
forgot to attention, region A is CN region, and region B and region C based in US-east, is it accessible in api gateway?