- Newest
- Most votes
- Most comments
In your question you have mentioned you "want to exchange presigned URLs to securely retrieve and upload client files, as well as to exchange API call responses." Breaking down your requirements in 2 parts here:
- Allow Salesforce to make API calls to your service hosted on a Lambda function hosted behind a API-Gateway in your VPC.
- Allow you to upload & donwload files to Salesforce VPC.
A key factor to remember when using PrivateLink, it operates on Service Provider and Consumer model. This means if you configure your side as service provider by creating VPC endpoint service for your API gateway. You can share this service with Salesforce and they can send request to this service by creating VPC Interface Endpoint for this service in their VPC.
This blog explains using VPC links in Amazon API Gateway. Once deployed Salesforce can make API calls to your service securely to your service and you can send a response, but you can use this infra to send requests to any APIs that you may want consume in Salesforce's VPC. To do this Salesforce must create a VPC endpoint Service and share it with you and you will create interface endpoint for the service. You can use Endpoint Policies to control access to the service.
You might also consider using VPC Lattice, it can also provide this connectivity. This blog discusses building private serverless APIs and working with VPC Lattice.
For upload & download of files you might work with PrivateLink or will have to consider alternate approach, it is hard to make a recommendation with the information I have here from the question. I will suggest to raise this with your AWS account representative or open a support case if you would need further guidence.
Hello.
I think your way is the most common way to use PrivateLink.
PrivateLink is useful for use cases where services in a VPC are exposed to the VPC of another AWS account.
PrivateLink can be used to allow secure access only to specific services from within a VPC.
https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html
Relevant content
- Accepted Answerasked 7 months ago
- asked 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago