By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can a vpc Link be used for a HTTP API (Account A) to trigger a private rest api in account B through a VPC endpoint using Cloud Map

0

I am trying to see what exactly cloud map is for VPC links, and if I can use an HTTP API using VPC link to trigger a private rest api in another account using the VPC endpoint DNS name or using this: https://{rest-api-id}-{vpce-id}.execute-api.{region}.amazonaws.com/{stage}

Topics
Networking & Content DeliveryServerlessFront-End Web & Mobile
Tags
Amazon VPCAmazon API GatewayAWS Cloud Map
Language
English
jpiscani
asked 17 days ago213 views
1 Answer
1

Yes, you can use Cloud Map with VPC Links to trigger a private REST API in another AWS account through a VPC endpoint. Cloud Map provides service discovery for your resources, including private endpoints.

Please follow the below steps:

  1. Create a service in Cloud Map for your private REST API in Account B. This service will register the private endpoint's DNS name.

  2. In Account B, set up a VPC endpoint for API Gateway, which your private REST API is deployed to. This endpoint will enable communication between the HTTP API in Account A and the private REST API in Account B.

  3. Create a VPC Link for your HTTP API in Account A. Configure the VPC Link to point to the VPC endpoint DNS name registered with Cloud Map.

  4. Now, your HTTP API in Account A can use the VPC Link to communicate with the private REST API in Account B. You can use the endpoint URL provided by API Gateway for the private REST API, or dynamically using the format you mentioned (https://{rest-api-id}-{vpce-id}.execute-api.{region}.amazonaws.com/{stage}).

Also, please make sure you have proper IAM permissions set up to allow the HTTP API in Account A to invoke the private REST API in Account B. Also, ensure that the security groups and route tables are properly configured to allow traffic between the VPCs and the VPC endpoints.

AWS
AWS-User-4970074
answered 17 days ago
profile picture
EXPERT
Osvaldo Marte
reviewed 17 days ago
  • Osvaldo Marte EXPERT
    17 days ago

    Also make sure that the AWS account hosting the HTTP API has permissions to access resources in the other AWS account.

  • jpiscani
    14 days ago

    I have three follow up questions:

    1. When you create a VPC link, you need to put the VPC you want to connect to in the VPC link details. I can only see the VPC's in the current account. How do I get the VPC link in account A to point to the VPC endpoint DNS name registered with Cloud Map?

    2. When creating the cloud map service, how do you register the private endpoints DNS name? Do you have to create an instance in the service, or are there other steps needed.

    3. For the cloudmap service, is the DNS name registered with this service associated to the VPC endpoint DNS name or the private rest api DNS name?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content