Amazon announced a new feature with their API Gateway service that will provide customers with private API endpoints inside their Virtual Private Cloud (VPC). These API endpoints are only accessible from within the customer's Amazon VPC using VPC Endpoints.
The API Gateway is a service in AWS that enables developers to create, publish, maintain, monitor, and secure APIs. Furthermore, Amazon manages the service and customers only have to pay for each API call and amount of data transferred out. However, for Private APIs, there is no data transfer out charges. Organisations using API Gateway back their APIs with various technologies like AWS Lambda, Amazon EC2, Elastic Load Balancing (ELB) and variants such as Application Load Balancers (ALB), Amazon DynamoDB, Amazon Kinesis, or any publicly available HTTPS-based endpoint.
Since the initial public release back in mid-July 2015, the API Gateway has evolved to its current version supporting private endpoints. Moreover, the private endpoints are, according to the blog post on the announcement, one of the final missing pieces of the puzzle. Over the years Amazon added the following crucial features:
- The ability for AWS Lambda functions to access resources inside of an Amazon VPC - a feature that enabled developers to build API-based services that do not require a publicly available endpoint.
- Regional API endpoints – publicly available endpoints without any preconfigured CDN before them - it reduces request latency in case API requests originate from the same Region as the customers REST API.
- Endpoint integrations inside a private VPC where customers can use their back end on EC2 to be private inside their VPC without the need for a publicly accessible IP address or load balancer.
With the current API Gateway feature set customers are now able to build public facing APIs with nearly any backend they want. Furthermore, with the addition of a private endpoints feature, customers can securely expose their REST APIs to other services and resources inside their VPC, or those connected via Direct Connect to their own data centers.
The AWS PrivateLink interface VPC Endpoints are the enabler for the API Gateway private endpoints, as they work by creating elastic network interfaces in subnets that users define inside their VPC. Subsequently, these network interfaces provide access to services running in other VPCs or AWS services like the AWS API Gateway. When users define their interface endpoints, they need to specify which service traffic should go through them.
Source: https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-endpoints/
The Amazon API Gateway is currently available in 16 AWS regions around the world, and pricing details are available on the pricing page. Furthermore, in-depth information about the Amazon API Gateway is accessible through its resources page.