Amazon has launched private endpoints for its Amazon API Gateway. Amazon indicates that private endpoints for the API Gateway have been a frequent request from developers. While Amazon has evolved the API Gateway over the years, to the extent that developers can now build publicly available APIs with nearly any backend available, private endpoints have remained a missing piece.
"Today’s launch solves one of the missing pieces of the puzzle, which is the ability to have private API endpoints inside your own VPC," AWS Senior Developer Advocate, Chris Munns, commented in a blog post announcement. "With this new feature, you can still use API Gateway features, while securely exposing REST APIs only to the other services and resources inside your VPC, or those connected via Direct Connect to your own data centers."
Private endpoints are made available via AWS PrivateLink. Within AWS PrivateLink, interface endpoints create elastic network interfaces within subnets that the developer defines inside the designated VPC. The network interfaces then gain access to services running in other AWS services or other VPCs. All traffic is directed to the interface endpoint, instead of a default public route (e.g. public IP address, NAT gateway, etc.).
Until now, API Gateway could only be interfaced through publicly accessible endpoints. Now, with private endpoints, an API is only accessible using the private interface endpoints that a developer configures for the services. Developers gain full control over how their APIs are accessed.
Basic requirements include a virtual private cloud (VPC) with at least one subnet available, a configured VPC endpoint, and a Gateway API managed API. To learn more, check out the API Gateway site.