1

I'm trying to make private AWS lambda call made through API gateway and I don't find the right answer on the internet, probably because I'm a beginner in AWS website management.

The closest source I found was this amazon documentation: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-api-test-invoke-url.html

I'm using the serverless framework and here is an example of a function setup

provider:
  name: aws
  runtime: nodejs8.10
  memorySize: 128
  environment:
    MONGODB_URL: ....
    MONGODB_USER: ....
    MONGODB_PWD:....
  vpc:
    securityGroupIds:
      - ....
    subnetIds:
      - ....
      - ....

functions:
  addGameTemplate:
    handler: game.create
    events:
      - http:
          method: put
          path: games
          cors: true
          private: true

The url is also hosted on route53.

Any guidance will be appreciated!

Jean-Baptiste
  • 123
  • 4

1 Answers1

0

If I understand your problem right you want to call a private API Gateway in your VPC from Lambda, correct?

To do that you'll need to execute the lambda in the VPC, otherwise it won't have access to the private VPC resources.

Check this out: Configuring a Lambda Function to Access Resources in an Amazon VPC. Most notably you'll have to give it the VPC ID and a list of subnets where it should execute.

As clarified in the comments what you're actually looking for is restricting access to your API Gateway and only permit access from your VPC. To do that create / update your API Gateway Security Group to only permit access from your VPC address range (or from wherever you want to restrict the access to).

Hope that helps :)

MLu
  • 24,849
  • 5
  • 59
  • 86
  • I think it's not exactly the case. I want to be call my api gateway lambda functions only from the domain that is using the APIS. As of now, I set the lambdas as private and, as to be expected, the result is that I have a 403 forbidden error when calling them. @Mlu – Jean-Baptiste Apr 02 '19 at 12:38
  • @Jean-Baptiste So do you actually want to make the API Gateway private? Nothing to do with Lambdas but with the API Gateway in fact? Perhaps you can create the API GW in your private subnets or set up its Security Group accordingly to restrict access from outside? Is that what you need? – MLu Apr 02 '19 at 21:36
  • I have to add a security group I guess, I was mistaken by the private keyword and felt it would be useful to reach my goal. – Jean-Baptiste Apr 02 '19 at 21:59
  • @Jean-Baptiste updated the answer. If it's accurate now please accept it. Cheers – MLu Apr 02 '19 at 23:27
  • I'll try that fix! – Jean-Baptiste Apr 03 '19 at 19:56