0

I've read from https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.html

You can use an endpoint policy to restrict the traffic going from your internal network to access your private APIs.

What exactly would this policy look like?

I want to only allow traffic to the endpoint from Direct Connect only.

Judy007
  • 5,484
  • 4
  • 46
  • 68
  • Similar to an resource policy that set on API Gateway. Check out the examples in the same doc. Probably add some details in your question on what kind of restriction would you like to perform like IAM user, or access to a specific API etc. – Suraj Bhatia Jun 26 '20 at 23:44
  • I want to allow on prem only via dx – Judy007 Jun 27 '20 at 02:41
  • Instead of using policies on VPC endpoint to restrict traffic from on-prem, you could use security groups on the VPC endpoint to whitelist the on-prem IP range from where requests are made. On API Gateway, whitelist the VPC endpoint in the resource policy then. – Suraj Bhatia Jun 28 '20 at 09:18
  • How can I whitelist the VPC Endpoint security group for just the Direct Connect traffic? If you could help me determine how exactly to whitelist a single DX connection in security group, Ill gladly accept as answer. – Judy007 Jun 28 '20 at 17:33
  • Or whitelist in the VPC Endpoint policy. Either way, I just want a single entry for the direct connect traffic. – Judy007 Jun 28 '20 at 17:44

0 Answers0