I deployed API (AWS::Serverless::Function) on AWS using SAM.
I am able to change API Endpoint Type to Private in API setting.
But I want to find a way to do it programatically.
I found that I need to add "AWS::EC2::VPCEndpoint" and "AWS::Serverless::Api".
This way I can reference AWS::Serverless::Api inside AWS::Serverless::Function RestApiId:
!Ref ServerlessApi
AWS::Serverless::Api has EndpointType in its properties:
Properties:
StageName: !Ref "Environment"
EndpointConfiguration:
Type: "PRIVATE"
VPCEndpointIds:
- !Ref APIGatewayVpcEndpoint
But when I deploy API, it is not being modified, the EndpointType is not changed to PRIVATE.
I don't where I am making a mistake and why it is not being referenced properly. I wish I at least received some kind of error.
I would appreciate anyone's help, thank you.
Resources:
HealthFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: healthcheck
Handler: healthcheck
Runtime: go1.x
EndpointConfiguration:
Types:
- PRIVATE
Architectures:
- x86_64
Events:
CatchAll:
Type: Api
Properties:
Path: /healthcheck
Method: GET
RestApiId: !Ref ServerlessApi
Environment:
Variables:
DEFAULT_NAME: Ok
#VPC_ENDPOINT
APIGatewayVpcEndpoint:
Type: "AWS::EC2::VPCEndpoint"
Properties:
SubnetIds:
- !Ref tgwSubnetA
- !Ref tgwSubnetB
- !Ref tgwSubnetC
SecurityGroupIds:
- !Ref osSecurityGroup
ServiceName: !Sub com.amazonaws.${AWS::Region}.execute-api
VpcId: !Ref vpc
VpcEndpointType: "Interface"
PrivateDnsEnabled: false
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal: "*"
Action:
- "execute-api:Invoke"
Resource:
- !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:*******/*"
# Api gateway
ServerlessApi:
Type: "AWS::Serverless::Api"
Properties:
StageName: !Ref "Environment"
EndpointConfiguration:
Type: "PRIVATE"
VPCEndpointIds:
- !Ref APIGatewayVpcEndpoint
