My architecture is the following:
- Web app that a user can connect via the internet and that connects to an API that retrieves the data for the application;
- API that receives the request from the web app, retrieves the data from the database and sends it back to the web app.
I'm running both of them in AWS app runner but with all the configurations set to public, but this is not ideal since my API should be kept from the internet and accessed only by the web app.
What I tried to do is set the API with a VPC connector in the outgoing network and a VPC endpoint as incoming:
It, indeed, is not accessible via the internet, but it works from inside the VPC (I'm able to connect to it using my VPN).
For the web app, I set the incoming as public (so I can access it via the internet) and the outgoing as a VPC connector (the same as the API one):
But this doesn't work. I can connect to the web app, but it cannot connect to the API. What's more confusing to me is that when I set the incoming for the web app to be a VPC endpoint, I could access it from inside the VPC using the VPN, and it could connect to the API without problems.
Does anyone know what I'm doing wrong?
