1

I have a VPC with multiple private API Gateways. This is so services within the VPC can call other private APIs without leaving VPC.

I have a Public API Gateway that I want my clients to engage with, but I want this Public API Gateway to have it's requests handled by the appropriate private API Gateway.

It doesn't appear that it is trivial to achieve the design I have imagined. Am I missing something? Are there alternate patterns that I should investigate?

I have tried to implement the above design, however the network load balancer requires a target group. It doesn't seem possible to register a target that is a private API Gateway. I have tried to register the VPC Endpoint IPs for the private API gateway, but health checks fail and traffic isn't routed appropriately.

I have also considered using App Mesh to handle this kind of routing, but I do not necessarily want to ship an Envoy proxy layer with each of my lambdas.

Matthew Blair
  • 21
  • 4
  • I'm working on the exact same issue. Seems trivial, but there is zero info out there about this. Have you managed to make it work? – Juan Carlos Feb 22 '23 at 19:36
  • 2
    I was not able to make the original design work. I have a single Public API Gateway, that various disparate systems bolt resources & integrations onto, for the functionalities their system wants to publicly expose. Then I have a private API Gateway in the vpc for internal calls that again, disparate systems bolt onto. – Matthew Blair May 11 '23 at 22:35

0 Answers0