Private ApiGateway (AWS)
08 Apr, 2023Cloud formation template to create a private ApiGatway. VPC endpoint for execute-api has to be configured and provided in the template
Parameters:
VPCId:
Type: String
Default: vpc-2785cc5d
VPCEndpointId:
Type: String
Default: vpce-02830f8c52b7473f2
Resources:
RestApi:
Type: AWS::ApiGateway::RestApi
Properties:
EndpointConfiguration:
Types:
- PRIVATE
VpcEndpointIds:
- !Ref VPCEndpointId
Name: testApi
Policy: !Sub |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "execute-api:/*",
"Condition": {
"StringNotEquals": {
"aws:sourceVpc": "${VPCId}"
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "execute-api:/*"
}
]
}
MockMethod:
Type: AWS::ApiGateway::Method
Properties:
RestApiId: !Ref RestApi
ResourceId: !GetAtt RestApi.RootResourceId
HttpMethod: GET
AuthorizationType: NONE
Integration:
Type: MOCK
IntegrationResponses:
- StatusCode: 200
RequestTemplates:
application/json: '{"statusCode": 200}'
MethodResponses:
- StatusCode: 200
ResponseModels:
application/json: Empty
Deployment:
Type: AWS::ApiGateway::Deployment
DependsOn: MockMethod
Properties:
RestApiId: !Ref RestApi
Description: VPC endpoint test
StageName: test
