This infrastructure construct library implements a private lambda backed REST API on AWS API Gateway using proxy+
.
- Utilizes an internal Micro API project to provide an api via Lambda (with
proxy+
) and API Gateway - Configures the required VPC endpoint attachment automatically
- Configures logging for API requests
- Configures the private gateways policy to restrict access to the VPC endpoint
- Exports the private DNS name to be used in the app
- Provide the VPC endpoint with private DNS enabled. The user utilizing this construct should create a single VPC endpoint with private DNS enabled and share it across all projects utilizing this consturct.
API gateways are a managed service that lives outside of our own VPC. Therefore when creating a private gateway this means that in order to access it additional configurations need to occur. Specifically a VPC endpoint must exist for traffic to route to the API Gateway. In addition the Lambda service itself also lives outside our VPC. This can seem a bit complex given that most of our Micro API projects then return to the VPC to route traffic to the database. To help visualize what this looks like here is a diagram of this traffic flow when routing through the api gateway for Micro APIs:
We used to deploy API gateways as public endpoints. For the sake of comparison here is what the old traffic flow would have looked like: