Posted On: Jun 14, 2018

You can now create Private APIs in Amazon API Gateway. Private APIs can only be accessed from within your Amazon Virtual Private Cloud (VPC) using VPC Endpoints. 

Using Private APIs, you can choose to restrict API traffic to stay within your Amazon VPC which can be isolated from the public internet. Private APIs also enable you to securely expose REST APIs to resources only within your VPC or to those connected to your data centers via AWS Direct Connect. You can also restrict access to selected Amazon VPCs and VPC Endpoints as well as enable cross account access using Resource Policies. Visit our documentation to learn more about Private APIs in Amazon API Gateway.

To get started, create a VPC Endpoint for Amazon API Gateway within your Amazon VPCs. You can then create Private APIs using the AWS Management Console, AWS CLI, or SDKs. If you have existing Edge Optimized or Regional APIs in API Gateway, you can convert them to Private APIs.

There are no data transfer out charges for Private APIs. VPC Endpoint (AWS PrivateLink) charges apply when using Private APIs in Amazon API Gateway. Private APIs for API Gateway are available in US East (N. Virginia), US East (Ohio), US West (Oregon),US West (N. California), EU (London), EU (Ireland), EU (Frankfurt), EU (Paris), Canada (Central), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (São Paulo) regions. For more information about Amazon API Gateway, visit our product page.

To learn more about creating Private APIs, read our Compute Blog.