AWS API Gateway Rest API Endpoint types must be set to private, not exposed to the public internet

Tenacity Id

Risk Level

Categories

rest-api-001

Last Updated:

April 21, 2022

API Gateway private endpoints are made possible via AWS PrivateLink interface VPC endpoints. Interface endpoints work by creating elastic network interfaces in subnets that you define inside your VPC. Those network interfaces then provide access to services running in other VPCs, or to AWS services such as API Gateway. When configuring your interface endpoints, you specify which service traffic should go through them.\n\nAPI Gateway as a fully managed service runs its infrastructure in its own VPCs. When you interface with API Gateway publicly accessible endpoints, it is done through public networks. When they are configured as private, the public networks are not made available to route your API. Instead, your API can only be accessed using the interface endpoints that you have configured.