Creating AWS API Gateway with PRIVATE endpointType requires ResourcePolicy

I am trying to deploy an API Gateway for a serverless function with a private endpoint type. When I try to deploy the API I get the following message:

An error occurred: ApiGatewayDeployment… - Private REST API doesn’t have a resource policy attached to it (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: …).

I am using the documentation found in the serverless docs. It doesn’t mention anything about having to create a resource policy. The VPC endpoint itself has a very permissive policy.

Should the example below work? Do I need a resource policy as well or should the framework add it for me as it generates the CF stack?

VPC endpoint policy:

"Statement": [
        "Action": "*",
        "Effect": "Allow",
        "Resource": "*",
        "Principal": "*"

Serverless.yml file:

    name: helloworld-api

    name: aws
    runtime: nodejs12.x
    region: ap-southeast-2
    stage: ${opt:stage, 'dev'}
    endpointType: PRIVATE
      - ${env:VPC_ENDPOINT_ID}  
        - ${env:SUBNET_ID_1}
        - ${env:SUBNET_ID_2}
1 Like

Hello gomesp, did you find a solution?