Setting up API Gateway with Private Link Enabled (to access Serverless Lambda inside VPC)

As described in the topic name, does anyone know how I can enable (via yaml) an AWS Private Linked API Gateway for a server less Lambda?

1 Like

Did you find a solution ?

[UPDATE]
I found the following method :

  1. create manually the VPC, private subnet;
  2. create manually a VPC endpoint (his security group must allow incoming HTTPS trafic);
  3. create manually the security group for the private subnet (that must allow incoming HTTPS trafic from the created VPC endpoint);
  4. add the following configuration to your serverless.yml of your private microservice :
vpc:
  securityGroupIds:
    - sg-0e2fbbf293xxxxxxx
  subnetIds:
    - subnet-0c1f109b92xxxxxxx
endpointType: private
resourcePolicy:
  - Effect: Allow
    Principal: '*'
    Action: execute-api:Invoke
    Resource: '*'
    Condition:
      StringEquals:
        'aws:sourceVpce': vpce-0c3f05af1e8xxxxxx
  1. sls deploy :slight_smile:

Hope it can help.