AWS API Gateway VPC Link
This page shows how to write Terraform and CloudFormation for API Gateway VPC Link and write them securely.
aws_api_gateway_vpc_link (Terraform)
The VPC Link in API Gateway can be configured in Terraform with the resource name aws_api_gateway_vpc_link
. The following sections describe 3 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_api_gateway_vpc_link" "vpc_link" {
count = local.create_api_link
name = local.vpc_link_name
target_arns = [var.vpc_link_target_arn]
resource "aws_api_gateway_vpc_link" "default" {
name = var.vpc_link_name
description = var.vpc_link_description
target_arns = var.target_arns
resource "aws_api_gateway_vpc_link" "this" {
name = var.name
target_arns = [aws_lb.this.arn]
tags = var.tags
}
Parameters
-
arn
optional computed - string -
description
optional - string -
id
optional computed - string -
name
required - string -
tags
optional - map from string to string -
target_arns
required - list of string
Explanation in Terraform Registry
Provides an API Gateway VPC Link. -> Note: Amazon API Gateway Version 1 VPC Links enable private integrations that connect REST APIs to private resources in a VPC. To enable private integration for HTTP APIs, use the Amazon API Gateway Version 2 VPC Link resource.
Tips: Best Practices for The Other AWS API Gateway Resources
In addition to the aws_api_gateway_method_settings, AWS API Gateway has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_api_gateway_method_settings
Ensure that API Gateway stage-level cache is encrypted
It is better to enable the stage-level cache encryption which reduces the risk of data leakage.
aws_api_gateway_domain_name
Ensure to use modern TLS protocols
It is better to adopt TLS v1.2+.
aws_api_gateway_stage
Ensure to enable access logging of your API Gateway stage (v1)
It is better to enable the access logging of your API Gateway stage (v1).
aws_api_gateway_method
Ensure that your API Gateway method blocks unwanted access
It is better that the API Gateway method does not allow public access.
AWS::ApiGateway::VpcLink (CloudFormation)
The VpcLink in ApiGateway can be configured in CloudFormation with the resource name AWS::ApiGateway::VpcLink
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
Description
optional - String -
TargetArns
required - List -
Name
required - String
Explanation in CloudFormation Registry
The
AWS::ApiGateway::VpcLink
resource creates an API Gateway VPC link for a REST API to access resources in an Amazon Virtual Private Cloud (VPC). For more information, see vpclink:create in theAmazon API Gateway REST API Reference
.
Frequently asked questions
What is AWS API Gateway VPC Link?
AWS API Gateway VPC Link is a resource for API Gateway of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS API Gateway VPC Link?
For Terraform, the osodevops/aws-terraform-module-apigateway, chuleh/tf-aws-vpc-link-module and babbel/terraform-aws-nlb-for-apigateway-vpc-link source code examples are useful. See the Terraform Example section for further details.