I want to build a server-less system using AWS Labmda + API Gateway where I will have some public APIs and some other API for internal usage only (all will be implemented with Lambda functions and Node JS).
My question is specific on how to create those internal APIs which will NOT be exposed to the outside world but only to a handful of lambda functions.
I know all APIs defined in the Gateway are public. How can I manage the caller of the API to be only from my own recognized AWS resources (specifically my Lambda functions) ?
I am aware a possible answer will be to simply call the Lambda function directly and not via the API Gateway. This will of course work but the down side here is that it couples the implementation to AWS while I am trying to get a solution which constructed of Node micro-services calling each other via REST APIs.
Thanks.
1 Answer 1
As documented here:
To assign custom access permissions to the method, in the Authorization Settings area, for Authorization Type, choose Edit, and then choose AWS_IAM. Only IAM roles with the correct IAM policy attached will be allowed to call this method.
Then you would just need to assign an appropriate IAM role to your Lambda function(s) in order to allow them to call those private API Gateway methods.
3 Comments
Explore related questions
See similar questions with these tags.