5

I want to build a server-less system using AWS Labmda + API Gateway where I will have some public APIs and some other API for internal usage only (all will be implemented with Lambda functions and Node JS).

My question is specific on how to create those internal APIs which will NOT be exposed to the outside world but only to a handful of lambda functions.

I know all APIs defined in the Gateway are public. How can I manage the caller of the API to be only from my own recognized AWS resources (specifically my Lambda functions) ?

I am aware a possible answer will be to simply call the Lambda function directly and not via the API Gateway. This will of course work but the down side here is that it couples the implementation to AWS while I am trying to get a solution which constructed of Node micro-services calling each other via REST APIs.

Thanks.

asked Jun 27, 2016 at 13:26

1 Answer 1

5

As documented here:

To assign custom access permissions to the method, in the Authorization Settings area, for Authorization Type, choose Edit, and then choose AWS_IAM. Only IAM roles with the correct IAM policy attached will be allowed to call this method.

Then you would just need to assign an appropriate IAM role to your Lambda function(s) in order to allow them to call those private API Gateway methods.

answered Jun 27, 2016 at 13:31
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks. From reading this more carefully I see that it's not that simple to make it a straight forward HTTPS request because if you don't use the AWS SDK, you will need to do quite some work to authenticate the request (see docs.aws.amazon.com/general/latest/gr/…). I was hoping that AWS will take of all of this internally. I guess an internal API Gateway could have worked great here for me (but it doesn't exist unfortunately).
With this approach, for internal calls, there still will be cost incurred. Any idea how to minimise?
@Hammer this question wasn't about costs. If you have a specific question about API Gateway costs ask it as a separate question.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.