Understanding VPC links in Amazon API Gateway
A VPC link is a resource in Amazon API Gateway that allows for connecting API routes to private resources inside a VPC.
A private integration uses a VPC link to encapsulate connections between API Gateway and targeted VPC resources.
Why Use Amazon VPC Link?
One of the biggest advantages of using Amazon VPC Link is that it allows you to keep sensitive data within your VPC and away from the public internet.
VPC links for REST APIs
When you create a VPC link for a REST API, a VPC endpoint service is also created, making the AWS account a service provider. The service consumer in this case is API Gateway’s account.
Imagine you have a web application hosted in AWS that uses Amazon API Gateway to access backend services like Amazon S3, AWS Lambda, Amazon DynamoDB, Amazon Cognito etc. However, your application suddenly needs to securely access private resources such as databases or microservices within a Virtual Private Cloud (VPC). However, directly exposing your VPC to the public internet increases the attack surface for malicious actors. Some industries have mandatory compliance standards that avoid this type of architecture due to the inherent security risks.
领英推荐
An Elastic Load Balancer (ELB) is natively designed to distribute traffic to multiple internal servers while acting as the boundary between requests coming from the internet.
Use Cases for Amazon VPC Link
There are several use cases for Amazon VPC Link, including:
Accessing Resources in Your VPC: If your API needs to access resources within your VPC, such as an Amazon RDS instance or a custom application, Amazon VPC Link can be used to establish a secure connection between your API and these resources.
Securely Storing Sensitive Data: If your API handles sensitive data, such as financial information or personal data, you can use Amazon VPC Link to ensure that this data is kept confidential and secure by keeping it within your VPC.
Improving API Performance: By avoiding the public internet as a communication channel, Amazon VPC Link can improve the performance and reliability of your APIs. T
Integrating with Existing VPC Resources: Amazon VPC Link enables you to integrate your APIs with existing VPC resources, such as security groups and network access control lists (ACLs), for a more secure and flexible architecture.