AWS Deep Dive
- author:: Nathan Acks
- date:: 2022-11-19
Amazon API Gateway
Continued notes about the Amazon API Gateway.
Working with REST APIs
Creating a Private API in Amazon API Gateway
Private APIs can only be interacted with from inside of an AWS VPC, via a special VPC endpoint interface. These endpoints can also be accessed through on-prem systems via Amazon Direct Connect (the AWS site-to-site VPN). Access to VPC endpoints can be controlled by both security groups and resource policies with the aws:SourceVpc
/ aws:SourceVpce
conditions that are attached to the API (set) in API Gateway.
Setting up CloudWatch Logging for a REST API in API Gateway
API execution logs are set up and managed automatically by API Gateway, but access logging must be manually configured. Access logs can log any $context
variables, but cannot log any other API variables. Note that $context.requestId
can be overridden on the client side by setting the x-amz-RequestId
header, but $context.extendedRequestId
is set by API Gateway itself and only revealed to the client in the x-amz-apigw-id
response header). (Given these limitations, it’s unclear why anyone would ever bother with $context.requestId
, though I suppose it might be useful for debugging…)