Private integrations for REST APIs in API Gateway

Use a private integration to expose your HTTP/HTTPS resources within an Amazon VPC for access by clients outside of the VPC. This extends access to your private VPC resources beyond the VPC boundaries. You can control access to your API by using any of the authorization methods that API Gateway supports.

To create a private integration, you must first create a VPC link. API Gateway supports VPC links V2 for REST APIs. VPC links V2 let you create private integrations that connect your REST API to Application Load Balancers without using an Network Load Balancer. Using an Application Load Balancer allows you to connect to Amazon ECSs container-based applications and many other backends. VPC links V1 are considered a legacy integration type. While they are supported by API Gateway, we recommend that you don't create new VPC links V1.

Considerations

The following considerations might impact your use of private integrations:

All resources must be owned by the same AWS account. This includes the load balancer, VPC link and REST API.
By default, private integration traffic uses the HTTP protocol. To use HTTPS, specify an uri that contains a secure server name, such as https://example.com:443/test.
In a private integration, API Gateway includes the stage portion of the API endpoint in the request to your backend resources. For example, if you request the test stage of an API, API Gateway includes test/path in the request to your private integration. To remove the stage name from the request to your backend resources, use parameter mapping to create an override for the $context.requestOverride.path variable.
Private integrations with AWS Cloud Map aren't supported.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Troubleshoot issues with response streaming

VPC links V2