Prerequisites: You must connect your on-premises network to the internet. Also, your on-premises network's firewall must allow traffic to and from the API Gateway endpoint.
Connect an on-premises network to a REST API, HTTP API, or WebSocket API
To connect your on-premises network to API Gateway, see the following documentation:
Connect an on-premises network to a private REST API
Choose one of the following access methods based on your configuration.
Note: The security group for the interface endpoint must allow inbound traffic from your on-premises source CIDR range on TCP port 443. Also, you must update the private API resource policy to allow private API traffic from the source VPC or VPC endpoint.
If you use a private DNS, then you can use the private DNS names to access your private API from your on-premises network. Set up a Route 53 Resolver inbound endpoint, and then forward all DNS queries of the private DNS from your on-premises network to the endpoint.