3 Answers
- Newest
- Most votes
- Most comments
1
- VPC Peering: Establish a VPC peering connection between the VPC in us-east-1 (Account A) and the VPC in sa-east-1 (Account B). This connection will allow networking communication between the two VPCs across regions.
- Update Route Tables: After setting up the VPC peering connection, you'll need to update the route tables in both VPCs to route the relevant API traffic through the peering connection.
- API Gateway Resource Policy: Modify the resource policy of the API Gateway in Account A to allow access from Account B. This involves specifying the VPC endpoint of the Account B VPC as an allowed source.
- VPC Endpoint for API Gateway: You mentioned that you already tried with VPC endpoints. Ensure that you have set up a VPC endpoint in Account B’s VPC for accessing the API Gateway service. This endpoint should be configured to connect to the API Gateway in Account A through the VPC peering connection.
- Endpoint Policy and Security Groups: Adjust the endpoint policy on Account B’s VPC endpoint to allow connections to the specific API Gateway in Account A. Also, review the security group settings to ensure that traffic is allowed on the necessary ports from Account B’s VPC endpoint.
- DNS Resolution: Make sure that DNS resolution is configured to properly resolve the endpoint of the API Gateway across the VPC peering connection. You might need to enable DNS resolution and DNS hostnames in both VPCs if not already enabled.
- IAM Permissions: Ensure that the IAM roles and policies in Account B have the necessary permissions to access the API Gateway in Account A.
0
I'm missing something at DNS Resolution. Both VPC have DNS resolution enabled and VPC peering allowing DNS resolution across the connection. Account B can't resolve the DNS name of the API Gateway.
answered 5 months ago
0
It worked! I was using a wrong endpoint name.
Changed to this worked fine! https://{api-id}-{vpce-id}.execute-api.us-east-1.amazonaws.com/{stage}
answered 5 months ago
Relevant content
- Accepted Answerasked 3 years ago
- asked 6 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 months ago
- How do I use an interface VPC endpoint to access an API Gateway private REST API in another account?AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago