1 Answer
- Newest
- Most votes
- Most comments
0
Hi,
You can create a new IAM role that all instances in the fleet will assume to access your API Gateway (AWS Console: Create Fleet | Define fleet details | Additional details | Instance role). See Communicate with other AWS resources from your fleets for more details.
While creating the role you can define a policy that will allow fleet instances to communicate with the API Gateway instance. Additionally you can configure API Gateway endpoints to enforce IAM based authorization for the clients, thus all client requests to the API endpoints will have to be digitally signed with the SigV4 signature. See Control access for invoking an API and How Amazon API Gateway works with IAM for more details.
Regards.
answered 10 days ago
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 3 years ago
Hi, Thanks for the reply. I am wondering if doing a VPC peering with a VPC link is needed? Or just a resource policy can make it secure?