- Newest
- Most votes
- Most comments
The endpoint you are looking for is the execute-api.<region>
These are available to create in your VPC under vpc endpoints.
I don’t believe you can create an api gateway control pane vpc endpoint in a vpc. You have to use the Public api.
The Endpoint (apigateway.eu-west-2.amazonaws.com) does exist. It is the Amazon API Gateway control plane public endpoint for the eu-west-2 region [1]. You can see a list of API Service Endpoints here [1].
However, these are public endpoints, unless you have created an interface endpoint for the service which allows for private connectivity from within the VPC. For example, Lambda interface endpoints allows you to call Lambda APIs privately from within the VPC without requiring internet access [2].
However, not all AWS services support VPC Endpoints. For those services, internet access is still required as the API calls will use the public endpoint. Please see list of AWS services that integrate with AWS PrivateLink [3].
Currently, the Amazon API Gateway control plane for calling APIs for these services respectively does not support VPC Interface Endpoints. Thus, you cannot connect to them privately via an interface endpoint and must use the public endpoint.
In general, you won't be able to reach AWS API's without internet access, unless they support interface endpoints.
Additionally, most AWS services have control plane (configures the service i.e API Calls) and data planes (use of the actual service). For example, execute-API (data plane) and control plane (apigateway) are separate concepts. Only data plane is supported for PrivateLink/Interface Endpoints at this time.
[1] Amazon API Gateway endpoints and quotas - Amazon API Gateway control plane - https://docs.aws.amazon.com/general/latest/gr/apigateway.html#apigateway_region_control_plane
[2] Configuring interface VPC endpoints for Lambda - https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc-endpoints.html
[3] AWS services that integrate with AWS PrivateLink - https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html
It appears that there is a discrepancy between the documentation and the actual availability of API Gateway control plane VPC endpoint services. Based on the information provided and the AWS CLI commands you've run, it seems that the API Gateway control plane VPC endpoint services are not currently available as described in the documentation.
The API Gateway consists of two components: the control plane for creating and managing APIs, and the data plane for calling deployed APIs. While the data plane VPC endpoint services (com.amazonaws.[region].execute-api) are available and functioning as expected, the control plane VPC endpoint services (com.amazonaws.[region].apigateway) do not seem to exist.
This situation could be due to one of several reasons:
- The feature may not have been implemented yet, despite being documented.
- The feature might have been temporarily removed or disabled.
- There could be an error in the documentation, and the control plane VPC endpoints might not be intended to be available as interface endpoints.
Given that you've checked multiple regions and encountered the same issue, it's unlikely to be a regional or temporary problem.
For the time being, you can continue to use the public endpoints for the API Gateway control plane operations. If you need to perform these operations from within a VPC without internet access, you might need to use a NAT gateway or other networking solutions to reach the public endpoints.
It would be advisable to contact AWS support for clarification on this discrepancy between the documentation and the actual service availability. They would be able to provide the most up-to-date and accurate information regarding the status of API Gateway control plane VPC endpoint services.
Sources
Amazon API Gateway Supports Endpoint Integrations with Private VPCs
Amazon API Gateway endpoints and quotas - AWS General Reference
Relevant content
- asked 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago