How to connect EventBridge API Destination to resources in private VPC?

Question

I want to connect my EventBridge's API Destinations to resources in my private VPC by calling the API endpoints at their private endpoints (not going through any public route like API Gateway). I saw this [doc](https://docs.amazonaws.cn/en_us/eventbridge/latest/userguide/eb-related-service-vpc.html) from AWS China that says using PrivateLink it might be possible but also found other [sources](https://repost.aws/questions/QUF6vrV82RQDe7__jyGFK7cg/how-to-invoke-a-private-rest-api-created-with-aws-gateway-endpoint-from-an-event-bus-rule) that say EventBridge can't connect to VPC. How should I go about this?

Answer

The documentation you referenced is not specific to the China partition of AWS. You can find this documentation for other regions as well, see [this link](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-related-service-vpc.html).

Using Amazon EventBridge with Interface VPC Endpoints means that custom events your VPC sends to EventBridge will use that endpoint.

API Gateway private endpoints are made possible via AWS PrivateLink interface VPC endpoints. Please refer to the [AWS PrivateLink documentation](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html):

> The service can't initiate requests to resources in your VPC through the VPC endpoint. The endpoint only returns responses to traffic that was initiated by resources in your VPC.

So, EventBridge cannot initiate a request to a resource in your VPC (a private API Gateway endpoint in your case) using a VPC endpoint you configure with AWS PrivateLink.

You can use the workarounds described in the re:Post answer you referenced.

How to connect EventBridge API Destination to resources in private VPC?

相關內容