Amazon web services 具有无服务器框架的专用API网关
我的内部网络在AWS VPC(10.0.0.0/16)中,我想在这个专用网络中创建AWS API网关,因此没有公共主机名/IP 这是我试过的Amazon web services 具有无服务器框架的专用API网关,amazon-web-services,aws-api-gateway,serverless-framework,Amazon Web Services,Aws Api Gateway,Serverless Framework,我的内部网络在AWS VPC(10.0.0.0/16)中,我想在这个专用网络中创建AWS API网关,因此没有公共主机名/IP 这是我试过的 service: apollo-lambda1 provider: name: aws runtime: nodejs8.10 role: arn:aws:iam::xxx:role/admin-api-lambda-role region: ap-southeast-1 private: true vpc: securit
service: apollo-lambda1
provider:
name: aws
runtime: nodejs8.10
role: arn:aws:iam::xxx:role/admin-api-lambda-role
region: ap-southeast-1
private: true
vpc:
securityGroupIds:
- sg-xxxxx
subnetIds:
- subnet-xxx
sg-xxxxx是一个安全组,只允许10.0.0.0/16中的IP。它没有帮助
我还尝试添加,但它向世界公开了一个公共IP
resourcePolicy:
- Effect: Allow
Principal: "*"
Action: execute-api:Invoke
Resource:
- execute-api:/*/*/*
Condition:
IpAddress:
aws:SourceIp:
- "10.0.0.0/16"
UPD:试过这个组合,没有成功。现在无法解析dns名称
endpointType: PRIVATE
resourcePolicy:
- Effect: Allow
Principal: '*'
Action: execute-api:Invoke
Resource:
- execute-api:/*/*/*
Condition:
IpAddress:
aws:SourceIp:
- some ip here
我知道有人问这个问题已经有一段时间了,但我还是想写一个答案
provider:
name: aws
runtime: nodejs12.x
region: us-west-2
stage: dev
resourcePolicy:
- Effect: Allow
Principal: "*"
Action: execute-api:Invoke
Resource:
- execute-api:/*/*/*
Condition:
IpAddress:
aws:SourceIp:
- "10.0.0.0/16"
使用具有资源策略和VPC终结点的专用终结点
provider:
name: aws
runtime: nodejs12.x
region: us-west-2
stage: dev
endpointType: PRIVATE
vpcEndpointIds:
- vpce-XXXXX
resourcePolicy:
- Effect: Allow
Principal: "*"
Action: execute-api:Invoke
Resource:
- execute-api:/*/*/*
Condition:
IpAddress:
aws:SourceIp:
- "10.0.0.0/16"
在编写这个解决方案的时候,我使用了第一个具有额外IP地址的示例,因为这是我在QA团队之外测试固定IP地址内插的解决方案。我希望这个解决方案对某人有所帮助