Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

🎊 Black Friday is here! Enjoy up to 30% OFF ALL AWS Associate-Level Courses!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Advanced Networking – Specialty A private REST API through Amazon API Gateway

  • A private REST API through Amazon API Gateway

     Irene-TutorialsDojo updated 1 month, 1 week ago 2 Members · 2 Posts
    AWS Certified Advanced Networking – Specialty

  • Khadijah Senian

    Member
    October 8, 2025 at 1:24 pm

    Hello,

    I think the answer for this question below is wrong

    Category: ANS – Network Security, Compliance, and Governance

    An enterprise healthcare organization is transitioning its legacy systems to a modern architecture by creating APIs hosted on AWS. The organization’s development teams run applications in its on-premises data centers, which connect to AWS using an AWS Direct Connect connection for consistent and low-latency network performance. The cloud infrastructure team plans to implement a private REST API through Amazon API Gateway, ensuring the API endpoint is accessible exclusively via private communication channels. The solution must avoid introducing extra infrastructure components while securing private access to the API endpoint from the on-premises environment.

    Which approach should the cloud architect take to enable seamless invocation of the API?

    Hence, the correct answer is: Configure an interface VPC endpoint for Amazon API Gateway with private DNS names activated. Use the public DNS name of the endpoint to access the API.


    Based off this AWS Blog, https://aws.amazon.com/blogs/compute/integrating-amazon-api-gateway-private-endpoints-with-on-premises-networks/, the answer should be:

    Deploy an interface VPC endpoint for Amazon API Gateway and configure Amazon Route 53 inbound resolver endpoints to resolve private DNS queries from on-premises.

  • Irene-TutorialsDojo

    Administrator
    October 9, 2025 at 12:31 pm

    Hello Khadijah Senian,

    Thank you for your question.

    While the AWS blog you referenced does mention using Route 53 inbound resolvers for resolving private DNS queries from on-premises networks, this approach introduces additional infrastructure components. The original solution is Configuring an interface VPC endpoint for Amazon API Gateway with private DNS names activated—is the recommended approach because it allows the use of the standard public DNS name for the API, which automatically resolves to private IPs without needing extra infrastructure.

    By enabling Private DNS on the interface VPC endpoint, the API endpoint remains private, and DNS resolution for the API will happen seamlessly within the VPC. This method is simpler, avoids unnecessary complexity, and meets the goal of securing private access to the API from on-premises.

    For more details, you can refer to the official AWS documentation on private APIs.

    I hope this clears up the confusion. Feel free to reach out if you have more questions!

    Best,

    Irene @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now
Skip to content