Missing Authentication Token while accessing API Gateway?

Question

I am trying to call a Lambda Function through AWS API Gateway. When I mention Authentication type NONE it works fine but API become public and anyone with url can access my

Answer 1

If you are using an API with endpoint of type PRIVATE, be sure of:

1. You are invoking the API from within your AWS account (example: from an EC2 instance created in your account)

2. Put necessary credential (access and secret keys) in the EC2 instance in route ~/.aws/credentials (this route is for linux instances) If IAM user use MFA aws_session_token value will be required too.

3. Use vpce (vpc endpoint) based URL. Example: curl https://vpce-0c0471b7test-jkznizi5.execute-api.us-east-1.vpce.amazonaws.com/dev/api/v1/status

4. Your EC2 instance have a security group than allow outbound traffic to another security group owned by the vpce like:

5. Your vpce security group allow inbound traffic from another security group (previous sg from ec2 instance) owned by the EC2 instance like:

See: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html