Accessing private Amazon API Gateway endpoints through custom Amazon CloudFront distribution using VPC Origins

Compute Blog

This article details a solution for accessing private Amazon API Gateway endpoints through a custom Amazon CloudFront distribution using VPC Origins, providing enhanced security and controlled access to private APIs.

Enables secure access to private API Gateway endpoints via CloudFront
Keeps API traffic entirely within the AWS private network
Adds security layers like AWS WAF, geoblocking, and custom SSL certificates
Uses AWS SAM template to create a secure, private networking architecture
Implements custom Lambda resources to manage network interfaces and security configurations

Key components include a CloudFront distribution with VPC Origins, an internal Application Load Balancer, and a VPC endpoint for execute-api, creating a robust method to protect backend services while maintaining high availability.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Mar 13
2026

Using cross-account CloudFront VPC origins for multi-account private API Gateway architecture

Nov 21
2024

Implementing custom domain names for private endpoints with Amazon API Gateway

Mar 20
2026

Migrate Amazon CloudFront public origins to private VPC origins

Apr 2
2025

Amazon CloudFront supports VPC Origin modification with CloudFront Functions

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Accessing private Amazon API Gateway endpoints through custom Amazon CloudFront distribution using VPC Origins

Related articles