Enabling Private APIs with Custom Domain Names (AWS API Gateway)

Amazon API Gateway does not support Custom domain names for Private APIs (as of this post). But there’s a pretty easy work around that involves a few steps. Update: Heeki Park has made this an official AWS solution — check it out here!!

When you create a private API, you target a VPC Endpoint that places ENIs into the subnets you configure. This allows your private VPC resources to reach the private API endpoint.

However, unlike public APIs — you cannot create a Custom Domain name for your API … but there’s a workaround! Here’s what the workaround looks like:

CustomDomain → NLB/ALB → VPCE ENI → Private API GW (with Custom Domain)

High level instructions below.

Step 1: Create a VPC endpoint (type interface)

Target the service com.amazonaws.com.[region].execute-api. Make sure you select the VPC and subnets you want your private API to be accessible in and the security groups to allow port 80 and 443 traffic.

Step 2: Create a private API

Specify your VPC Endpoint ID. If you’re using the API Gateway console just enter the VPC Endpoint ID from…