Google has a really hard time distinguishing these concepts apart:
Created API from APIGW -> your lambda
Your lambda -> calling aws api to get OR create APIGW resources like new API keys, etc.
I need the latter (2).
I have a python boto3 client running in a lambda function which calls the function get_rest_apis from API gateway itself (list the APIs ive created, as can be seen in aws account web console).
Lambda function invocation fails to actually reach amazon's service
"Connect timeout on endpoint URL: \"https://apigateway.us-east-2.amazonaws.com/"
This Lambda func is required to live in the VPC, because it also accesses private resources only there. Lambda is in public subnets of VPC with security group which allows all inbound+outbound.
Also - To be clear, the lambda code which grabs the APIGW data using the api client succeeds at reaching this URL only if the lambda runs outside the VPC (if i remove vpc config entirely and lambda runs on aws side). I cannot solve it this way, as it's required to actually work in bounds of VPC.
The lambda is allocated on a public subnet which can access the internet through an Internet Gateway, as every other resource on the public subnet does.
What else can be getting in the way of my successful connection to apigateway..amazonaws.com ?
I had a similar problem to this with AWS Secrets manager that was solved by using a VPC endpoint. I cannot find a way to configure a VPC endpoint to sequester access to APIGW api in the same way, however. Google fails me because it thinks I'm asking a different question.
Anyone who might be able to throw ideas at this is immensely appreciated, thanks!
