Hey everyone, I'm trying to create a basic serverless-stack and I'm struggling with limiting access to my company's vpc. It's just an appsync api connected to a lambda get function that reads from a dynamodb. The lambda has the right VPC subnets which I'm setting in the appsync's

defaultFunctionProps

prop. But I'm not sure if this is restricting the appsync api to the VPC as well. Does anyone know if I need to apply the VPC config to the appsync as well? And if so, does anyone know how to do this?

Hey @Stiofán Ó Lorcáin, just to clarify, are you looking to have the AppSync API endpoint only accessible from within a VPC?

Yes. It will only be used internally

afaik there isn’t such concept of deploying an AppSync API “in a VPC”.

Thanks @Frank. I think I saw that you can use Appsync to access VPC restricted resource and assumed you could limit Appsync to the VPC. I'll investigate both of your suggestions. I think the Lambda solution is possible but will need to double check.

AWS API Gateway has two restful api services: REST API and HTTP API (yes the naming is very confusing lol)

Yes, this makes sense thank you 🙂 I'm now discussing with my team how we will proceed but I think we'll be able to find a good solution for everything you've provided 😄