Description:

Amazon API Gateway is an AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale. An API endpoint type refers to the hostname of the API. The API endpoint type can be edge-optimized, regional, or private, depending on where the majority of your API traffic originates from.

  • An edge-optimized API endpoint is best for geographically distributed clients. API requests are routed to the nearest CloudFront Point of Presence (POP). This is the default endpoint type for API Gateway REST APIs.

  • A regional API endpoint is intended for clients in the same region. When a client running on an EC2 instance calls an API in the same region, or when an API is intended to serve a small number of clients with high demands, a regional API reduces connection overhead.

  • A private API endpoint is an API endpoint that can only be accessed from your Amazon Virtual Private Cloud (VPC) using an interface VPC endpoint, which is an endpoint network interface (ENI) that you create in your VPC.

Rationale:

By not having API Gateway as Edge Optimized, it will not enable incoming requests that are routed through the AWS "Edge Network," which is the CloudFront network, with its 100+ global edge locations.

Impact:  

If the clients of your API Gateway stage are inside AWS and within the same region where you deployed the API (such as when the API is being called by other systems in EC2 within the region), then you will most likely want a Regional endpoint. 

Default value:

Endpoints are selected when creating the API Gateway.

Pre-Requisite:

Initially, you must have an API gateway.

Remediation:

Test Plan:

  • AWS Console Process

  1. Go to API Gateway console API Gateway (amazon.com) and select APIs.

  2. In the APIs panel you can see the APIs endpoint type



Using AWS CLI


aws apigateway get-rest-api
--region <region-name>
--rest-api-id <rest-api-name>
--query 'endpointConfiguration.types'

Implementation Steps:

  • AWS Console Process

  1. Sign into the AWS Management Console.

  2. Navigate to API Gateway Console at https://console.aws.amazon.com/apigateway.

  3. Click on APIs in the left navigation pane.

  4. Select the API you want to modify and click on it.

  5. Click on the Settings under the API you opened. 

  6. In the settings page opened, go to the Endpoint Configuration section and choose Regional or Private in the Dropdown menu.


Using AWS CLI

To use the AWS CLI to update an edge-optimized API whose API ID is {api-id}, call update-rest-api as follows:

aws apigateway update-rest-api \
--rest-api-id {api-id}
--patch-operations op=replace,path=/endpointConfiguration/types/EDGE,value=REGIONAL

Backout Plan:

  • AWS Console Process

  1. Go to API Gateway console API Gateway (amazon.com) and select APIs

  2. Click on the API that you want to change.

  3. In the left navigation, click on settings. 

  4. In Endpoint Configuration change the endpoint type from edge optimized to regional or private. 

  5. Scroll down and click on save changes.


Using AWS CLI

The AWS CLI to update regional to edge-optimized APIs whose API ID is {api-id}.

aws apigateway update-rest-api \
--rest-api-id {api-id} \
--patch-operations op=replace,path=/endpointConfiguration/types/REGIONAL,value=EDGE

References:

Amazon API Gateway concepts - Amazon API Gateway 

Change a public or private API endpoint type in API Gateway - Amazon API Gateway 

Choose an endpoint type to set up for an API Gateway API - Amazon API Gateway