I am planning out an AWS microservice architecture that provides public access using a Rest API Gateway connected privately to a NLB, which passes requests to an ECS Fargate cluster.
I’d like to make the Rest API available within my VPC (to leverage request validation, OAuth, etc.) rather than just sending requests to the NLB’s private endpoint.
When considering the connection between the private Rest API and the NLB, would I need to use another VPC link? Or is there an alternative to that?
This architecture may also be an anti-pattern and a better solution may exist for managing requests internally, while still leveraging API Gateway’s managed OAuth and request validation.