Company Name
EquiLend Holdings LLC
Industry
Financial Solutions
Status
Private
Size
270+ Employees
Location
New York, United States

Enabling access of Private API endpoints to internal users over Direct Connect

How EquiLend Holdings LLC was able to successfully grant access to resources of Private Endpoints from specific VPC with Direct Connect connection of the on-premise network. Due to those VPCLink along with resource-based policies, EquiLend Holdings LLC was able to grant access to Private API endpoints to other VPC on-premise users.

NETSOL Technologies were successfully able to grant access to resources of Private Endpoints from specific VPC with a Direct Connect connection of the on-premise network was established.

Challenge

Make on-premises users connect the Public APIs over the Direct Connect connection.

Solution
  1. API Gateway REST Regional and Private endpoints policies were used
  2. Used API gateway integration for NLB to expose private endpoints
  3. Used VIF on direct connect to connect corporate private IP addresses
  4. Associated virtual private gateway to VPC
  5. VPC endpoint was associated with the same VPC where a direct connect connection was configured
Results

Access granted to private resources of private endpoints from certain VCP(s).

New Services Added
  1. Private Link
  2. Network Load Balancer

Requirement

EquiLend Holdings LLC had its APIs deployed to the AWS environment accessible to the customers over the internet. EquiLend Holdings LLC is required to route those API calls from their internal network securely using Direct Connect Network.

Challenge

EquiLend Holdings has its APIs hosted on AWS. Those APIs are accessible to customers across the globe over the internet and also there are some users within the organization who access these APIs. When on-premises users access these Public APIs the request routes over the internet. EquiLend already has a Direct Connect connection that connects on-premises and AWS. The objective is to route those API calls from their internal network over a dedicated direct connect network.

Solution

By using API Gateway REST private endpoints with resource-based policies, NETSOL Technologies was able to implement the required use case. Our team used API Gateway private integrations to use NLB. which exposed private endpoints to certain VPC resources i.e., on-premises users were connected with the on-premises network using Direct Connect.

By creating Private VIF on direct connect, NETSOL Technologies was able to provide access to the corporate private IP address. For connecting the private VIF to the specific VPC, our team associated virtual private gateway to VPC. Finally, for accessing private API over a Direct Connect Connection our team created VPC endpoint and associated it with the same VPC where direct connect connection was configured.

Result & Success Metrices

NETSOL Technologies was successfully able to grant access to resources of Private Endpoints from specific VPC with which Direct Connect connection of on-premise network was established. Our team created VPC endpoint and VPCLink in API Gateway. Due to those VPCLink along with resource-based policies NETSOL Technologies were able to grant access of Private API endpoints to other VPC on-premise users. The access was verified by getting the success response from on-premise users residing in on-premise network.

TCO Analysis Outcome

Objective is to make specific public endpoints private for internal users wherein AWS solution is already deployed.

And configured the following factors in TCO estimates:

  1. Number of VPC Interface endpoints per AWS region
  2. Total data processed by Interface endpoints
  3. Number of Network Load Balancers
  4. Processed bytes per NLB

The following new services were added to the solution:

  1. Private Link
  2. Network Load Balancer

Network Load Balancer

Constraints

If VPN or Direct Connect is there to connect on-premises Network with Amazon VPC then private endpoints are more secure option than public endpoints.