Français
Deutsch
Español
Italiano
Português
日本語
한국어
Русский
Yelly Premix Market [Top Players ] Subar International Food, HSH NORM, Vita Fruit Enterprise
Jul 25, 2023Premix Burners Market 2023 Latest Innovations
Jul 31, 2023LDWF announces new Fishing Course Series intermediate catfishing course
Jul 23, 2023APM Terminals expands API offering to improve customer connectivity
Aug 14, 2023When Will GPT
Aug 12, 2023Simplifying private API integrations with Amazon EventBridge and AWS Step Functions | AWS Compute Blog
Mar 29, 2025This blog written by Pawan Puthran, Principal Specialist TAM, Serverless and Vamsi Vikash Ankam, Senior Serverless Solutions Architect.
In December 2024, AWS announced that Amazon EventBridge and AWS Step Functions support integration with private APIs using AWS PrivateLink and Amazon VPC Lattice. This feature allows users to integrate applications seamlessly across private networks, on-premises infrastructure, and cloud platforms. It provides operational simplicity, enabling secure and controlled communication between services within a Virtual Private Cloud (VPC). This blog post explores how to leverage this new capability to integrate Step Functions with private APIs, making application interactions across private networks more efficient and secure.
Private integrations are essential for secure communication between cloud services within a VPC. As organizations modernize their applications in the cloud, they often need to integrate existing systems with private network environments. EventBridge and Step Functions previously needed proxies to send events to HTTPS applications. These proxies, such as AWS Lambda or Amazon Simple Queue Service (Amazon SQS), delivered events to applications running on Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service (Amazon EKS), or Amazon Elastic Container Service (Amazon ECS). Now, users can directly invoke private HTTPS-based endpoints running within their VPC using EventBridge and Step Functions.
This new capability offers several key benefits:
EventBridge and Step Functions use new capabilities of PrivateLink and VPC Lattice, Resource Gateway and Resource Configuration, to facilitate secure network connectivity to services and resources inside of a VPC. To establish the private connectivity, you need the following components:
To illustrate how Step Functions invoke private HTTPS APIs, consider the following workflow that classifies product reviews as fake or real.
Figure 1: Step Functions workflow calling private HTTPS-based endpoint running in AWS Fargate
In real-world scenarios, this includes analyzing text patterns, user behavior, and linguistic cues to determine the authenticity of each review. Suspicious reviews are automatically flagged by building customized workflows to maintain the integrity of the product feedback system.
Before configuring the private integration, create an Amazon Route53 public hosted zone with a registered domain (such as api.com), and an AWS Certificate Manager (ACM) certificate corresponding to the domain. While Amazon Route53 private hosted zones is currently not supported, utilizing public hosted zones resolves the domain name to a private IP address, accessible only from within the VPC.
This post includes a sample application and deployment instructions. For complete details, refer to the README.
In this scenario, the Step Functions, EventBridge connections, and private resources reside in the same account, as shown in the following figure
Figure 2: Overview of a single account setup with Step Functions workflow and private API in the same account
You can use the following payload to test the Step Functions execution:
The following figure shows the Step Functions execution where the review is classified as real and successfully invokes the private HTTPS endpoint.
Figure 3: Step Functions execution classifying the product reviews as real and successfully invoking the private API
In this scenario, all the private resources reside in Account A. The Step Functions and EventBridge Connections reside in Account B. The cross-account resource sharing is powered by AWS RAM, as shown in the following figure.
Figure 4: Cross-account setup
Following the creation of the Resource Gateway and the Resource Configuration, as described in the previous section, configure the resource share using AWS RAM in Account A.
Enterprises with distributed development teams operate across multiple AWS accounts. The setup described above enables secure cross-account access to VPC resources.
EventBridge now publishes change in the state events for new or existing connections. This is useful when taking actions on state changes or for troubleshooting purposes. The following example shows the state change events published for Connection Authorized and Connection Activated.
Figure 5: EventBridge connections state change
The new integration allows Amazon EventBridge and AWS Step Functions to integrate with private APIs, powered by AWS PrivateLink and Amazon VPC Lattice. Users can integrate legacy on-premises systems with cloud-native applications using event-driven architectures and workflow orchestration. The integration helps enterprises modernize distributed applications across public and private networks, enabling faster innovation, higher performance, and lower costs by eliminating the need for custom networking or integration code.
For more details, refer to the EventBridge and Step Functions documentation. Check out this video on setting up integrations with EventBridge and Step Functions. Get the sample code used in this post from this GitHub repository.
To expand your serverless knowledge, visit Serverless Land.
Enhanced security and compliance:Simplified architecture and increased developer productivity:Improved performance and reliability:Resource Gateway:Resource Configuration:EventBridge Connections:AWS Resource Access Manager:Active,Connection AuthorizedConnection Activated.