I have deployed an API Gateway on GCP. I would like to attach a static IP to the gateway so that I can add the IP to an allowlist of another service, that the API Gateway forwards requests to. The service is a third-party service, that only accepts requests from IPs on their allowlist.
I have set up a load balancer for the API Gateway, which does have a global static IP attached. However, this does solve the egress traffic, I see in the logs that the IP isn't static. Is there a way that I can attach a static IP to the API Gateway for egress, so that I can add a single IP to the other service?
Any help on this would be appreciated!
You can't add egress control on API Gateway. A workaround is to create a proxy Cloud Functions that have a static egress IP. There is an overcost for the Cloud Functions processing and for the serverless VPC connector that you have to use.
Another solution is to host the equivalent of API Gateway yourselves on Cloud Run for example (the open source project is name ESPv2, and I wrote an article on that (before the existence of the managed solution: API Gateway) and to use the similar configuration (serverless VPC connector and Cloud NAT) on the Cloud Run service.