I have an api that I deploy using elasticbeanstalk, and I wish to make it completely internal so that it cannot be accessed from the public Internet. I am doing this because I only want the service to be accessible via our other services (that each run in their own VPCs and are all deployed via elasticbeanstalk).
Is it possible to use an internal ELB with elasticbeanstalk? Is this even what I need to do? Can VPC peering help me here?
The ultimate aim is that the api needs to have some http resources public and some private. My approach was going to be to make the service private and expose any public resources via API Gateway, but perhaps this is not the right solution. Would it perhaps be better to expose everything through API Gateway, require IAM auth on the private resources and enforce in the api that requests come from API Gateway?