| title | Synchronize APIs from Amazon API Gateway - Azure API Center | ||
|---|---|---|---|
| description | Integrate an Amazon API Gateway to Azure API Center for automatic synchronization of APIs to the inventory. | ||
| ms.service | azure-api-center | ||
| ms.topic | how-to | ||
| ms.date | 01/21/2026 | ||
| ms.custom |
|
||
| ms.collection |
|
This article shows how to integrate an Amazon API Gateway so that the gateway's APIs are continuously kept up to date in your API center inventory.
Integrating Amazon API Gateway as an API source for your API center enables continuous synchronization so that the API inventory stays up to date. Azure API Center can also synchronize APIs from sources including Azure API Management.
When you integrate an Amazon API Gateway as an API source, the following happens:
- The API center inventory adds APIs, and optionally API definitions (specs), from the API Gateway.
- You configure an environment of type Amazon API Gateway in the API center.
- You create an associated deployment for each synchronized API definition.
Synchronization is one-way from Amazon API Gateway to your Azure API center, meaning API updates in the API center aren't synchronized back to Amazon API Gateway.
Note
- Integration of Amazon API Gateway is currently in preview.
- There are limits for the number of integrated API sources.
- APIs in Amazon API Gateway synchronize to your API center once per hour. Only REST APIs are synchronized.
- API definitions also synchronize to the API center if you select the option to include them during integration. Only definitions from deployed APIs are synchronized.
[!INCLUDE synchronized-properties-api-source]
-
An API center in your Azure subscription. If you didn't create one, see Quickstart: Create your API center.
-
An Azure key vault. If you need to create one, see Quickstart: Create a key vault using the Azure portal. To add or manage secrets in the key vault, you need at least the Key Vault Secrets Officer role or equivalent permissions.
-
An AWS IAM user identity with the
AmazonAPIGatewayAdministratorpolicy attached. -
For Azure CLI: [!INCLUDE include]
[!INCLUDE install-apic-extension]
[!NOTE] You can run Azure CLI command examples in this article in PowerShell or a bash shell. Where needed because of different variable syntax, separate command examples are provided for the two shells.
To authenticate your API center to Amazon API Gateway, you need access keys for an AWS IAM user.
To generate the required access key ID and secret key by using the AWS Management Console, see Create an access key for yourself in the AWS documentation.
Save your access keys in a safe location. You'll store them in Azure Key Vault in the next steps.
Caution
Access keys are long-term credentials. Manage them as securely as you would a password. Learn more about securing access keys
Manually upload and securely store the two IAM user access keys in Azure Key Vault by using the configuration recommended in the following table. For more information, see Quickstart: Set and retrieve a secret from Azure Key Vault using the Azure portal.
| AWS secret | Upload options | Name | Secret value |
|---|---|---|---|
| Access key | Manual | aws-access-key | Access key ID retrieved from AWS |
| Secret access key | Manual | aws-secret-access-key | Secret access key retrieved from AWS |
:::image type="content" source="media/synchronize-aws-gateway-apis/key-vault-secrets.png" alt-text="Screenshot of secrets list in Azure Key Vault in the portal.":::
Take note of the Secret identifier of each secret, a URI similar to https://<key-vault-name>.vault.azure.net/secrets/<secret-name>. You use these identifiers in the next steps.
[!INCLUDE enable-managed-identity]
[!INCLUDE configure-managed-identity-kv-secret-user]
You can integrate an Amazon API Gateway by using the portal or the Azure CLI.
- In the portal, go to your API center.
- Under Platforms, select Integrations.
- Select + New integration > From Amazon API Gateway.
- In Integrate your Amazon API Gateway Service:
- For the AWS access key and AWS secret access key, select Select and choose the subscription, key vault, and secret that you stored.
- Select the AWS region where you deployed the Amazon API Gateway.
- In Integration details, enter an identifier.
- In Environment details, enter an Environment title (name), Environment type, and optional Description.
- In API Details:
- Select a Lifecycle for the synchronized APIs. (You can update this value for the APIs after you add them to your API center.)
- Optionally, select whether to include API definitions with the synchronized APIs.
- Select Create.
:::image type="content" source="media/synchronize-aws-gateway-apis/link-aws-gateway-service.png" alt-text="Screenshot of integrating an Amazon API Gateway service in the portal.":::
Run the az apic integration create aws (preview) command to integrate an Amazon API Gateway to your API center.
Note
- This command is only available in the preview version of the APIC extension.
- Install the new preview version before using this command.
-
Provide the names of the resource group, API center, and integration.
-
Provide the Key Vault secret identifiers for the AWS access key and secret access key, and the AWS region where you deployed the Amazon API Gateway.
az apic integration create aws \
--resource-group <resource-group-name> \
--service-name-name <api-center-name> \
--integration-name <aws-integration-name> \
--aws-access-key-reference <access-key-uri> \
--aws-secret-access-key-reference <secret-access-key-uri>
--aws-region-name <aws-region>
The environment is added to your API center. The Amazon API Gateway APIs are imported to the API center inventory.
[!INCLUDE delete-api-integration]