从VPC中的ApiGateway调用公共ApiGateway

我有两个api网关-一个公共（A），另一个在VPC（B）中，其中VPCEndpoint配置为对api网关进行调用。

VPCEndpoint配置：

  IotCoreApiGatewayVPCEndpoint:
    Type: AWS::EC2::VPCEndpoint
    Properties:
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal: "*"
            Action:
              - "execute-api:Invoke"
            Resource: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:*
      ServiceName: !Sub com.amazonaws.${AWS::Region}.execute-api
      VpcEndpointType: Interface
      VpcId: !Ref VpcId
      PrivateDnsEnabled: true
      SecurityGroupIds:
        - !GetAtt DbSecurityGroup.GroupId
      SubnetIds:
        - !Ref PrivateSubnetAId
        - !Ref PrivateSubnetBId

api网关B正在调用api网关A，并且我收到403-禁止错误。

如果删除VPCEndpoint配置，而不是403，则会收到超时。

在没有VPC的情况下从lambda调用api网关A可以正常工作，也启用了CORS。

类似的问题在这里表达：

https://aws.amazon.com/ru/premiumsupport/knowledge-center/api-gateway-vpc-connections/

本文指出，我必须为ApiGateway设置一个Edge-Optimized Custom Domain Name，并且需要使用ACM Certificates。

有没有更简单的方法来解决此问题？我可以仅将具有安全网关ID的api网关A访问权限附加到VPCEndpoint吗？

服务器响应：

{
  "Version": {
    "Major": 1,
    "Minor": 1,
    "Build": -1,
    "Revision": -1,
    "MajorRevision": -1,
    "MinorRevision": -1
  },
  "Content": {
    "Headers": [
      {
        "Key": "Content-Type",
        "Value": [
          "application/json"
        ]
      },
      {
        "Key": "Content-Length",
        "Value": [
          "23"
        ]
      }
    ]
  },
  "StatusCode": 403,
  "ReasonPhrase": "Forbidden",
  "Headers": [
    {
      "Key": "Server",
      "Value": [
        "Server"
      ]
    },
    {
      "Key": "Date",
      "Value": [
        "Mon, 16 Dec 2019 11:25:43 GMT"
      ]
    },
    {
      "Key": "Connection",
      "Value": [
        "keep-alive"
      ]
    },
    {
      "Key": "x-amzn-RequestId",
      "Value": [
        "09df4fdd-d26d-4266-b569-35d537488913"
      ]
    },
    {
      "Key": "x-amzn-ErrorType",
      "Value": [
        "ForbiddenException"
      ]
    },
    {
      "Key": "x-amz-apigw-id",
      "Value": [
        "Ey10qAA7DoEF-Ng="
      ]
    }
  ],
  "RequestMessage": {
    "Version": {
      "Major": 2,
      "Minor": 0,
      "Build": -1,
      "Revision": -1,
      "MajorRevision": -1,
      "MinorRevision": -1
    },
    "Content": {
      "Headers": [
        {
          "Key": "Content-Type",
          "Value": [
            "application/json; charset=utf-8"
          ]
        },
        {
          "Key": "Content-Length",
          "Value": [
            "104"
          ]
        }
      ]
    },
    "Method": {
      "Method": "POST"
    },
    "RequestUri": "https://{apigatewayUrl}api/Commands",
    "Headers": [],
    "Properties": {}
  },
  "IsSuccessStatusCode": false
}

更新：添加边缘优化的自定义域名，如article中所建议，未能解决问题