From 16db6f4566ccaa4dd67569f3eecb966ee372964a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A5rten=20Gustafson?= <marten.gustafson@gmail.com>
Date: Thu, 13 Oct 2016 15:06:06 +0200
Subject: [PATCH] Point out that AWS API Gateway resources can't be made
 "network internal" but that they may requrie authentication.

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index c5457d2..196cfa3 100644
--- a/README.md
+++ b/README.md
@@ -1069,6 +1069,7 @@ API Gateway
 
 -	🔸API Gateway only supports encrypted (https) endpoints, and does not support unencrypted HTTP. (This is probably a good thing.)
 -	🔸API Gateway endpoints are public — there is no mechanism to build private endpoints, e.g. for internal use.
+-	🔸API Gateway endpoints are always public, i.e. internet facing, and there is no mechanism to build private endpoints, e.g. for internal use on a [VPC](#vpcs-network-security-and-security-groups) but endpoints and their related resources can, optionally, [require authentication](http://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html).
 
 🚧 [*Please help expand this incomplete section.*](CONTRIBUTING.md)