Hi, 

I have an apigee hybrid instance setup and working. The runtime cluster is set up in an AWS EKS cluster. The cluster and the nodes are in private subnets.

This cluster also has a backend API that is exposed on a private load balancer endpoint that is only accessible within the respective AWS VPC and this is also added as a target endpoint for the apigee proxy I created. This also works as expected when I send a curl response to the apigee environment group domain with the respective apigee proxy base path.

So the question that I have been thinking is, how is this private load balancer endpoint able to give responses through the apigee env group domain when the private endpoint alone is only accessible within the AWS VPC.

Some insight on this is appreciated.