Chalice: Deploying to "private" API Gateway with dedicated VPC endpoint

Marking as a feature request. Unfortunately creating your own API Gateway private endpoint is not supported in Chalice yet. Chalice currently only supports running a Lambda function in your own VPC, but I do think it would be really valuable to be able to setup a private endpoint as well.

Currently creating open API endpoints causes internet traversals adding network latency ~100ms on top of lambda execution, also a lot of our API's are internal facing and not exposed to public endpoints. This feature if implemented will increase chalice usage to a great extent for anyone who's developing micro-services which are consumed internally and would be able to do so with low latency.

Would also love to see this added. As-is, chalice deploy wipes any existing resource policy, forcing us to trigger a second deploy to add the policy and re-deploy the API after Chalice does its thing. This would be incredibly useful for any internally-used APIs.

Just fixing the issue that @mtslzr noted with chalice deploy clearing out an existing API Gateway Resource Policy would allow us to manually make an API Gateway private while still getting the convenience of the rest of chalice deploy.

Bump, I'm wondering if this can be marked important, an identical issue on SAM was https://github.com/awslabs/serverless-application-model/issues/480 increased in priority. If this is going to take a lot of time to get done, I would appreciate some workarounds. Currently it's a showstopper for adoption of chalice in our deploy pipeline.

After digging through the code, it looks like adding this would require swagger support for this functionality. Or are there options in the code for setting custom ApiGateway options? Sorry, I'm still learning the codebase!

After a little more digging, tit seems this might be added to chalice package by adding EndpointConfiguration and Policy to the config and properly applying it in the _generate_restapi method in package.py I will dig a little more to find out how it could be added to chalice deploy

Tagged this in #976 because we will need the ability to attach a resource policy for the VPCE. With chalice deploy, the RestAPI resource is initially created using import_rest_api() which supports private endpoint configuration but not attaching a resource policy. Either that part will need to be refactored to use create_rest_api(), or there will have to be an update_rest_api() call after the fact to attach the resource policy for the VPCE.

added a pr that will allow deploying to private api endpoints (api endpoint configuration type), however this won't configure a vpc endpoint as that resource is shared across multiple apis and has variance for vpc/subnet/security groups independent of chalice configuration.