Selectively exposing a REST endpoint publicly in an AWS EKS cluster in a private VPC

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information:

Kubernetes version: 1.19
Cloud being used: AWS EKS
Host OS:
CNI and version:
CRI and version:

You can format your yaml by highlighting it and pressing Ctrl-Shift-C, it will make your output easier to read.

So here is my configuration. I have a private VPC on AWS within which is hosted an AWS EKS cluster. Now this VPC has public facing load balancers which are only accessible from only specific IP addresses. On this EKS cluster are hosted a number of micro services running in their own pods. Each of these pods exposes a REST endpoint.

Now here is my requirement. Out of all the REST endpoints that we have, i would like to make only one REST endpoint publicly available from the internet. The remainder of our REST endpoints should remain private accessible only from certain IP addresses.

What would be the best approach to achieve this?

So far,from what i have researched, here are my options:
1)Have another instance of Ingress controller which deploys a public facing load balancer to handle requests to this public facing REST endpoint.
This will work. However, i am concerned with the security aspects here. An attacker might just get into our VPC and create havoc.

2)Have a completely new EKS cluster which is public facing where i deploy this single REST endpoint. This is something i would like to avoid.

3)Use something like AWS API gateway to achieve this. I am not sure if this is possible as i have to research more about it.

Anyone has any ideas on how this could be achieved securely?

Any advice would be very much appreciated.

Kiran Hegde