add VPC-Endpoint to API Gateway, so it can be invoked when routed to from outside while complying with being accessed from within its own VPC