Use VPC Endpoint Policies for Private APIs in API Gateway