问题
I have Fargate ECS
task which is under ALB
and everything is working fine.
Since this ALB
is internal, I want to expose it via the new HTTP API Gateway
via VPC
link for HTTP API
.
I have created the new VPC
link for HTTP API
(specifying the security group and subnets for the internal ALB
), and created HTTP API Gateway
and connected it to the VPC
link + ALB
.
I am trying to map specific routes (and {proxy+}
as well in other cases), but it seems that I am getting,
{
"message": "Service Unavailable"
}
on the correct links.
(On the non existing URLs
, I get 404
- as expected).
I tried this also with internet facing ALB
(connecting it via VPC
link as well - for testing purposes only), but it seems this is again the case.
I even tested it with NLB
with HTTP API VPC
link - and still same behavior.
Any idea if this even works? (Since it is in the UI
, I assume it does?)
UPDATE:
It seems that it works only in default
stage For other stages, I have created (dev and beta) for which I get 404
.
To me, it seems that since the URLs
for dev and beta are /dev
and /beta
, the load balancer is 'getting confused'.
回答1:
VPC Link requires to be in a private subnet (most likely because of NAT Gateways). If you place it in public subnets, it will result in 503 errors, which might be your case as well.
回答2:
HTTP APIs don't perform URL mapping like the original REST APIs. API Gateway just passes the path what it gets in curl/invoke for HTTP APIs -
If you pass /foo
in the URL the backend should have a resource /foo
If you pass /foo/bar
in the URL the backend should have a resource /foo/bar
For the older VPC Links you could use the URL to map
/foo -> /bar/baz
That could be the reason for the 404s.
As for the 503 Service unavailable
, take a look at the access logs of the ALB and see if any connections from API Gateway are received. It's likely the request is being routed to the default instead of any custom ALB rules you may have defined. This will lead your request to an incorrect target group causing 503s if the targets are not healthy or missing.
回答3:
You found 404, so clients reach YourAPI.It may be just nginx settings.
Client <---"https" and fqdn---> API Gateway <--- "http" and fqdn ---> YourAPI
nginx on my environment below,
server {
listen 80;
server_name xxxxxxxxxx.execute-api.ap-northeast-1.amazonaws.com;
}
来源:https://stackoverflow.com/questions/61012712/amazon-http-api-gateway-not-working-via-vpc-link