Amazon HTTP API gateway not working via VPC Link [closed]

ぃ、小莉子 提交于 2020-12-12 02:49:08

问题


I have Fargate ECS task which is under ALB and everything is working fine. Since this ALB is internal, I want to expose it via the new HTTP API Gateway via VPC link for HTTP API.

I have created the new VPC link for HTTP API (specifying the security group and subnets for the internal ALB), and created HTTP API Gateway and connected it to the VPC link + ALB.

I am trying to map specific routes (and {proxy+} as well in other cases), but it seems that I am getting,

{
  "message": "Service Unavailable"
}

on the correct links.

(On the non existing URLs, I get 404 - as expected). I tried this also with internet facing ALB (connecting it via VPC link as well - for testing purposes only), but it seems this is again the case.

I even tested it with NLB with HTTP API VPC link - and still same behavior.

Any idea if this even works? (Since it is in the UI, I assume it does?)

UPDATE: It seems that it works only in default stage For other stages, I have created (dev and beta) for which I get 404.

To me, it seems that since the URLs for dev and beta are /dev and /beta, the load balancer is 'getting confused'.


回答1:


VPC Link requires to be in a private subnet (most likely because of NAT Gateways). If you place it in public subnets, it will result in 503 errors, which might be your case as well.




回答2:


HTTP APIs don't perform URL mapping like the original REST APIs. API Gateway just passes the path what it gets in curl/invoke for HTTP APIs -

If you pass /foo in the URL the backend should have a resource /foo

If you pass /foo/bar in the URL the backend should have a resource /foo/bar

For the older VPC Links you could use the URL to map

/foo -> /bar/baz

That could be the reason for the 404s.

As for the 503 Service unavailable, take a look at the access logs of the ALB and see if any connections from API Gateway are received. It's likely the request is being routed to the default instead of any custom ALB rules you may have defined. This will lead your request to an incorrect target group causing 503s if the targets are not healthy or missing.




回答3:


You found 404, so clients reach YourAPI.It may be just nginx settings.

Client <---"https" and fqdn---> API Gateway <--- "http" and fqdn ---> YourAPI

nginx on my environment below,

server {
    listen 80;
    server_name xxxxxxxxxx.execute-api.ap-northeast-1.amazonaws.com;
}


来源:https://stackoverflow.com/questions/61012712/amazon-http-api-gateway-not-working-via-vpc-link

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!