Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Integration of Private APIs with AWS Step function Tasks

0

We have Private APIs with API-G endpoints backed by a Lamba within a VPC and Subnet.

We also have a step function that relies on these API endpoints

What policies should we add to allow step function invoke Private APIs ? This is the error I see during step function executions -

{
  "resourceType": "apigateway",
  "resource": "invoke",
  "error": "ApiGateway.UnknownHostException",
  "cause": "[API-G].execute-api.us-west-2.amazonaws.com: Name or service not known"
}

VPC already has 443 inbound rule added to its security group. Do we need to create VPC Private link between step function and VPC ?

The integration works fine for regional public APIs. But as soon as we convert these to private, the integration fails with above error.

Note that, I am still able to invoke the APIs from the API-G console and step function execution role has permissions to invoke the APIs.

Argomenti
ServerlessIntegrazione delle applicazioniNetworking e distribuzione di contenutiFront-end web e dispositivi mobili
Tag
Funzioni AWS StepAmazon VPCGateway API di AmazonAWS PrivateLink
Lingua
English
ankulka
posta 8 mesi fa1145 visualizzazioni
2 Risposte
1

Hi Ankula ,

AWS StepFunctions cannot invoke Private API's . please refer the below documentation. https://docs.aws.amazon.com/step-functions/latest/dg/connect-api-gateway.html

chinna190
con risposta 8 mesi fa
profile picture
ESPERTO
Mikel Del Tio
verificato 8 mesi fa
  • ankulka
    8 mesi fa

    We want to perform multiple operations via Internal Coral Lambda Endpoint (CLE) framework that allows us to expose multiple APIs and use single lambda.

    We can do this with separate lambda as well and handle individual step function tasks. But we choose to use CLE framework. Though we were unaware of this step function limitation of not being able to access private APIs.

1

Step Functions can't invoke directly resources within your VPC, such as Private APIs. You can invoke a Lambda function that you attach to the VPC that calls the API. Another option for you might be to bypass the API Gateway and go directly from StepFunctions to the backend Lambda (if it makes sense).

profile pictureAWS
ESPERTO
Uri
con risposta 8 mesi fa
  • ankulka
    8 mesi fa

    We want to perform multiple operations via Internal Coral Lambda Endpoint (CLE) framework that allows us to expose multiple APIs and use single lambda.

    We can do this with separate lambda as well and handle individual step function tasks. But we choose to use CLE framework. Though we were unaware of this step function limitation of not being able to access private APIs.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente