AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約
AWS re:Postre:Post

Integration of Private APIs with AWS Step function Tasks

0

We have Private APIs with API-G endpoints backed by a Lamba within a VPC and Subnet.

We also have a step function that relies on these API endpoints

What policies should we add to allow step function invoke Private APIs ? This is the error I see during step function executions -

{
  "resourceType": "apigateway",
  "resource": "invoke",
  "error": "ApiGateway.UnknownHostException",
  "cause": "[API-G].execute-api.us-west-2.amazonaws.com: Name or service not known"
}

VPC already has 443 inbound rule added to its security group. Do we need to create VPC Private link between step function and VPC ?

The integration works fine for regional public APIs. But as soon as we convert these to private, the integration fails with above error.

Note that, I am still able to invoke the APIs from the API-G console and step function execution role has permissions to invoke the APIs.

トピック
サーバーレスアプリケーション統合ネットワークとコンテンツ配信フロントエンド Web & モバイル
タグ
AWS Step FunctionsAmazon VPCAmazon API GatewayAWS PrivateLink
言語
English
ankulka
質問済み 8ヶ月前1145ビュー
2回答
1

Hi Ankula ,

AWS StepFunctions cannot invoke Private API's . please refer the below documentation. https://docs.aws.amazon.com/step-functions/latest/dg/connect-api-gateway.html

chinna190
回答済み 8ヶ月前
profile picture
エキスパート
Mikel Del Tio
レビュー済み 8ヶ月前
  • ankulka
    8ヶ月前

    We want to perform multiple operations via Internal Coral Lambda Endpoint (CLE) framework that allows us to expose multiple APIs and use single lambda.

    We can do this with separate lambda as well and handle individual step function tasks. But we choose to use CLE framework. Though we were unaware of this step function limitation of not being able to access private APIs.

1

Step Functions can't invoke directly resources within your VPC, such as Private APIs. You can invoke a Lambda function that you attach to the VPC that calls the API. Another option for you might be to bypass the API Gateway and go directly from StepFunctions to the backend Lambda (if it makes sense).

profile pictureAWS
エキスパート
Uri
回答済み 8ヶ月前
  • ankulka
    8ヶ月前

    We want to perform multiple operations via Internal Coral Lambda Endpoint (CLE) framework that allows us to expose multiple APIs and use single lambda.

    We can do this with separate lambda as well and handle individual step function tasks. But we choose to use CLE framework. Though we were unaware of this step function limitation of not being able to access private APIs.

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ