Integration of Private APIs with AWS Step function Tasks

Question

We have Private APIs with API-G endpoints backed by a Lamba within a VPC and Subnet.

We also have a step function that relies on these API endpoints

What policies should we add to allow step function invoke Private APIs  ? This is the error I see during step function executions -

```
{
  "resourceType": "apigateway",
  "resource": "invoke",
  "error": "ApiGateway.UnknownHostException",
  "cause": "[API-G].execute-api.us-west-2.amazonaws.com: Name or service not known"
}
```

VPC already has 443 inbound rule added to its security group. Do we need to create VPC Private link between step function and VPC ?

The integration works fine for regional public APIs. But as soon as we convert these to private, the integration fails with above error.

Note that, I am still able to invoke the APIs from the API-G console and step function execution role has permissions to invoke the APIs.

Answer

Step Functions can't invoke directly resources within your VPC, such as Private APIs. You can invoke a Lambda function that you attach to the VPC that calls the API. Another option for you might be to bypass the API Gateway and go directly from StepFunctions to the backend Lambda (if it makes sense).

Answer

Hi Ankula ,

AWS StepFunctions cannot invoke Private API's . please refer the below documentation.
https://docs.aws.amazon.com/step-functions/latest/dg/connect-api-gateway.html

Integration of Private APIs with AWS Step function Tasks

관련 콘텐츠