Cannot execute private API gateway endpoint in VPC A from an application loadbalancer in VPC B although VPC Peering is done

Question

Hi, I have API gateway private in VPC A and want to invoke it from an application load balancer in VPC B. I have enabled peering and added both CIDR block to the route tables as well enabled access for the security group of the lb to access the private API in its security group. Still I am not able to execute the API. What am I doing wrong? I have a resource policy where also I have enabled botht he IP of the VPC A and B.

Answer

Hi

Please refer this link for the reference 
https://repost.aws/knowledge-center/invoke-private-api-gateway

*Check this points:*

**Security Group Rules:**

* Double-check the security groups involved. Ensure the ALB's security group in VPC B has inbound rules that allow traffic on the appropriate port (typically HTTPS - port 443) from the CIDR block of the subnets where the API Gateway endpoint resides in VPC A.
* Verify the security group for the API Gateway endpoint in VPC A has outbound rules that allow traffic on the same port (443) to the CIDR block of the subnets where the ALB resides in VPC B.

**VPC Endpoint Configuration:**

Ensure an **interface VPC endpoint** is created in VPC B for API Gateway service (directs traffic within VPC)

*Additional References: *

How to invoke a private API - Amazon API Gateway:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-api-test-invoke-url.html

Deploy an Amazon API Gateway API on an internal website using private endpoints and an Application Load Balancer:
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/deploy-an-amazon-api-gateway-api-on-an-internal-website-using-private-endpoints-and-an-application-load-balancer.html

Cannot execute private API gateway endpoint in VPC A from an application loadbalancer in VPC B although VPC Peering is done

관련 콘텐츠