By using AWS re:Post, you agree to the Terms of Use

Unexpected URI while testing API gateway to NLB

0

I have a Private Link setup that points at an NLB that further has routes setup to an EC2 instance that provides my HTTP end point. I am trying to setup an API gateway to use the private link. I tried setting this up as proxy. This allows me to test an endpoint without authorization, and provide both path and query parameters. This is the log of the output I am seeing.

Execution log for request e114f111-f6b5-413d-9592-ec1ecb72d848
Mon Mar 07 19:38:02 UTC 2022 : Starting execution for request: e114f111-f6b5-413d-9592-ec1ecb72d848
Mon Mar 07 19:38:02 UTC 2022 : HTTP Method: GET, Resource Path: /api/falcfunnelsession/getInvestorResponse
Mon Mar 07 19:38:02 UTC 2022 : Method request path: {proxy=api/falcfunnelsession/getInvestorResponse}
Mon Mar 07 19:38:02 UTC 2022 : Method request query string: {sessionUUID=7a0e0113-05ab-4382-bed8-f91e9bc3ef3c}
Mon Mar 07 19:38:02 UTC 2022 : Method request headers: {}
Mon Mar 07 19:38:02 UTC 2022 : Method request body before transformations: 
Mon Mar 07 19:38:02 UTC 2022 : Endpoint request URI: https://funnel-backend-103-nlb-bc34d52397cf6529.elb.us-east-2.amazonaws.com?sessionUUID=7a0e0113-05ab-4382-bed8-f91e9bc3ef3c
Mon Mar 07 19:38:02 UTC 2022 : Endpoint request headers: {x-amzn-apigateway-api-id=8v1qbgdlb8, User-Agent=AmazonAPIGateway_8v1qbgdlb8, Host=funnel-backend-103-nlb-bc34d52397cf6529.elb.us-east-2.amazonaws.com}
Mon Mar 07 19:38:02 UTC 2022 : Endpoint request body after transformations: 
Mon Mar 07 19:38:02 UTC 2022 : Sending request to https://funnel-backend-103-nlb-bc34d52397cf6529.elb.us-east-2.amazonaws.com?sessionUUID=7a0e0113-05ab-4382-bed8-f91e9bc3ef3c
Mon Mar 07 19:38:07 UTC 2022 : Execution failed due to configuration error: There was an internal error while executing your request
Mon Mar 07 19:38:07 UTC 2022 : Method completed with status: 500

The following path and query are as expected

Mon Mar 07 19:38:02 UTC 2022 : HTTP Method: GET, Resource Path: /api/falcfunnelsession/getInvestorResponse
Mon Mar 07 19:38:02 UTC 2022 : Method request path: {proxy=api/falcfunnelsession/getInvestorResponse}
Mon Mar 07 19:38:02 UTC 2022 : Method request query string: {sessionUUID=7a0e0113-05ab-4382-bed8-f91e9bc3ef3c}

However the URI request seems to leave out the path.

Mon Mar 07 19:38:02 UTC 2022 : Endpoint request URI: https://funnel-backend-103-nlb-bc34d52397cf6529.elb.us-east-2.amazonaws.com?sessionUUID=7a0e0113-05ab-4382-bed8-f91e9bc3ef3c

Wondering is there is something I am doing wrong here. thanks!

2 Answers
0

I'm having a little trouble following where each of the log snippets is coming from.

Something to check: If you're calling API Gateway and then it is calling the PrivateLink endpoint, check to see that you've configured API Gateway to send the URI request through to PrivateLink. By the looks of it the query parameters are being sent (because sessionUUID is present but perhaps the URI request string isn't?

Also: Why go API Gateway -> PrivateLink -> NLB; why not just connect then directly API Gateway -> NLB as per the documentation?

EXPERT
answered 5 months ago
  • Thanks for responding. I was going by what i saw in the documentation. this the last line of the link you posted. "After the Network Load Balancer is created, note its ARN. You will need it to create a VPC link in API Gateway for integrating the API with the VPC resources behind the Network Load Balancer." I can't figure out how to post the screenshot here. But the log snippet is the result of the "Test" stub that API gateway provides so you can test without authorization on the aws console

  • I would troubleshoot this by setting up an EC2 instance in the VPC where your HTTP endpoint is; making sure that it can connect to the NLB (that API Gateway will use) and therefore onto the endpoint. If that works, then API Gateway should work too.

0

When you integrate with a backend in a VPC you need to use a VPC Link to talk to an NLB in the VPC, as described in the tutorial. As you need to define an integration for each API endpoint, you could use the same VPC link for all of them and in each such integration you can define a different path. If you use {Proxy+} integration, which maps all the subset of the paths where it is configured to the same backend, it will be up to the backend to decide what to do based on the path which will be included in the JSON payload.

EXPERT
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions