By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Api Gateway returning 500 can't find anything in logs

0

I have an Api Gateway setup poitning to Fargate using Service Connect and a VPC link.

I can hit the Api Gateway Uri but I'm getting a 500 returned. CloudWatch only records that a 500 happened but no details.

I've been fighting with getting this working for 2 days now and any help would be greatly appreciated.

    "requestId": "abc",
    "ip": "x.x.x.x",
    "requestTime": "22/Feb/2024:13:53:28 +0000",
    "httpMethod": "POST",
    "routeKey": "$default",
    "status": "500",
    "protocol": "HTTP/1.1",
    "responseLength": "35"
}```
Topics
Networking & Content DeliveryServerlessFront-End Web & MobileContainers
Tags
Amazon VPCAmazon API GatewayAWS FargateECS Service Discovery
Language
English
rePost-User-7223964
asked 2 months ago120 views
2 Answers
1

Start by checking the logs of your Fargate service. The error may be occurring within your application code or the container itself. If there's an unhandled exception or error, it should be logged there. Also If your Fargate service cannot send a response back to the API Gateway due to outbound traffic restrictions imposed by its security group, it might result in a 500 error.

profile picture
EXPERT
Osvaldo Marte
answered 2 months ago
  • rePost-User-7223964
    2 months ago

    The logs show the service is not throwing errors and returning 200's for the health checks. I get the feeling it's a security issue but I'm still new and checked every place I could. Not sure exactly what I'm looking for I think

  • Osvaldo Marte EXPERT
    2 months ago

    I've been reviewing the details you provided regarding the setup of your API Gateway and Fargate ECS service, and I want to ensure that I understand the architecture correctly before offering any potential solutions to the issues you're encountering.

    Based on the information you shared, here's my understanding of the setup:

    • API Gateway Configuration:
      • The API Gateway is deployed within a private VPC, ensuring security and isolation.
      • A VPC Link for API Gateway has been established within this private VPC to facilitate secure communication.
    • Fargate ECS Service Configuration:
      • Your Fargate ECS service operates within a separate VPC, likely with internet access.
      • Routing within this VPC directs traffic intended for the API Gateway through the VPC Link created in the API Gateway.

    The problem may lie within the configuration of the VPC Link. Since VPC Links are immutable, you will need to create a new VPC Link. Ensure that it is correctly set up by selecting the VPC where your Fargate services are located, as well as the subnets and security groups associated with your ECS services. After creating the new VPC Link, verify its availability for use.

  • Osvaldo Marte EXPERT
    2 months ago

    For further reading, you might find this insightful article useful: "Exploring API Gateway and Application Load Balancers" available at https://repost.aws/knowledge-center/api-gateway-application-load-balancers.

  • rePost-User-7223964
    2 months ago

    I'm not sure but I believe it's the opposite.

    Api Gateway is exposed to the internet (outside of VPC?) Api Gateway uses VPC Link to access resources inside of VPC (I have all incoming and outgoing traffic allowed here) Api Gateway uses Cloudmap to map to the ESC service ECS Service uses Service Connect to keep CloudMap updated

    Everything in the VPC can stay secured from outside world and only accessible via the API Gateway. There are tutorials on how to set this up without including a load balancer.

    No matter what I change I just get 500 responses from the API Gateway and none of the requests appear to be getting to my ECS service.

  • Osvaldo Marte EXPERT
    2 months ago

    The API Gateway is encountering a 500 error when attempting the POST HTTP method. It appears that there might be an issue with an undefined HTTP method for POST. Could you please investigate this further and troubleshoot the problem within your API Gateway?

0

Could you please ensure that the security groups associated with your Fargate service allow inbound traffic from the API Gateway.Verify that the subnets associated with your Fargate service are reachable from the API Gateway. If the Fargate service is in a private subnet, ensure that there's proper routing and that the VPC link is correctly configured. Inspect Request Payload and Headers. Also Check if the request payload and headers sent by the API Gateway match the expected format and content that your Fargate service is expecting. Any mismatches could cause errors in processing the request. Use tools like Postman or curl to send requests directly to your Fargate service and compare the results with those from API Gateway.

profile picture
EXPERT
Adeleke Adebowale J
answered 2 months ago
  • rePost-User-7223964
    2 months ago

    Using POSTman I get the 500 response.

    Verify that the subnets associated with your Fargate service are reachable from the API Gateway

    I'm not sure how to do this.

    ensure that there's proper routing and that the VPC link is correctly configured

    I believe this is correct. I have the default security policy and one to allow all inbound traffic and have it attached to 5 of my 6 subnets. One of them error'd when trying to add it.

    My Fargate service, under Networking is using the default security group but even when I allow all inbound traffic it still throws a 500.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content