Private Apigateway HTTP API 403 forbidden

The 403 Forbidden error you're encountering with your private API Gateway HTTP API setup could be due to a few potential issues:

1. Resource Policy: Even though you haven't configured authentication on the API Gateway, it's possible that the default resource policy is restricting access. Check the resource policy of your API and ensure it allows access from your VPC endpoint.

2. VPC Endpoint Policy: Verify that the VPC endpoint for execute-api has a policy that allows access to your specific API. The policy should permit the "execute-api:Invoke" action for your API's ARN.

3. Lambda Permissions: Although your Lambda function is not in a VPC, it still needs permission to be invoked by API Gateway. Ensure that the Lambda function's resource-based policy allows API Gateway to invoke it.

4. API Gateway Configuration: Double-check that your private API is correctly associated with the VPC endpoint you've set up.

5. DNS Resolution: While you mentioned that DNS resolution is enabled, ensure that the API's DNS name is resolving correctly within your VPC. You can test this from your CodeBuild instance.

6. Lambda Function Error: If the Lambda function is failing, it might return a 403 error. Check the Lambda function logs for any errors.

7. API Gateway Stage Deployment: Ensure that your API is properly deployed to a stage and that the stage is correctly configured.

To troubleshoot:

1. Review the API Gateway logs and metrics for more detailed error information.
2. Try enabling access logging on your API to get more insights into the requests.
3. Verify that the CodeBuild instance has the necessary permissions to invoke the API.
4. Double-check all IAM roles and policies associated with your API Gateway, VPC endpoint, and Lambda function.

If none of these solve the issue, you might need to contact AWS support for further assistance, as there could be an underlying configuration issue that's not immediately apparent.
Sources
Error Invoking Private REST API from Lambda Function | AWS re:Post
Private REST APIs in API Gateway - Amazon API Gateway
Private integrations for REST APIs in API Gateway - Amazon API Gateway

Hi there thank you for you reponse

1. Resource Policy's arent a thing on apigateway v2
2. VPC Endpoint Policy has the permission *
3. Lambda Permissions. yep all good . when i allow the 'Default endpoint' on the apigateway i can access from outside and it works. its just when i call the api gateway v2 from with in the private vpc..
4. yep all set correctly
5. Dns Resolution , is https://<apiid>.execute-api.eu-west-2.amazonaws.com/test the right format for that ? (i have the $default as the stage)
6. not erro in the lambda as its not getting that far.
7. yep deployed to $default and v1 (neither of them work . tried all the trouble shooting listed already and no joy