By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Security group for VPC Link / ApiGatewayV2 is not working

0

Hey there, I have set up a security group for my VPC link (AWS::ApiGatewayV2::VpcLink) on my API GATEWAY HTTP API V2 (AWS::ApiGatewayV2::Api). Even if I remove all the inbound rules I'm able to reach the server from the internet. Any ideas?

  • donkee
    a year ago

    Did you ever figure this out?

Topics
Networking & Content DeliveryServerlessFront-End Web & MobileContainersAWS Well-Architected Framework
Tags
Amazon VPCAmazon API GatewayAWS FargateSecuritySecurity Group
Language
English
agustin
asked a year ago254 views
1 Answer
0

HTTP VPC Link is an integral part of API Gateway and it is better understood as being part of the same logical entity. What this effectively means is that API gateway does not actually send traffic to the VPC Link, it rather uses the VPC Link to send traffic to the Elastic Load Balancer.

Therefore, the Inbound Rules in the Security Groups attached to an HTTP VPC Link simply do not apply: all traffic to the VPC Link from API Gateway is always allowed because the VPC Link is not a foreign entity, it is internal to API Gateway. On the other hand, Outbound Rules do apply because the traffic is sent outbound to a foreign entity (an ELB).

AWS
SUPPORT ENGINEER
AgawAbhi
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content