MWAA Environment is available but not able to connect open AirflowUI

Based on the information you've provided, it appears you're experiencing an SSL protocol error when trying to access the Apache Airflow UI in your Amazon Managed Workflows for Apache Airflow (MWAA) environment. This issue is likely related to the network configuration of your MWAA environment. Here are some steps to troubleshoot and potentially resolve the issue:

1. Check your network access mode: The URL you provided (ending with -vpce.c45.us-east-1.airflow.amazonaws.com) suggests that your environment is using private network access mode. This means the Airflow UI is only accessible from within the VPC or through a mechanism like a VPN or AWS Client VPN.

2. Verify your network connectivity: Ensure that you're accessing the Airflow UI from within the VPC or through a properly configured VPN connection. If you're not within the VPC, you won't be able to access the UI directly.

3. Check your DNS settings: Run a dig command to ensure that the Airflow UI's domain name is resolving correctly within your network.

4. Test connectivity: Use telnet or curl to test your connectivity to the Airflow UI endpoint from within your Amazon VPC.

5. Review security groups and network ACLs: Make sure your security groups and network ACLs allow traffic on ports 443 and 5432. If you're using an Application Load Balancer, check its security group settings as well.

6. Verify execution role permissions: Review your execution role policy to ensure it includes the necessary permissions, particularly the "airflow:CreateWebLoginToken" permission.

7. Consider changing to public network mode: If feasible for your use case, you could update the Apache Airflow access mode to the public network access mode. This would make the UI accessible over the internet, but ensure you have proper security measures in place if you choose this option.

8. Use the MWAA CLI: As an alternative, you can use the AWS CLI to generate a web login token and access the UI. Use the following command: aws mwaa create-web-login-token --name YOUR_ENVIRONMENT_NAME

If these steps don't resolve the issue, you may need to run the Amazon MWAA verify script from AWS support tools to check your environment's health more thoroughly. If problems persist, consider reaching out to AWS support for further assistance.

Remember, when dealing with SSL/TLS errors, it's crucial to ensure that your client (browser or system) trusts the certificate being presented by the server. In some cases, you might need to update your system's trusted root certificates or use a different browser.

Sources
Troubleshoot Apache Airflow UI access issues in MWAA | AWS re:Post
Troubleshooting: Creating and updating an Amazon MWAA environment - Amazon Managed Workflows for Apache Airflow

I checked my SG and other setup and it looks good to me. I need additional AWS support.