By using AWS re:Post, you agree to the Terms of Use

Amazon API Gateway Proxy - VPC Endpoint - NLB - Private DNS - Self-signed SSL


I'm trying to set up an API Gateway as a simple proxy, using the Proxy option. The back-end is a REST API endpoint hosted by an NLB with a self-signed SSL certificated generated by ACM.

API Gateway -> Proxy Integration -> VPC Endpoint -> (HTTPS) NLB -> Internal APIs hosted by EC2s.

SSL certificate was created by ACM using Private CA with self-signed Certificate, with common name as: api.example.local (intended to be local and private DNS).

Route 53 has a Private Hosted Zone record:

example.local with an ALIAS Record: api.example.local -> NLB URL

When I create the API Gateway Proxy Configuration:

Integration Type: VPC_PROXY
Use Proxy Integration = enabled (checked)
VPC endpoint = selected the NLB VPC endpoint
Endpoint URL: WHEN PUT IN: https://api.example.local/{proxy}

It gives error: Invalid HTTP endpoint specified for URI

Looks like the API Gateway is NOT able to resolve the R53 Private DNS name (api.example.local).

Is this expected? What is the right way to setup a Private NLB SSL Certs and a Private DNS name for the NLB for API gateway to passthrough? Is it possible or the NLB has to have a Public DNS name to work?

1 Answer
Accepted Answer

You don't mention you're using VPC Link for API Gateway HTTP APIs, or API Gateway REST APIs (it's not essential to know but it would narrow down the responses somewhat).

But for both of those you don't need to resolve the NLB DNS name - you configure API Gateway to point directly to the NLB you have already configured. For REST APIs you create a VPC Link per NLB; for HTTP APIs you create a VPC Link per VPC and then in each integration you select the appropriate NLB.

I'm not sure if this is the question you're asking - I would test this first without private certificates (to see if the private certificates are the problem or there is another issue) and then once you have it working, add additional layers.

profile picture
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions