Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Socket connection Cloudfront / ApiGateway

0

Hi,

I'm using API Gateway with CloudFront. Since I configured my WebSocket domain "chat.blabla.com" under API Gateway, I can't establish the WebSocket connection anymore. The connection keeps retrying every second and returns a 200 status.

I set the API Gateway as the origin in my CloudFront distribution and configured the behavior with HTTPS and header policy as described here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-working-with.websockets.html

Does anyone have any idea why I'm facing this issue?

Thanks for your help.

Topics
ServerlessFront-End Web & MobileComputeNetworking & Content Delivery
Tags
Amazon CloudFrontAmazon EC2Amazon API GatewayAmazon Route 53Networking & Content Delivery
Language
English
asked a year ago1K views
1 Answer
0

Hi Alex,

Please try this solution it will be helpful for you & resolved.

your CloudFront distribution is configured correctly. Verify that the origin domain name matches your API Gateway WebSocket endpoint. In CloudFront's behavior settings, make sure to allow necessary HTTP methods like GET and POST and include headers such as Upgrade and Connection to support WebSocket handshake and communication.

Next step in API Gateway, confirm that your WebSocket API is properly configured with the correct route selection expression and integration setup pointing to your backend services. Deploy the API Gateway stage associated with your WebSocket API to the appropriate environment, such as prod or dev.

Check the security groups linked to your API Gateway to the permit inbound traffic on port 443 HTTPS or the designated WebSocket port. Additionally review your VPC settings to guarantee unrestricted traffic flow between CloudFront and API Gateway.

Verify that your DNS records for your Domain name correctly point to your CloudFront distribution's domain name. Ensure that the SSL/TLS certificate used in CloudFront is valid and matches your domain to maintain secure connections.

Please look at AWS Document Link you will get more information.

https://repost.aws/knowledge-center/api-gateway-cloudfront-distribution

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api.html

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-control-access.html

EXPERT
answered a year ago
  • Alex
    a year ago

    I noticed i'm using Rest API for my chat/websocket domain... Can i do it lke that ?

    Or I should create Websocket API ? even with this kind of api, i can't connect. I'm getting 403 forbidden .. I'm totally lost !

    I just need to use ApiGateway to call my own domain socket under NLB internal

    Any advises ? thanks

  • Parthasaradi Challa EXPERT
    a year ago

    Hello Alex,

    you need to create a WebSocket API instead of a REST API, as REST APIs cannot handle WebSocket connections. In the AWS Management Console, go to API Gateway and create a WebSocket API. Define routes like connect, disconnect, and default and integrate these with your backend using a VPC link to your internal Network Load Balancer (NLB). Ensure your NLB is properly configured and that security groups allow traffic from the API Gateway. Update your DNS settings to point your custom domain to the API Gateway endpoint. Check IAM roles to ensure API Gateway has the necessary permissions. Test the setup using WebSocket clients like wscat and review CloudWatch logs for any issues, especially if you encounter 403 Forbidden errors.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content