I'm trying to set up an API Gateway as a simple proxy, using the Proxy option. The back-end is a endpoint hosted by an Cloudfront as reverse proxy for ALB + application running on EC2.
User -> Cloudfront -> API Gateway Proxy Integration -> CLoudFront -> ALB -> Internal APIs hosted by EC2s.
Cloudfront and API gw proxy located is in AWS account A and CloudFront + ALB + EC2 is located in account B.
When I use API gateway console to test method, request hits the targeted internal api without any problem.
Test execution log:
Execution log for request 849015fb-12c9-4619-bc96-363ecb6e9e94
Fri Nov 18 17:33:08 UTC 2022 : Starting execution for request: 849015fb-12c9-4619-bc96-363ecb6e9e94
Fri Nov 18 17:33:08 UTC 2022 : HTTP Method: POST, Resource Path: /api/v2/test/apply
Fri Nov 18 17:33:08 UTC 2022 : Method request path: {}
Fri Nov 18 17:33:08 UTC 2022 : Method request query string: {}
Fri Nov 18 17:33:08 UTC 2022 : Method request headers: {}
Fri Nov 18 17:33:08 UTC 2022 : Method request body before transformations:
Fri Nov 18 17:33:08 UTC 2022 : Endpoint request URI: https://example.com/ext/v2/test/apply
Fri Nov 18 17:33:08 UTC 2022 : Endpoint request headers: {x-amzn-apigateway-api-id=u041f78dig, User-Agent=AmazonAPIGateway_u041f78dig, X-Custom-Header=xxx}
Fri Nov 18 17:33:08 UTC 2022 : Endpoint request body after transformations:
Fri Nov 18 17:33:08 UTC 2022 : Sending request to https://example.com/ext/v2/test/apply
Fri Nov 18 17:33:08 UTC 2022 : Received response. Status: 400, Integration latency: 55 ms
Fri Nov 18 17:33:08 UTC 2022 : Endpoint response headers: {Content-Length=0, Connection=keep-alive, Date=Fri, 18 Nov 2022 17:33:08 GMT, Server=nginx, X-Custom-Header=4100adeb, X-Cache=Error from cloudfront, Via=1.1 c022ca80d7b946eb138dfd2e55c98980.cloudfront.net (CloudFront), X-Amz-Cf-Pop=IAD12-P4, X-Amz-Cf-Id=xxx}
Fri Nov 18 17:33:08 UTC 2022 : Endpoint response body before transformations:
Fri Nov 18 17:33:08 UTC 2022 : Method response body after transformations:
Fri Nov 18 17:33:08 UTC 2022 : Method response headers: {Content-Length=0, Connection=keep-alive, Date=Fri, 18 Nov 2022 17:33:08 GMT, Server=nginx, X-Custom-Header=4100adeb, X-Cache=Error from cloudfront, Via=1.1 c022ca80d7b946eb138dfd2e55c98980.cloudfront.net (CloudFront), X-Amz-Cf-Pop=IAD12-P4, X-Amz-Cf-Id=xxx}
Fri Nov 18 17:33:08 UTC 2022 : Successfully completed execution
Fri Nov 18 17:33:08 UTC 2022 : Method completed with status: 400
You can count 400 as success, because it returned from internal api running on EC2.
When I'm trying to invoke cloudfront-account-a.com/api/v2/test/apply I'm getting 403 error from CF with the following headers:
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 915
content-type: text/html
date: Fri, 18 Nov 2022 17:11:43 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000
via: 1.1 a27022837959b6f70545c8d6d0de9d04.cloudfront.net (CloudFront), 1.1 f0f1092b2ad1f0e573a4fcbefe4fb620.cloudfront.net (CloudFront), 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
x-amz-apigw-id: xxx
x-amz-cf-id: xxx
x-amz-cf-pop: IAD12-P4
x-amz-cf-pop: IAD79-C1
x-amz-cf-pop: IAD89-C1
x-amzn-remapped-connection: keep-alive
x-amzn-remapped-content-length: 915
x-amzn-remapped-date: Fri, 18 Nov 2022 17:11:43 GMT
x-amzn-remapped-server: CloudFront
x-amzn-requestid: 4d928828-e650-492f-b165-0654c97acab5
x-cache: Error from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
What I'm doing wrong? Is it even possible to proxy request in the way I'm trying to do?