HTTPAPI ALB integration over VPCLink to TargetGroup return 500 error

0

Hi, Here is my configuration

mydomain.com -> API GW Custom Domain -> HTTPAPI -> Route (/api/{+proxy}) -> VPCLink -> ALB -> HTTPS Listener -> TargetGroup (Type: Instance) -> ECS Fargate Service

HTTPAPI integration has the following parameter mapping: path -> overwrite -> /$request.path.proxy (I want to get rid of "api" part in the url)

when I make below request I got 500 errors https://mydomain.com/api/otherPath

I have enabled access logs on HTTPAPI but they show very limited information. ALB logs are sent to S3 bucket so it is almost impossible to track request. As far I see requests are not hitting the Fargate Service but I am not sure.

Sample access log from API GW HTTP API:

{
    "requestId": "some_req_id=",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
    "sourceIp": "176.232.**.**",
    "requestTime": "01/Nov/2022:09:25:37 +0000",
    "requestTimeEpoch": "1667294737",
    "httpMethod": "GET",
    "path": "/otherPath",
    "status": "500",
    "protocol": "HTTP/1.1",
    "responseLength": "35",
    "domainName": "mydomain.com",
    "error_Message": "Internal Server Error",
    "integrationErrorMessage": "-",
    "integration_Error": "-",
    "integrationStatus": "200",
    "integration_Status": "-",
    "integration_IntegrationStatus": "200",
    "integrationLatency": "5"
}

What am I missing? Why is it sooooo hard to find what is causing the error? I think configuration is fine but somehow it is really hard to make it work. Unbelievable!

1 Answer
0
Accepted Answer

The problem is caused by secureServerName parameter of the integration. We want to create a secure connection between the API Gateway and ALB. Providing secureServerName makes that connection secure but since API Gateway qualifies this secureServerName with the integration's (ALB) certificate it fails. So secureServerName has to be the same with the hostname defined in the ALB's certificate.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions