By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to test an HTTP API with Private Integration

0

Enter image description here

Using this architecture I have set up my http api in account a. I added an integration with a vpc link using cloud map to be able to invoke a vpc endpoint in account a. I have setup a private api in account b. I am confused on how I can test this in postman. I am unsure if I only need to change the resource policy in the private api to allow the vpc endpoint in the other account to call it. I am also confused how to call this HTTP that is deployed. Do I need to mention the vpc when calling the http request in postman?

Currently, I am getting a : { "message": "Internal Server Error" } when trying to call the http api with the body included

Topics
Networking & Content DeliveryServerlessFront-End Web & Mobile
Tags
Amazon VPCAmazon API GatewayAWS Cloud Map
Language
English
jpiscani
asked 14 days ago148 views
1 Answer
0

Hello,

From the architecture shared, the API deployed in Account A is a HTTP API, hence when calling this from Postman, the URL must be:

https://{api-id}.execute-api.{region}.amazonaws.com/{stage}

You should not provide the VPC endpoint ID/VPC ID in this URL because the HTTP API is a public api which has public-facing endpoint and it doesn't reside in any VPC. The private APIs present in Account B,C receives the requests through the VPC endpoint setup in Account A.

The Private API present in Account B,C must have resource policy allowing the requests from VPC endpoint of account A. You can refer the sample Resource Policy below:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Principal": "*",
      "Action": "execute-api:Invoke",
      "Resource": "execute-api:/*/*/*",
      "Condition": {
        "StringNotEquals": {
          "aws:sourceVpce": "vpce-1a2b3c456d7e89012" <--- VPC Endpoint ID
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "execute-api:Invoke",
      "Resource": "execute-api:/*/*/*"
    }
  ]
}

For more examples, you can refer the document [1].

Also since you are receiving "Internal Server Error"[2], please also check the Lambda functions which are integrated with Private APIs if they are executing successfully or not. You can check the CloudWatch logs for the Lambda functions. Also enable " Full requests and response logs" CloudWatch logging on both Private APIs to see the additional information on each request, response API is receiving.

References:

[1] API Gateway resource policy examples - https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-examples.html#apigateway-resource-policies-source-vpc-example

[2] https://repost.aws/knowledge-center/api-gateway-internal-server-error

AWS
rePost-User-7792127
answered 13 days ago
profile picture
EXPERT
Giovanni Lauria
reviewed 13 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content