- Newest
- Most votes
- Most comments
Hi
Error 504 Indicates that the load balancer closed a connection because a request did not complete within the idle timeout period. You can increase the idle timeout following guideline on this document[1]https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html
Troubleshooting steps for API Gateway Network error communicating with endpoint
Try a curl request to your backend integration endpoint using the same parameters that you expect API Gateway to pass. Confirm that the request completes and takes less than 29 seconds, which is the API Gateway Integration timeout.
Investigate Logs:
try calling the API via the Test facility in the API Gateway console and inspect the output to get more information.
Confirm that API Gateway is calling the correct endpoint and is passing the header and body values that you expect. Also, observe any error messages from calling the integration endpoint.
Sometimes the error can be caused if the backend NLB (if used) does not have Cross-Zone Load Balancing enabled and you do not have healthy resources in all AZs selected for the NLB. So, ensure that the “cross_zone.enabled” is set to “true” on the NLB. You can find this information on the ELBV2 toollinker tool → NLB → Load Balancer properties → cross_zone.enabled
Hi,
I would like to add further troubleshooting. If increasing the idle timeout, enabling Cross-Zone Load Balancing, and opening up your security groups didn't resolve the problem, Here are some additional troubleshooting steps.
NAT Gateway or NAT Instance: As your .NET application is running in a private subnet, it might need a NAT gateway or a NAT instance to communicate with the Internet. This would explain why your application can successfully make API calls when it's in a public subnet, but not when it's in a private subnet behind the load balancer. Be sure that your private subnet's route table has a route to the NAT gateway/NAT instance so that it can send outbound traffic to the internet.
VPC Endpoint: You might consider setting up a VPC Endpoint if the third-party API you're interacting with supports it. This would provide a direct, private connection to the API service without needing to traverse the public internet.
DNS Resolution: Ensure that DNS resolution and DNS hostnames are enabled for your VPC. Some APIs may rely on DNS names rather than IP addresses.
ELB Idle Timeout: Even though it's been suggested earlier, I would like to emphasize ensuring that the load balancer's idle timeout value is long enough for your requests to complete. When using a load balancer with applications that have long-running connections, make sure that your load balancer’s idle timeout is greater than the application's keep-alive time.
Application Debugging: Lastly, it may be worth adding additional logging or debugging to your .NET application to see if it's encountering any errors when trying to make these API calls. The problem might not lie with the network configuration, but rather with how the SDK is interacting with it.
https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/using-nat-gateway-and-gwlb-with-ec2.html https://aws.amazon.com/blogs/compute/configuring-private-integrations-with-amazon-api-gateway-http-apis/
Relevant content
- Accepted Answerasked 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago