By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Integration of Private APIs with AWS Step function Tasks

0

We have Private APIs with API-G endpoints backed by a Lamba within a VPC and Subnet.

We also have a step function that relies on these API endpoints

What policies should we add to allow step function invoke Private APIs ? This is the error I see during step function executions -

{
  "resourceType": "apigateway",
  "resource": "invoke",
  "error": "ApiGateway.UnknownHostException",
  "cause": "[API-G].execute-api.us-west-2.amazonaws.com: Name or service not known"
}

VPC already has 443 inbound rule added to its security group. Do we need to create VPC Private link between step function and VPC ?

The integration works fine for regional public APIs. But as soon as we convert these to private, the integration fails with above error.

Note that, I am still able to invoke the APIs from the API-G console and step function execution role has permissions to invoke the APIs.

Topics
ServerlessApplication IntegrationNetworking & Content DeliveryFront-End Web & Mobile
Tags
AWS Step FunctionsAmazon VPCAmazon API GatewayAWS PrivateLink
Language
English
ankulka
asked 8 months ago1064 views
2 Answers
1

Hi Ankula ,

AWS StepFunctions cannot invoke Private API's . please refer the below documentation. https://docs.aws.amazon.com/step-functions/latest/dg/connect-api-gateway.html

chinna190
answered 8 months ago
profile picture
EXPERT
Mikel Del Tio
reviewed 8 months ago
  • ankulka
    8 months ago

    We want to perform multiple operations via Internal Coral Lambda Endpoint (CLE) framework that allows us to expose multiple APIs and use single lambda.

    We can do this with separate lambda as well and handle individual step function tasks. But we choose to use CLE framework. Though we were unaware of this step function limitation of not being able to access private APIs.

1

Step Functions can't invoke directly resources within your VPC, such as Private APIs. You can invoke a Lambda function that you attach to the VPC that calls the API. Another option for you might be to bypass the API Gateway and go directly from StepFunctions to the backend Lambda (if it makes sense).

profile pictureAWS
EXPERT
Uri
answered 8 months ago
  • ankulka
    8 months ago

    We want to perform multiple operations via Internal Coral Lambda Endpoint (CLE) framework that allows us to expose multiple APIs and use single lambda.

    We can do this with separate lambda as well and handle individual step function tasks. But we choose to use CLE framework. Though we were unaware of this step function limitation of not being able to access private APIs.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content