Questions tagged with Amazon API Gateway

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Webhook data missing from cloudwatch logs and API Gateway

I'm having an issue with receiving 100% of the webhook notifications sent from Authorize.net. Currently, our infrastructure is in AWS and includes API Gateway and a Lambda function. We set up our webhooks to listen to "authCapture" events and have those notifications being sent to our API endpoint from API Gateway. When we receive the webhook notification, the lambda function is triggered and returns a response. While doing an assessment comparing the data from Authorize.net and data received and processed in AWS, there are some discrepancies. Some requests are just completely missing seeming like we didn't receive the webhook event for it at all. We use cloudwatch to log all received requests that come through our lambda, and this is how we noticed that some are completely missing. Using cloudwatch metrics, i've verified that there are no throttling errors. I've also increased the memory of the lambda function from 128MB to 512MB and have AWS X-RAY for the api gateway which shows that all received requests (100%) are in the OK status and a response gets returned on average in 3 seconds. I've also tried Lambda function URLs, but seeing pretty much the same data come through that we receive with API Gateway, so I don't think it's a time out issue. Authorize.net claims that they have successfully sent the webhook notification and received a 200 response from our server, but i'm not sure how that's the case if it seems like we haven't received the notification at all since they're missing from our logs. I'm wondering if anyone knows why this could be happening? Is this likely an API Gateway issue? or Lambda issue?
0
answers
0
votes
27
views
asked 3 months ago
0
answers
0
votes
42
views
asked 3 months ago

Static domain for API Gateway connected to ELB and ECS with Apollo Client

## Prerequisites Currently we have deployed API Gateway that is connected to ECS instance with Elastic Load Balancer. API Gateway is functioning correctly and we can invoke the instance with the generated invoke URL: Note: ECS instance is running Apollo Client for Graph QL access, so we access the client using ``` {invoke_url}/graphql ``` and this works as expected. ![Enter image description here](/media/postImages/original/IM6u1TLNmrSF-BQphWxNyMsQ) *** ## Setting up the custom domain: We follow the instructions provided in https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html **Step-by-step** 1. We have already purchased a domain which we use for our services + SSL certificate. 2. We want to use subdomain.domain.com to direct to the API Gateway 3. We go to the API Gateway and setup a custom domain: ![Enter image description here](/media/postImages/original/IMXlJTri-USeOXsQ0AQYrLfA) 4. Next, we create an A Record alias that points to the generated API Gateway domain name that was created in the step 3. ![Enter image description here](/media/postImages/original/IMbHYRx4ujS_qiwsFELGr9Zw) 5. We setup the API Mapping to point to the existing API Gateway API: ![Enter image description here](/media/postImages/original/IM7WYW6pkQS5yca00hs-KlEg) All done? This is where we get stuck. According to the documentation, this should be enough but what we receive from the **API Gateway domain generated in step 3** ![Enter image description here](/media/postImages/original/IMJOBwVz4GRwCp36D0bixd9A) **subdomain.domain.com which was set in Route53 to point to the API Gateway** ![Enter image description here](/media/postImages/original/IMxhO1TxqLRNuQsvytlH5ZEQ) *** # The question In order to achieve the desired result of being able to access the API Gateway using custom domain: What did we do wrong and what to do to get it working? Can provide extra information if needed.
0
answers
0
votes
25
views
asked 3 months ago

API Gateway with mTLS request billing

We want to start using **public API Gateway** endpoints with AWS Lambda integration **secured with mTLS** [https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/] but it is not clear for us from the documentation whether rejected requests are billed or not, we analyze this situations: * **missing client certificate** - unauthorized access from anybody, bots etc. - request fails with `OpenSSL SSL_connect: Connection reset by peer` or something similar - missing information about this requests in any statistics on API Gateway dashboard * **invalid client certificate** - certificate from wrong Certificate Authority - API GW will respond with a *403 Forbidden* + response header `x-amzn-errortype: ForbiddenException`. These requests are visible under API Calls and 4xx error dashboard status, without lambda invocation * **expired client certificate** (but valid CA) - also *403 Forbidden* + response header `x-amzn-errortype: ForbiddenException`. These requests are visible under API Calls and 4xx error dashboard status, without lambda invocation * **valid client certificate** (common application state) - application will respond, lambda invoked, billed We assume that only a random request without client certificate is not charged, is that right? This information would help us to make a decision about this solution for security and potential costs. We don't consider using WAF yet, only if it will be necessary by our analysis. Thanks for any clarification
1
answers
0
votes
85
views
asked 3 months ago