- 最新
- 最多得票
- 最多評論
Hello,
From the architecture shared, the API deployed in Account A is a HTTP API, hence when calling this from Postman, the URL must be:
https://{api-id}.execute-api.{region}.amazonaws.com/{stage}
You should not provide the VPC endpoint ID/VPC ID in this URL because the HTTP API is a public api which has public-facing endpoint and it doesn't reside in any VPC. The private APIs present in Account B,C receives the requests through the VPC endpoint setup in Account A.
The Private API present in Account B,C must have resource policy allowing the requests from VPC endpoint of account A. You can refer the sample Resource Policy below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "execute-api:/*/*/*",
"Condition": {
"StringNotEquals": {
"aws:sourceVpce": "vpce-1a2b3c456d7e89012" <--- VPC Endpoint ID
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "execute-api:/*/*/*"
}
]
}
For more examples, you can refer the document [1].
Also since you are receiving "Internal Server Error"[2], please also check the Lambda functions which are integrated with Private APIs if they are executing successfully or not. You can check the CloudWatch logs for the Lambda functions. Also enable " Full requests and response logs" CloudWatch logging on both Private APIs to see the additional information on each request, response API is receiving.
References:
[1] API Gateway resource policy examples - https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-examples.html#apigateway-resource-policies-source-vpc-example
[2] https://repost.aws/knowledge-center/api-gateway-internal-server-error
相關內容
- 已提問 2 年前
- AWS 官方已更新 20 天前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 個月前