How to avoid the configuration error while using AWS API Gateway with VPC Link?

Question

I have created the VPC Link using the Network Load Balancer (NLB) as per the AWS documentation and attached the same with the API Gateway resource / method. But it throws "Internal Server Error" when accessing the "Invoke URL" and displays this error while testing: "Execution failed due to configuration error: There was an internal error while executing your request".

Procedure I followed:

1) Created Network Load Balancer :

Load Balancer Scheme: Internal
Load Balancer Protocol / port : TCP / 80
Availability Zone : Created VPC with CIDR "10.0.0.0/16" and public subnet with CIDR "1XX.XX.0.0/16".
Target Group : Protocol / Port / Target Type - TCP / 80 / Instance
No Target Registration.
Launched NLB.

2) Created VPC Link in API Gateway using the newly created NLB.

3) Created new API :

Method : Get
Integration Type : VPC Link
Use Proxy Integration : True
VPC Link : ${stageVariables.vpcLinkId}
Endpoint URL : "My ec2 instance URL with port" (Ex: http://ec2-XX-XXX-XXX-XXX.compute-1.amazonaws.com:3000)
Created API resource.

4) Deployed the selected API using the "Deploy API" action and newly created stage.

5) Configured the "vpcLinkId" in the "Stage Variables" section.

Now if I hit the "Invoke URL", the web page displays " {"message": "Internal server error"} ".

Note: If I use the same EC2 url with the "Integration Type : HTTP", the "Invoke URL" works. Same is not working with the VPC Link.

Error:

Other Points Worth Noting:

In EC2 instance with security policy will allow all TCP ports.
EC2 instance was launched by using ECS / ECR (Docker Container).
Enabled the Cloud Watch logs from API Gateway stage, but it produces nothing.

I'm happy to provide additional information, if required.

EDIT 1

Based on JNY's (jny) input I have changed the API gateway end point to the NLB and added my EC2 instance as Target in the NLB. Still I'm facing the same issue. Below images will show all the configurations that I have done.

Load Balancer Config:

Load Balancer Target Group settings:

Target Group Port Settings:

Here I have given 3000 as port to check the instance health as my application (Node) listens on 3000 port.
Enabled the port numbers 80 and 3000 in the security policy.

API Gateway Settings:

Finally I changed the Endpoint the API Gateway to NLB

Result of the same:

Still I'm not sure what is the mistake I'm making here.

Endpoint url should be the NLB, not ec2 instance. NLB should be configured with EC2 instance. — jny, Jul 02 '18 at 14:08
Thanks @jny. Still I'm having the same issue. Please check the Edited description of the same. — Kiran, Jul 03 '18 at 04:32
What happens when you call nlb url directly using curl or postman? — jny, Jul 03 '18 at 12:38
When I called the NLB directly, it shows site can't be reached page. But now issue is resolved. The main issue is with the port numbers across, NLB, Target Groups, EC2, ECS Containers. I created everything on a single port and created VPC's fresh. Now it's working as expected. Thanks for the responses. And the NLB endpoint helps a lot. If you post that as an answer. I will accept it. — Kiran, Jul 03 '18 at 13:22
what attribute from the NLB should be used? I tried using the dns name and I'm getting a 500 error whenever I hit the api-gateway — Christopher Thomas, Feb 04 '20 at 19:14
@Kiran I am facing a similar issue. Can you tell us what ipv4 [private/public] you added to security group of your target groups? apparently, my target groups are unhealthy — harry123, May 31 '21 at 22:28
@amyJ: It's been 3 years since I worked on ECS... I barely remember anything. But as far as I remembered, I haven't specified any particular ipv4 (I might be wrong also). You can pretty much see my configurations in the screenshots provided there. — Kiran, Jun 01 '21 at 13:32
@Kiran What was your issue? I also see you mentioned that you didn't add any targets to target group then how are you showing healthy status for the target group? — harry123, Jun 01 '21 at 18:25

score 1 · Answer 1 · answered Oct 22 '21 at 11:22

You did it correctly, but maybe it will help someone:

My fault was to use HTTPS for the endpoint url in the api gateway. It must be HTTP.

Correct:

http://myLoadBalancer.elb.us-east-1.amazonaws.com

The textfield was too short to show the whole url, so I didn't see it.

score 0 · Answer 2 · answered Jul 02 '20 at 13:42

0

I was also getting 500 Internal server error, then I have added inbound rules in EC2 security group and allow HTTP with CIDR of VPC subnet and now I able to access the API using NLB

answered Jul 02 '20 at 13:42

Jitesh Nikale

11

score 0 · Answer 3 · answered Feb 24 '21 at 17:54

0

Your NLB is missing inbound permissions to the EC2 instance (in their security Groups) for port 80. But since an NLB does not have as security group (but does have permanent IP), you will have to use its ip and add it directly to the security group for the EC2 instance. Here's how you can find the ip of your NLBs: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-register-targets.html#target-security-groups.

answered Feb 24 '21 at 17:54

grira louay

1

Thank you @grira for your answer. In my case it was the issue with difference port number. Issue got resolved after using the same port for NLB, EC2, ECS, etc... – Kiran Jun 01 '21 at 13:35

score 0 · Answer 4 · answered Dec 29 '22 at 09:24

0

Issue got resolved after using the same port for NLB, EC2, ECS, etc..

answered Dec 29 '22 at 09:24

Paras Bhardwaj

1
1

How to avoid the configuration error while using AWS API Gateway with VPC Link?

4 Answers4

Linked