How to avoid the configuration error while using AWS API Gateway with VPC Link?

7
votes

I have created the VPC Link using the Network Load Balancer (NLB) as per the AWS documentation and attached the same with the API Gateway resource / method. But it throws "Internal Server Error" when accessing the "Invoke URL" and displays this error while testing: "Execution failed due to configuration error: There was an internal error while executing your request".

Procedure I followed:

1) Created Network Load Balancer :

  • Load Balancer Scheme: Internal
  • Load Balancer Protocol / port : TCP / 80
  • Availability Zone : Created VPC with CIDR "10.0.0.0/16" and public subnet with CIDR "1XX.XX.0.0/16".
  • Target Group : Protocol / Port / Target Type - TCP / 80 / Instance
  • No Target Registration.
  • Launched NLB.

2) Created VPC Link in API Gateway using the newly created NLB.

3) Created new API :

4) Deployed the selected API using the "Deploy API" action and newly created stage.

5) Configured the "vpcLinkId" in the "Stage Variables" section.

Now if I hit the "Invoke URL", the web page displays " {"message": "Internal server error"} ".

Note: If I use the same EC2 url with the "Integration Type : HTTP", the "Invoke URL" works. Same is not working with the VPC Link.

Error:

enter image description here

Other Points Worth Noting:

  1. In EC2 instance with security policy will allow all TCP ports.
  2. EC2 instance was launched by using ECS / ECR (Docker Container).
  3. Enabled the Cloud Watch logs from API Gateway stage, but it produces nothing.

I'm happy to provide additional information, if required.

EDIT 1

Based on JNY's (jny) input I have changed the API gateway end point to the NLB and added my EC2 instance as Target in the NLB. Still I'm facing the same issue. Below images will show all the configurations that I have done.

Load Balancer Config:

enter image description here

Load Balancer Target Group settings:

enter image description here

Target Group Port Settings:

  1. Here I have given 3000 as port to check the instance health as my application (Node) listens on 3000 port.
  2. Enabled the port numbers 80 and 3000 in the security policy.

enter image description here

enter image description here

API Gateway Settings:

  1. Finally I changed the Endpoint the API Gateway to NLB

enter image description here

Result of the same:

enter image description here

Still I'm not sure what is the mistake I'm making here.

2
amazon-web-servicesamazon-ec2aws-api-gatewayamazon-vpc
Endpoint url should be the NLB, not ec2 instance. NLB should be configured with EC2 instance. - jny
Thanks @jny. Still I'm having the same issue. Please check the Edited description of the same. - Kiran
What happens when you call nlb url directly using curl or postman? - jny
When I called the NLB directly, it shows site can't be reached page. But now issue is resolved. The main issue is with the port numbers across, NLB, Target Groups, EC2, ECS Containers. I created everything on a single port and created VPC's fresh. Now it's working as expected. Thanks for the responses. And the NLB endpoint helps a lot. If you post that as an answer. I will accept it. - Kiran
what attribute from the NLB should be used? I tried using the dns name and I'm getting a 500 error whenever I hit the api-gateway - Christopher Thomas

2 Answers

0
votes

I was also getting 500 Internal server error, then I have added inbound rules in EC2 security group and allow HTTP with CIDR of VPC subnet and now I able to access the API using NLB

0
votes

Your NLB is missing inbound permissions to the EC2 instance (in their security Groups) for port 80. But since an NLB does not have as security group (but does have permanent IP), you will have to use its ip and add it directly to the security group for the EC2 instance. Here's how you can find the ip of your NLBs: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-register-targets.html#target-security-groups.