Webservice exposed using AWS API Gateway is not accessible from the EC2 instance. Returns 403 { "message": "Forbidden" }

3
votes

I created REST API using AWS API Gateway with following details

  • Endpoint Type: Edge Optimized
  • Integration Type: Mock
  • The API is open with
    • Auth: None
    • Api Key Required: False
    • Request Validator: None
    • Resource-policy: Not defined

I successfully deployed the API

API is accessible from the outside world/ public network

API is not accessible from the EC2 instance launched in same account(Not tried to access it from other AWS account). API returns with 403 { "message": "Forbidden" }

What I am missing here which makes the API inaccessible from EC2 ?

2
amazon-web-servicesamazon-ec2aws-api-gateway
Is the EC2 instance put in a private subnet?vahdet
No, EC2 is in public subnet and I can access it from public network, My observation: EC2 is not resolving to public IP of API Gateway and if I manage it to public IP resolution by adding it in hosts file then I am able to access webservice from EC2. Thank You !Prakash
Ok, one more question if it is easy for you to check out: Can you access any other public endpoint (i.e. stackoverflow.com) from that EC2 endpoint? I ask that to clarify whether the internet access is not possible at all or API Gateway configuration needs to be revised etc.vahdet
I can SSH to EC2 and from terminal ping is succeeded to stackoverflow.comPrakash
It might be any cause out of many, sorrily I cannot deduct further in a brief way. Yet, this post and its numerous answers can give you a gotcha: stackoverflow.com/questions/40988051/… . Good luck!vahdet

2 Answers

1
votes

I had the same problem. It turned out that I had a VPC endpoint with private DNS in that VPC, see https://aws.amazon.com/ru/premiumsupport/knowledge-center/api-gateway-vpc-connections/:

When you select the Enable Private DNS Name option while creating an interface VPC endpoint for API Gateway, you can access your private APIs using a private or public DNS, but you can't access your public APIs.

0
votes

Can you please check if you are acessing the correct API GW Endpoint?

API GW returns 403 when you are trying to access an endpoint that doesn't exist.

Also check if you have deployed your latest version.