I want to access a public Rest Api gateway from a AWS Lambda within a VPC.
I already created an execute-api endpoint and added the 443 port to the security group. I also disabled private DNS Names, but I am still getting a "Endpoint request timed out"/ dial tcp 52.28..:443: i/o timeout error. I also tested the API I want to access with postman, which works as intended. What am I missing.
By default Lambda in a VPC does not have public internet access.
One option you have is to setup up a NAT gateway in the subnet Lambda is deployed to give it internet access, hence access to public REST API. More here -> Internet access for lambda functions
AWS Lambda uses the VPC information you provide to set up ENIs that allow your Lambda function to access VPC resources. Each ENI is assigned a private IP address from the IP address range within the Subnets you specify, but is not assigned any public IP addresses. Therefore, if your Lambda function requires Internet access (for example, to access AWS services that don't have VPC endpoints ), you can configure a NAT instance inside your VPC or you can use the Amazon VPC NAT gateway. For more information, see NAT Gateways in the Amazon VPC User Guide. You cannot use an Internet gateway attached to your VPC, since that requires the ENI to have public IP addresses.
Or you can have a look here -> Why can't I connect to my public API from an API Gateway VPC endpoint. It suggests this
Use the curl command line tool to test your private API. In your curl command, include the base URL used to invoke the API, as well as a Host header or x-apigw-api-id header. For more information, see Invoking Your Private API Using Endpoint-Specific Public DNS Hostnames.
The base URL to invoke the API includes the DNS name and stage name. It looks like this: https://vpceId.execute-api.awsRegion.vpce.amazonaws.com/stageName
Note: Replace vpceId with the VPC endpoint ID you copied. Replace awsRegion with your private API's AWS Region (for example, us-east-1). Replace stageName with the name of the stage to which your API is deployed.
The Host header looks like this:
Host:apiId.execute-api.awsRegion.amazonaws.com
Note: Replace apiId with the API ID you copied. Replace awsRegion with your private API's AWS Region (for example, us-east-1).
The x-apigw-api-id header looks like this:
x-apigw-api-id:apiId
Note: Replace apiId with the API ID you copied.
If you set up everything correctly, you get a 200 response code.
