Using AWS's HTTP API Gateway, one is able to create VPC Links to private resources. To create a VPC Link, one must specify a Name, VPC to connect to, Subnets to be included, and Security Groups to use.
I am running into issues when trying to select Subnets- some are in Availability Zones that are not supported by this service.
As a demonstration, I created Subnets in all of the available Availability Zones and tried to create a VPC Link using all of them. This failed, of course, as at least one of the Availability Zones does not support this:
Looking over AWS's documentation, it appears that there are ways to filter which services are available in which Availability Zones (and for VPC interface endpoints). I have used the describe-vpc-endpoint-services
command (linked in previous sentence) and the "create endpoint steps" to determine supported availability zones, but I am unfortunately still missing something as the list of availability zones retrieved when trying both techniques still causes the Create VPC Link operation to fail.
While a VPC Link could be created through trial and error (deselect every subnet that the error message complains about), this is less than ideal when trying to automate infrastructure provisioning.
How can a person/script determine which Availability Zones and/or Subnets are supported for VPC Links before an attempt is made at creating them?