0
votes

Using AWS's HTTP API Gateway, one is able to create VPC Links to private resources. To create a VPC Link, one must specify a Name, VPC to connect to, Subnets to be included, and Security Groups to use.

I am running into issues when trying to select Subnets- some are in Availability Zones that are not supported by this service.

As a demonstration, I created Subnets in all of the available Availability Zones and tried to create a VPC Link using all of them. This failed, of course, as at least one of the Availability Zones does not support this:

Error received when creating a VPC Link

Looking over AWS's documentation, it appears that there are ways to filter which services are available in which Availability Zones (and for VPC interface endpoints). I have used the describe-vpc-endpoint-services command (linked in previous sentence) and the "create endpoint steps" to determine supported availability zones, but I am unfortunately still missing something as the list of availability zones retrieved when trying both techniques still causes the Create VPC Link operation to fail.

While a VPC Link could be created through trial and error (deselect every subnet that the error message complains about), this is less than ideal when trying to automate infrastructure provisioning.

How can a person/script determine which Availability Zones and/or Subnets are supported for VPC Links before an attempt is made at creating them?

1
"I have so far been unsuccessful" - what do you mean? This is not specific. Exactly what did you try, and what errors did you get?Marcin

1 Answers

0
votes

When you create a VPC it's not automatically set to work in every AZ within the region. You have to set up subnets within each AZ for them to be available to you.

Once you've done that, then you can create the private link and keep in mind it can take several minutes for the private link to work.