Configuration of NLB Targets and API Integration Request when connect Rest API to VPC endpoint using VPC Link, NLB

I have a REST API in account A that I want to have access a private rest api in account b. In account A, I have configured the rest api with a vpc link. This VPC link is connected to my Network Load Balancer which should direct the request to the VPC Endpoint, still in account A. From the VPC Endpoint, the request should go over to the other account based on the resource policy crafted for the private rest api in Account b.

This architecture can be found in "Regional API Gateway to private API Gateway cross-account" section of https://aws.amazon.com/blogs/compute/architecture-patterns-for-consuming-private-apis-cross-account/

When running the API, from account A, I am getting a 500 error code that says " Execution failed due to configuration error: There was an internal error while executing your request"

I have the two following problems/questions:

When I check my registered targets in the assigned Target group for my NLB, it says the targets are unhealthy. I made sure to make sure these targets were IP addresses that were in the subnets of the NLB and VPC Endpoint CIDR Block.
I am using stageVariables.VpcLinkId to link the integration for the API, but I am unsure what I should have for the Endpoint URL, should it be the VPC endpoint DNS Name, the NLB DNS Name, or the private API DNS name (Account B). And should any of these be included in the header of the request from the api in Account A?

Topics

Networking & Content Delivery Serverless Front-End Web & Mobile

Tags

Amazon VPC Amazon API Gateway Network Load Balancer

Language

English

jpiscani

asked 2 months ago282 views

1 Answer

Newest
Most votes
Most comments

Hi there,

Answering your questions as below :

The unhealthy status could be due to various reasons of either connectivity over the TCP layer or even with the response received from the health check from the NLB. Without looking into the setup, its very difficult to determine the reason for the unhealthy status.

Please check out the mentioned links below :

https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-troubleshooting.html

https://repost.aws/knowledge-center/fargate-nlb-health-checks

https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.reddit.com/r/aws/comments/eutpbm/nlb_how_does_health_checks_works_for_target_group/&ved=2ahUKEwim-PCIo7WGAxVXXUEAHaDED7sQFnoECDIQAQ&usg=AOvVaw29Rp41O8dvpA-BtKopsCkj

Generally VPC endpoint DNS Name, should be the way to go. However, looking at your query and your setup, It would be best if you can create a Support Ticket with the AWS Support to get this checked at your account level and make sure you will be promptly assisted. Please open a support case with AWS using the following : https://console.aws.amazon.com/support/home#/case/create

SUPPORT ENGINEER

Sagar_T

answered 2 months ago

EXPERT

Osvaldo Marte

reviewed 2 months ago

Relevant content

I want to integrate AWS ECS with API Gateway (REST API) without using NLB, lambda, or any other service.
Prathamesh
asked 10 months ago
How to connect a Public API Gateway REST API with a private NLB in a different account?
smacintyre
asked a year ago
Build a REST API with API Gateway private integration: Tutorial
Accepted Answer
AWS-User-9282743
asked 2 years ago
REST API gateway cross region VPC link
nick brown
asked 2 years ago
How can I forward the host header with private integration for an API Gateway REST API?
AWS OFFICIALUpdated a year ago
How do I use an interface VPC endpoint to access an API Gateway private REST API in another account?
AWS OFFICIALUpdated 9 months ago
How can I delete an Amazon VPC link for my Amazon Gateway REST API?
AWS OFFICIALUpdated 2 years ago
How do I integrate an API Gateway REST API with an Application Load Balancer?
AWS OFFICIALUpdated 8 months ago
Implementing request parameters validation in Amazon API Gateway REST API with Cloud Development Kit (CDK)
EXPERT
Vihang Shah
published 7 months ago
How to invoke an AWS Blu Age JICS (CICS) transaction via REST API from AWS Lambda?
EXPERT
Souma Suvra Ghosh
published 7 months ago