How to avoid the configuration error while using AWS API Gateway with VPC Link?

Question

I have created the VPC Link using the Network Load Balancer (NLB) as per the AWS documentation and attached the same with the API Gateway resource / method. But it throws "Internal Server Error" when accessing the "Invoke URL" and displays this error while testing: "Execution failed due to configuration error: There was an internal error while executing your request".

Procedure I followed:

1) Created Network Load Balancer :

• Load Balancer Scheme: Internal
• Load Balancer Protocol / port : TCP / 80
• Availability Zone : Created VPC with CIDR "10.0.0.0/16" and public subnet with CIDR "1XX.XX.0.0/16".
• Target Group : Protocol / Port / Target Type - TCP / 80 / Instance
• No Target Registration.
• Launched NLB.

2) Created VPC Link in API Gateway using the newly created NLB.

3) Created new API :

• Method : Get
• Integration Type : VPC Link
• Use Proxy Integration : True
• VPC Link : ${stageVariables.vpcLinkId}
• Endpoint URL : "My ec2 instance URL with port" (Ex: http://ec2-XX-XXX-XXX-XXX.compute-1.amazonaws.com:3000)
• Created API resource.

4) Deployed the selected API using the "Deploy API" action and newly created stage.

5) Configured the "vpcLinkId" in the "Stage Variables" section.

Now if I hit the "Invoke URL", the web page displays " {"message": "Internal server error"} ".

Note: If I use the same EC2 url with the "Integration Type : HTTP", the "Invoke URL" works. Same is not working with the VPC Link.

Error:

Other Points Worth Noting:

1. In EC2 instance with security policy will allow all TCP ports.
2. EC2 instance was launched by using ECS / ECR (Docker Container).
3. Enabled the Cloud Watch logs from API Gateway stage, but it produces nothing.

I'm happy to provide additional information, if required.

EDIT 1

Based on JNY's (jny) input I have changed the API gateway end point to the NLB and added my EC2 instance as Target in the NLB. Still I'm facing the same issue. Below images will show all the configurations that I have done.

Load Balancer Config:

Load Balancer Target Group settings:

Target Group Port Settings:

1. Here I have given 3000 as port to check the instance health as my application (Node) listens on 3000 port.
2. Enabled the port numbers 80 and 3000 in the security policy.

API Gateway Settings:

1. Finally I changed the Endpoint the API Gateway to NLB

Result of the same:

Still I'm not sure what is the mistake I'm making here.

Answer 1

I was also getting 500 Internal server error, then I have added inbound rules in EC2 security group and allow HTTP with CIDR of VPC subnet and now I able to access the API using NLB

Answer 2

Your NLB is missing inbound permissions to the EC2 instance (in their security Groups) for port 80. But since an NLB does not have as security group (but does have permanent IP), you will have to use its ip and add it directly to the security group for the EC2 instance. Here's how you can find the ip of your NLBs: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-register-targets.html#target-security-groups.

Answer 3

You did it correctly, but maybe it will help someone:

My fault was to use HTTPS for the endpoint url in the api gateway. It must be HTTP.

Correct:

http://myLoadBalancer.elb.us-east-1.amazonaws.com

The textfield was too short to show the whole url, so I didn't see it.