Questions tagged with Amazon API Gateway

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

I'm looking at a few articles where the author describes how to route traffic from an AWS API Gateway to Fargate tasks without any load balancing. * https://medium.com/@chetlo/ecs-fargate-docker-container-securely-hosted-behind-api-gateway-using-terraform-10d4963b65a3 * https://medium.com/@toddrosner/ecs-service-discovery-1366b8a75ad6 The solution appear to rely on AWS Service Discovery which, from what I can tell, creates private DNS records. If my ECS services starts 3 Fargate tasks, is API Gateway smart enough to spread the traffic across all the 3 tasks or not?
0
answers
0
votes
3
views
asked 21 minutes ago
Hi, I am trying to setup Lambda functions with API Gateway as the trigger. I'll be making external API calls from the functions and I need my IP to be allowlist with the provider, so it should be static. I also need to provide them the hostname from where the API calls will originate from, so the API gateway will be using custom domain. I have the domain registered on Godaddy and for this API Gateway, I want to use a subdomain. At the moment, what I have done is: 1. Created a VPC Endpoint with subnets in all the availability zones in the region. 2. Created a private Rest API and assigned the above VPCE to it. 3. Created the same number of Elastic IPs as the availability zones. 4. Requested a new certificate from ACM for the subdomain, put the CNAME records on GoDaddy and got the certificate issued. 5. Created a Target Group with IP as target type, TLS as protocol and HTTPS as health check protocol and registered the default subnet's IPs of each availability zone. I used 403 as the health check status expected as this will be the status when the API will be invoked using NLB's DNS for health checks. The health check comes out to be positive. 5. Created Internet Facing, IPv4 Network Load Balancer. The listener was setup with TLS as the protocol. I assigned the above created EIPs to this load balancer and the above generated certificate too. At this point, I am successfully able to invoke the private API Gateway using the NLBs domain. However, I get a security warning because the domain for which the certificate was issued for is not being used to invoke the API. I created a Custom domain for the API and assigned the same certificate to it as well. But still, I get the same warning on the client side. And if I try to invoke the API with the custom domain name, I get no response at all because the name does not get resolved. If I had my domain registered on AWS Route 53, I would've been able to create an Alias record that pointed to the NLB. Can I still do this with external registrar and will this even do anything for me? Can somebody please guide me what needs to be done to get this working? Really appreciate it & thanks in advance. PS. Sorry for the long detail if it's unnecessary.
0
answers
0
votes
9
views
asked 5 hours ago
When trying to create a WAF web ACL, I get the following error: "WAFUnavailableEntityException: AWS WAF couldn't retrieve the resource that you requested. Retry your request." [This page in the AWS Documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateWebACL.html) gives the following explanation: "WAFUnavailableEntityException AWS WAF couldn’t retrieve a resource that you specified for this operation. If you've just created a resource that you're using in this operation, you might just need to wait a few minutes. It can take from a few seconds to a number of minutes for changes to propagate. Verify the resources that you are specifying in your request parameters and then retry the operation. HTTP Status Code: 400" However, I waited for over an hour after creating my resources (first, an API, then an ALB), and I am still getting the same error when I try to create a web ACL for those resources. Not sure what the issue is.
1
answers
0
votes
7
views
asked 21 hours ago
I have a RestApi declared with Cloudformation using AWS::Serverless::Api and created a default cognito authorizer there and declaring a UserPoolArn pointing to my UserPool1's. Then, I created a custom resource, with RestApiId and a UserPool2ARN properties, so it could find (the APIG's authorizers) and add the second pool into the CognitoAuthorizer. It seems to work, AWS Console API Gateway Authorizers page shows the CognitoAuthorizer with TWO different pools. But the problem is when I "initiateAuth" different users from each pool to get an "idtoken", only the idtoken from the first-listed pool is going through. The idtoken from the other pool gets an unauthorized.
0
answers
0
votes
3
views
asked a day ago
I am trying to send HTTP PoST request from Postman API to AWS IoT core. But getting a {message forbidden} error. So I am trying to create a Lambda authorizer. While creating I get the following message: "API Gateway needs your permission to invoke your Lambda function:" And not able to proceed further. Kindly help.
1
answers
0
votes
17
views
asked a day ago
I've added a HTTP API route integration that sends a message to an sqs queue. I would like to map the response to something other than xml in the api response. If the only option is to map to a response header that may work, but the only options to select a value from the sendMessage response is the use `$response.body.<json_path>` which will not work with xml. Is there anyway to have this integration (sqs-sendMessage) not return xml ? If not, is there anyway to map an xml value to a response header or body? (without using a lambda in between the endpoint and queue)
1
answers
0
votes
20
views
asked 2 days ago
I have done the following : 1.Added invoke Function "Addpermission"API with the following command. aws lambda add-permission --function-name FunctionName --principal iot.amazonaws.com --source-arn AuthorizerARn --statement-id Id-123 --action "lambda:InvokeFunction" 2.Verify Authorizer Response with the command aws iot test-invoke-authorizer --authorizer-name NAME_OF_AUTHORIZER --token TOKEN_VALUE In AWS CLI. gives the following error: aws: error: argument operation: Invalid choice, valid choices are: And Postman API is still giving {message Forbidden} :( Note:TOKEN_VALUE is up to date
1
answers
0
votes
11
views
asked 2 days ago
Would like to route API Gateway invocation based on source IP Address. Eg. is source IP 10.x.x.x then invoke function A, if source IP 11.y.y.y then invoke function B. Similar with what Route53 supports for routing based on IP Address but we don't have access to Route53. Thank you in advance, Lucian
2
answers
0
votes
13
views
asked 2 days ago
i am setting up a REST based api , utilizing api gateway , lambda and a dynamo db . I am assuming as the request/response is handled by my lambda . i can set whatever headers i want in the response in my lambda,but wanted to see if there is anything already built in api gateway to add any headers like X-Content-Type-Options in api gateway?
1
answers
0
votes
11
views
asked 3 days ago
I want to connect my EventBridge's API Destinations to resources in my private VPC by calling the API endpoints at their private endpoints (not going through any public route like API Gateway). I saw this [doc](https://docs.amazonaws.cn/en_us/eventbridge/latest/userguide/eb-related-service-vpc.html) from AWS China that says using PrivateLink it might be possible but also found other [sources](https://repost.aws/questions/QUF6vrV82RQDe7__jyGFK7cg/how-to-invoke-a-private-rest-api-created-with-aws-gateway-endpoint-from-an-event-bus-rule) that say EventBridge can't connect to VPC. How should I go about this?
1
answers
0
votes
26
views
asked 3 days ago
I created a Sample Websocket Chat App using this https://github.com/aws-samples/simple-websockets-chat-app The websocket connection is working fine. But when I connect a API Gateway Custom Domain to this api. The connection is successfull, the messages are sent from client to server, **but the messages from server are not received at the client**
1
answers
0
votes
12
views
profile picture
asked 3 days ago
I have imported a zip file in my lambda function, but if i test it i get this error: "list indices must be integers or slices, not str". My code is this: ``` def lambda_handler(event, context): query = { "size": 25, "query": { "multi_match": { "query": event['queryStringParameters']['q'], "fields": ["title", "directors"] } } } headers = {"Content-Type": "application/json"} r = requests.get(url, auth=awsauth, headers=headers, data=json.dumps(query)) response = { "statusCode": 200, "headers": { "Access-Control-Allow-Origin": '*' }, "isBase64Encoded": False } response['body'] = r.text return response ``` The error is on this line "query": event['queryStringParameters']['q'].
1
answers
0
votes
22
views
robbe
asked 4 days ago