How to setup API gateway to talk to private NLB?

Question

I has been using an ALB until I realized I cannot connect a private ALB to API gateway ... so am trying NLB now.

So far I have

• Private NLB
• API Gateway VPC Link to connect to NLB

But I am unsure how to configure API gateway properly. I did:

• Created a test route GET /test
• Use VPC Link, tried proxy and non-proxy types
• But I am unsure of what do I put for endpoint URL. For now I did something like: http://dummydomain.com/api where dummydomain.com is a dummy domain and /api is my status check URL which should work

Its my 1st time trying NLB. Is there anything I am missing?

Currently when I test my API gateway function: I get HTTP500

{
  "message": "Internal server error"
}

The logs:

Execution log for request 2d5e2e51-b04c-11e8-b9fe-97b354c20146
Tue Sep 04 14:09:45 UTC 2018 : Starting execution for request: 2d5e2e51-b04c-11e8-b9fe-97b354c20146
Tue Sep 04 14:09:45 UTC 2018 : HTTP Method: GET, Resource Path: /test
Tue Sep 04 14:09:45 UTC 2018 : Method request path: {}
Tue Sep 04 14:09:45 UTC 2018 : Method request query string: {}
Tue Sep 04 14:09:45 UTC 2018 : Method request headers: {}
Tue Sep 04 14:09:45 UTC 2018 : Method request body before transformations: 
Tue Sep 04 14:09:45 UTC 2018 : Endpoint request URI: http://dummydomain.com/api
Tue Sep 04 14:09:45 UTC 2018 : Endpoint request headers: {x-amzn-apigateway-api-id=4p76zcriuk, User-Agent=AmazonAPIGateway_4p76zcriuk, Host=dummydomain.com}
Tue Sep 04 14:09:45 UTC 2018 : Endpoint request body after transformations: 
Tue Sep 04 14:09:45 UTC 2018 : Sending request to http://dummydomain.com/api
Tue Sep 04 14:09:56 UTC 2018 : Execution failed due to configuration error: There was an internal error while executing your request
Tue Sep 04 14:09:56 UTC 2018 : Method completed with status: 500

---

Something I am curious about ... the target group has

• Protocol: TCP
• Port: 80
• Target type: IP
• Healthcheck passes

But my app is running on port 3000. But healthchecks is passing it also correctly reflects my application is running on port 3000

But wondering if the port 80 part is a problem? Does NLB translate the port 80 traffic into port 3000?

Answer 1

The Endpoint URL is a bit of a hack. It forces you to provide a domain (you can use any domain). When you make the request, this domain seems to get stripped off and replaced with your VPC Link.

E.g.

http://dummydomain.com/api -> http://{NLB DNS}:80/api

You can also use {proxy} as part of your Endpoint URL in conjunction with API Gateway proxy resources.

E.g. http://dummydomain.com/api/{proxy} with a top level proxy resource would result in:

{api gateway endpoint}/todo/1 -> http://{NLB DNS}:80/api/todo/1

You can configure the NLB port as part of the Endpoint URL.

E.g.

http://dummydomain.com:10001/api -> http://{NLB DNS}:10001/api

This allows you to include multiple listeners on your NLB pointing to different target groups.

For troubleshooting test your (internal) NLB by spinning up an EC2 instance on the same VPC and curl your Endpoint URLs from there (replacing http://dummydomain.com with the NLB DNS)