I'm trying to make sense of an undocumented project. I have an endpoint that looks like it's an AWS API gateway resource. Is there a way to find that resource via the identifier?
I have
https://XXXXXXXX.execute-api.us-east-2.amazonaws.com/production/dothis
I have looked in the console at API Gateways in Ohio(us-east-2) at Stages and none of them have a stage endpoint with an XXXXXXX that matches this endpoint's id.
The endpoint is functioning - so it is somewhere out there for sure.
Is there some other AWS resource type that would end up with an endpoint URL like that? Or is it more likely that I have the wrong AWS account/profile? Can I search on the CLI by the XXXXXX id?
We have been in a similar situation and we ended up raising a support ticket to find it. Please raise a support ticket with AWS. They will at least let you know whether the endpoint url is mapped to one of your AWS accounts.
Related
We have started a PHP beanstalk application, first we tested the API as public and it was working, then we tried to make the API private to be called through a VPC Endpoint following the tutorial and instructions but no luck.
We have created the Endpoint and resource policy to income the API
We have attached the Resource policy to the API
While troubleshooting, API can be invoked from the same EC2 instance (curl -X GET https://*** ) and it was successful, but the issue is from beanstalk application it never hits the API, there are no CloudWatch logs either
Here is the code we use to invoke the API from cloud watch "https://API-ID-vpce-*****.execute-api.eu-west-1.amazonaws.com/Pro/calc/?test="
We already allowed the HTTPS inbound and outbound on security groups
Honestly we have tried everything since 10 days with no luck
Appreciate your support into this
Kind Regards
Based on the comments.
The cause of the issue remains undetermined. In this case a support ticket will be placed with AWS support for assistance.
I created a wildcard certificate *.example.com on ACM in my region.
Then I add subdomain.example.com to my custom domain names on API Gateway. The subdomain was configured correctly (it did not give me an error).
When I try to configure mappings of API I get the error Unable to complete operation due to concurrent modification. Please try again later.
I have tried it multiple times. What am I doing wrong here?
This issue is probably with API gateway UI console(AWS Management Console).
When I tried creating the mapping from the AWS CLI, it worked.
I used the aws apigateway create-base-path-mapping command.
Details on the API are at https://docs.aws.amazon.com/cli/latest/reference/apigateway/create-base-path-mapping.html
I need to get elements from AWS dynamoDB and thrid party https service and merge those results in AWS appSyn and send back the result as graphQL response
Third party service which I am using, expects client side certificate. I am not finding proper AWS documents on how to pass agent using AWS appSync resolver.
I am also not finding documents to store certificate as secret in AWS secret manager.
Is there anyone faced similar problem? Or do you guys have any solution to it?
It depends on the size of your certificate - Secrets for AWS Secrets Manager have various limits such as length in bytes (7168 bytes) or characters (4096) see more here:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html
But otherwise you should be able to store your certificate using AWS Secrets Manager.
See number item 3 in the following link: https://aws.amazon.com/blogs/compute/maintaining-transport-layer-security-all-the-way-to-your-container-part-2-using-aws-certificate-manager-private-certificate-authority/
Using HTTP Resolvers (or even Lambda Resolvers) you will be able to make http calls to AWS Secrets Manager to obtain the secret.
See links:
https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-lambda-resolvers.html
https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-http-resolvers.html
Adding to Ashwin's answer, According to documentation, HTTP resolver supports only public endpoint at this point and does not seem to have ability to pass a certificate for app to app call
I'm having issues performing requests using jest to an AWS ElasticSearch cluster v5.3.
Reason is:
The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details
I am using windows 10 with java 11, spring boot 2, webflux, jest and the aws http request signer that they point to in their documentation.
I've checked and doubled checked the access and secret keys of the IAM user. I also added policies for the IAM user of full control over the cluster, still the 403 message.
Removing or adding the Content-Length header yields the same error.
Not sure where to go from here.
Any help would be appreciated.
Thx
So from I discovered, is that the network issue had something to do with the corporate proxy. I created a tunnel between my laptop and the ElasticSearch cluster, removed the proxy from the http client used by jest, and things work smoothly now.
I wasn't able to figure out exactly how the proxy affected the request signature though, but I'll stick with the tunnel solution.
I am fairly new to AWS Lambda but sure can see the benefits of it and stumbled upon the superb framework Serverless to help me built solutions on Lambda.
I started out building solutions using AWS API Gateway but really need "internal" VPC API's and not public Internet facing API's like API GW creates.
I found that Servless indeed can expose a HTTP endpoint but I can't figure out how this is done and how the URL is created.
When I deploy the Lambda from Serverless it gives me the URL, e.g.:
https://uxezd6ry8z.execute-api.eu-west-1.amazonaws.com/dev/ping
I would like to be able to find (or create) this same http listener for already existing Lambdas so my question is how is the URL created and where is teh actual HTTP listener deployed?
You might be looking for the invoke url,
1. go to https://console.aws.amazon.com/apigateway
2. select api link (which you have deployed on aws lambda).
3. select stages in left side panel and
see the invoke url.
Adding a http listener can be done by going to your lambda function, selecting the 'triggers' tab and 'add trigger', finally selecting API Gateway - but as others mentioned this does create a public facing url.
Duh, I was in the wrong AWS logon previously so the API GW was not showing any matching Serverless API and that was why I couldn't understand how they did it...
Once I logged into the AWS account that hosts the Serverless structure I can see the API GW GET API's for the Serverless HTTP listener.