[aws-apigateway] Invalid integration URI specified with ProxyResource and VPC_LINK #10435

muellerk22 · 2020-09-18T18:54:33Z

I was trying to use CDK to recreate this Tutorial:

Tutorial: Build a REST API with API Gateway private integration
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-with-private-integration.html

At a high level: Create a RestApi with a VpcLink Integration. Then add a ProxyResource with a "ANY" method added with addMethod. create a REST API using a private integration to route to a little node app in ECS deployed via Fargate.

Reproduction Steps

`
export class NetworkLoadBalanacerStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);

const vpc = new ec2.Vpc(this, 'NLB_Vpc', { maxAzs: 2 });

const cluster = new ecs.Cluster(this, 'nlbCluster', {
  clusterName: "nlb-Cluster",
  containerInsights: true,
  vpc
});

const helloSvc = new ecsPatterns.NetworkLoadBalancedFargateService(this, 'nlb_HelloService', {
    cluster,
    serviceName: 'HelloAPI',
    publicLoadBalancer: false,
    assignPublicIp: false,
    listenerPort: 80,
    taskImageOptions: {
      image: ecs.ContainerImage.fromAsset(path.resolve(__dirname, '../HelloService')),
    }
  });
  // The below is not ideal.  Will have to figure out something better.
  //helloSvc.service.connections.allowFromAnyIpv4(EPHEMERAL_PORT_RANGE);
  helloSvc.service.connections.allowFrom(
    ec2.Peer.ipv4(helloSvc.loadBalancer.vpc.vpcCidrBlock), 
    ec2.Port.tcp(80)
   );

  const hello_httpVpcLink = new apigV1.VpcLink( this, 'vpcLink', {
    targets: [helloSvc.loadBalancer]
  })

  const intergration = new apigV1.Integration({
    type: apigV1.IntegrationType.HTTP_PROXY,
    integrationHttpMethod: "ANY",
    options: {
      connectionType: apigV1.ConnectionType.VPC_LINK,
      vpcLink: hello_httpVpcLink
    }
  })
  const helloApi = new apigV1.RestApi(this, "RestApi", {
    restApiName: "Sabre Rest API to nlb",
    endpointTypes: [apigV1.EndpointType.REGIONAL],
    defaultIntegration: intergration
  }); 

  const proxyResource = new apigV1.ProxyResource(this, "ProxyResource", {
    parent: helloApi.root,
    anyMethod: false,
  })

  proxyResource.addMethod( "ANY", intergration, {
      methodResponses: [{ statusCode: "200" }],
      requestParameters: {
        "method.request.path.proxy": true
      }
  })

  new cdk.CfnOutput(this, 'nlbHelloAPIUrl', { value: helloApi.url! })
}

}
`

What did you expect to happen?

I expected the stack deploy properly with a REST Api routing all REST calls to the service running on ECS through the VPC link.

What actually happened?

The fails to creates and rolls back with a bad URI for the ANY method.

40/45 | 12:55:40 PM | CREATE_FAILED | AWS::ApiGateway::Method | ProxyResource/ANY (ProxyResourceANYD2521206) Invalid integration URI specified (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: abb21875-45ec-46e1-8512-38bcc8536604; Proxy: null) new Method (/Users/kvm/projects/edmunds-sabre/node_modules/@aws-cdk/aws-apigateway/lib/method.js:49:26) \_ ProxyResource.addMethod (/Users/kvm/projects/edmunds-sabre/node_modules/@aws-cdk/aws-apigateway/lib/resource.js:18:16) \_ ProxyResource.addMethod (/Users/kvm/projects/edmunds-sabre/node_modules/@aws-cdk/aws-apigateway/lib/resource.js:238:22) \_ new NetworkLoadBalanacerStack (/Users/kvm/projects/edmunds-sabre/build/nlb-stack.js:59:23) \_ Object.<anonymous> (/Users/kvm/projects/edmunds-sabre/build/index.js:10:1) \_ Module._compile (internal/modules/cjs/loader.js:1075:30) \_ Object.Module._extensions..js (internal/modules/cjs/loader.js:1096:10) \_ Module.load (internal/modules/cjs/loader.js:940:32) \_ Function.Module._load (internal/modules/cjs/loader.js:781:14) \_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12) \_ internal/main/run_main_module.js:17:47 40/45 | 12:55:40 PM | CREATE_FAILED | AWS::ApiGateway::Method | RestApi/Default/ANY (RestApiANYA7C1DC94) Invalid integration URI specified (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: 7d6155d3-8b7e-4a21-871f-338433fc8a48; Proxy: null) new Method (/Users/kvm/projects/edmunds-sabre/node_modules/@aws-cdk/aws-apigateway/lib/method.js:49:26) \_ RootResource.addMethod (/Users/kvm/projects/edmunds-sabre/node_modules/@aws-cdk/aws-apigateway/lib/resource.js:18:16) \_ ProxyResource.addMethod (/Users/kvm/projects/edmunds-sabre/node_modules/@aws-cdk/aws-apigateway/lib/resource.js:235:37) \_ new NetworkLoadBalanacerStack (/Users/kvm/projects/edmunds-sabre/build/nlb-stack.js:59:23) \_ Object.<anonymous> (/Users/kvm/projects/edmunds-sabre/build/index.js:10:1) \_ Module._compile (internal/modules/cjs/loader.js:1075:30) \_ Object.Module._extensions..js (internal/modules/cjs/loader.js:1096:10) \_ Module.load (internal/modules/cjs/loader.js:940:32) \_ Function.Module._load (internal/modules/cjs/loader.js:781:14) \_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12) \_ internal/main/run_main_module.js:17:47

Environment

**CLI Version: ** 1.63.0 (build 7a68125)
Framework Version: 1.63.0 (build 7a68125)
Node.js Version: v14.9.0
OS : Mac OS 10.15.6
Language (Version): [email protected]

Other

This is 🐛 Bug Report

The text was updated successfully, but these errors were encountered:

nzamosenchuk · 2020-09-30T07:03:39Z

I've been investigating this and. URI is mandatory for VPC-NLB integration
Step 5e : https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-with-private-integration.html

nija-at · 2020-09-30T13:38:58Z

Thanks @nzamosenchuk.

@muellerk22 - can you try setting the uri property as part of creating the Integration class and see if this fixes your problem, specifically at line -

const intergration = new apigV1.Integration({

muellerk22 · 2020-10-01T14:23:09Z

After I enter this I was able to get this working but setting the uri.

`

const sabreIntergration = new apigV1.Integration({

  type: apigV1.IntegrationType.HTTP_PROXY,

  integrationHttpMethod: "ANY",

  options: {

    connectionType: apigV1.ConnectionType.VPC_LINK,

    vpcLink: this.vpcLink,

    requestParameters: {
      "integration.request.path.proxy": "method.request.path.proxy"
    }
  }
  // see step 4 here: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-api-with-vpclink-cli.html
  // "The uri parameter is not used for routing requests to your endpoint, 
  //  but is used for setting the Host header and for certificate validation."
  // see https://answers.amazon.com/questions/123048? from Uri Segev stating the port in the 
  // in the EndPoint URL will identify the correct listener to hit.
   uri: "http://sabre.com:${port}/${resource}/"
})

`

At a minimum, this should be a required field versus optional. Thanks for the direction.

When VPC Link is configured as a private integration on a Method, the 'uri' field is required. Without this the CloudFormation deployment fails with the error - 'Invalid integration URI specified'. Instead of switching this to just a synth time error, use the NLB DNS name when available. closes #10435

When VPC Link is configured as a private integration on a Method, the 'uri' field is required. Without this the CloudFormation deployment fails with the error - 'Invalid integration URI specified'. Instead of switching this to just a synth time error, use the NLB DNS name when available. closes #10435 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2020-10-12T10:54:38Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

muellerk22 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Sep 18, 2020

github-actions bot added the @aws-cdk/aws-apigateway Related to Amazon API Gateway label Sep 18, 2020

github-actions bot assigned nija-at Sep 18, 2020

nija-at added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Sep 30, 2020

github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Oct 2, 2020

nija-at mentioned this issue Oct 6, 2020

feat(apigateway): autodetermine the private integration uri #10730

Merged

mergify bot closed this as completed in #10730 Oct 12, 2020

bearrito mentioned this issue Aug 2, 2023

api_gateway: Creating HTTP Integration with VPC Link and NLB #26612

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[aws-apigateway] Invalid integration URI specified with ProxyResource and VPC_LINK #10435

[aws-apigateway] Invalid integration URI specified with ProxyResource and VPC_LINK #10435

muellerk22 commented Sep 18, 2020

nzamosenchuk commented Sep 30, 2020

nija-at commented Sep 30, 2020

muellerk22 commented Oct 1, 2020 •

edited

Loading

github-actions bot commented Oct 12, 2020

[aws-apigateway] Invalid integration URI specified with ProxyResource and VPC_LINK #10435

[aws-apigateway] Invalid integration URI specified with ProxyResource and VPC_LINK #10435

Comments

muellerk22 commented Sep 18, 2020

Reproduction Steps

What did you expect to happen?

What actually happened?

Environment

Other

nzamosenchuk commented Sep 30, 2020

nija-at commented Sep 30, 2020

muellerk22 commented Oct 1, 2020 • edited Loading

github-actions bot commented Oct 12, 2020

⚠️COMMENT VISIBILITY WARNING⚠️

muellerk22 commented Oct 1, 2020 •

edited

Loading