I'm having issues with setting up an AWS API Gateway VPC Link to an existing ELB in order to make a private endpoint public.
The error I receive when browsing to the API Gateway endpoint is {"message":"Service Unavailable"}
Here's project setup.
The main platform works fine for people connecting via HTTPs via the ELB however any requests to the API Gateway endpoint wait for while then return the HTTP503 response with the body of {"message":"Service Unavailable"}
Cloudwatch logs show the HTTP503 response but do not give any other useful pieces of information. The ELBs logs show no requests coming in with the requested URL.
The results appear as if the VPC Link is not working and the request to the ELB is being rejected by the Security Group on the ELB even when the ELB's SecGroup is set to allow "All Traffic" from the SecGroup used by the VPC Link.
I'm at a lost as to what could be causing the issue and am hoping that someone can spot something I've missed along the way.
I've followed the various AWS Docs including:
None of these mention the SecGroup setup
I have been successful when I create a HTTP URI integration and point that at a endpoint that allows public requests. This is no good though as the application needs to remain private other than one or two endpoints.
Everything I've read suggests that the API Gateway -> VPC Link -> ELB -> EC2 approach should work
UPDATE 1
VPC Link Setup
API Gateway Integration
Selection Method: Manual Target Service: ALB/NLB Load Balancer: SM-01-ELB Listener: HTTP 80 VPC Link: SM01-VPC Link
According to docs, it said:
VPC links enable you to create private integrations that connect your HTTP API routes to private resources in a VPC
Did you create ALB and VPC Link located in private subnets? I assume you won't connect to ALB successfully if you use had placed it in private subnets.
And can you also check if VPC Link's ENI is created or not?
I need to put my questions here since comment section is quite small for me