amazon-web-servicesterraformaws-api-gatewayamazon-route53aws-cloudmap

API Gateway to access cloudmap endpoint on port 5000

I have a configuration that looks somewhat like this:

enter image description here

I did setup an EC2 instance in my vpc to verify that the cloudmap configuration was working, i.e. i would curl my ecs task on port :5000 and get a response.

For the API gateway, I do however have an issue accessing my ecs task. I have made the following terraform configuration for my api gateway:

resource "aws_apigatewayv2_api" "api" {
  name          = "api-gateway"
  description   = "Proxy to handle requests to our API"
  protocol_type = "HTTP"
}

resource "aws_apigatewayv2_integration" "integration" {
  api_id                 = aws_apigatewayv2_api.api.id
  integration_type       = "HTTP_PROXY"
  integration_uri        = aws_service_discovery_service.ecs-discovery-service.arn
  integration_method     = "ANY"
  connection_type        = "VPC_LINK"
  connection_id          = aws_apigatewayv2_vpc_link.vpc_link.id
  payload_format_version = "1.0"
}

resource "aws_apigatewayv2_route" "route" {
  api_id    = aws_apigatewayv2_api.api.id
  route_key = "ANY /{proxy+}"
  target    = "integrations/${aws_apigatewayv2_integration.integration.id}"
}

resource "aws_apigatewayv2_stage" "stage" {
  api_id      = aws_apigatewayv2_api.api.id
  name        = "$default"
  auto_deploy = true
}

resource "aws_apigatewayv2_vpc_link" "vpc_link" {
  name               = "test"
  subnet_ids         = var.ecs_service_subnet_ids
  security_group_ids = []
}

Upon trying to access my api gateway, I get an http 500 response. If i try for a different port e.g. 5000, the request times out.

The only thing I can come to think about is the fact that my service is available on port 5000 - But the external request coming to the API gateway is obviously on port 433 (as it only accepts https).

Problem here is, from the documentation it doesn't seem entirely clear how I target port 5000 in my integration ? Does api gateway traverse possible ports (i know it supports 5000), until it finds the service, or how does this actually work?

Help is much appreciated

Update

So I changed the port of my ECS service to default port 80. In continuation, I added a security group to the VPC link, that allows all eagress and ingress traffic.

Still, the issue persists and I get an internal server error 500 response.

Solution

  • When you create your ECS Service, you should use a SRV-DNS-Entry for the CloudmapOptions. This Entry contains the target container and the target Port of you application.