I'm migrating from an architecture that I have a Lambda inside a Private Subnet, talking with a Public Subnet that has a NatGateway, triggered by an API Gateway WebSocket. And now I removed the Nat Gateway and inserted a VPC Endpoint with a VPC Link. That I found in the link: https://d1.awsstatic.com/whitepapers/private-api-best-practices.pdf
My VPC endpoint is currently with a policy all open, I didn't use the Enable Private DNS Name , because in my VPC there are another projects that talk with API Gateway.
My API Gateway triggered the Lambda, but could not respond to the return message. My lambda has a timeout.
In my older architecture, my return endpoint was https://{restapi-id}.execute-api.{region}.amazonaws.com/{stage}, and now when I try to respond, it doesn't work with that endpoint.
Do I have to change the Endpoint?
My Security Group and NACL are very open until I finish testing this connection. The VPC Link and the API Gateway Endpoint are configured with the Lambda Subnet and the Lambda Security Group.
Is something missing from VPC Link or VPC Endpoint?
Edit: I activated the log in the ApiGateway, and before the lambda logs it returns:
{
"requestId": "em-5aGamaDDAdtd=",
"ip": "",
"caller": "-",
"user": "-",
"requestTime": "30/Apr/2021:17:57:42 +0000",
"eventType": "MESSAGE",
"routeKey": "lambda",
"status": "504",
"connectionId": "em-5abCDaaDBJtw="
}
And client receives the message:
{
message: "Endpoint request timed out", connectionId: "enBZ-dFG2oAFDA4a=",…}
connectionId: "em-5abCDaaDBJtw="
message: "Endpoint request timed out"
requestId: "em-5aGamaDDAdtd="
I found my problem, my VPC Link was missing the connection with the API Gateway. In the AWS::ApiGatewayV2::Integration, I needed to insert the connection of the VPC Link.