I'm trying to link AWS API Gateway with my ECS App Mesh and not cannot seem to make it work.
I currently have a working, public ALB that is successfully reaching my mesh service on ECS. To integrate it with API Gateway, I implemented the following config:
Created a VPC link for HTTP APIs targeting the public subnets the ALB is currently using. I assigned a security group which (for testing purposes), allows all traffic - ipv4 (0.0.0.0/0) & ipv6 (::/0) - to anywhere. Note that I also modified the ALB security group to allow all traffic as well.
Within API Gateway, I created an HTTP api on the
$default
stage (auto-deploy). To this api I added a route from ANY method with path:/{proxy+}
. I then created and attached an integration to a private resource where I selected the ALB and targeted its listener on port 80 and also selected the above VPC link.
Now when I attempt to connect to the invoke url associated with the API, I am getting a connection refused error when trying to reach via http (port 80) and a {"message":"Service Unavailable"}
error from https (not surprised I cannot reach through https).
Note that, once I am getting this setup working, the plan is obviously to make it secure by moving the ALB to private subnets and further restricting its security group to only accept connections from the vpc-link.
Before anyone asks, the reason I want to achieve this setup rather than using the plain virtual gateway from the service mesh is that I wish to use its integration with authorizers such that I can easily set authentication on my various endpoints.
Also note that I am very new to AWS infra and am learning on the fly - apologies in advance for any obvious mistakes on my part.
Any pointers on how to fix or at least debug the above issue would greatly be appreciated. Thanks!