API Gateway VPC Link Integration to NLB gives 404

Question

I have a proxy+ resource configured like this,

NLB is internal, so using VPC Link, but when I hit the API gateway stage url, I am getting 404. Below are the logs,

(some-request-id) Sending request to http://masked.elb.us-east-1.amazonaws.com/microservice/v2/api-docs

Received response. Status: 404, Integration latency: 44 ms

But when I copy paste the same NLB URL from the log in the browser, I am getting json response back with HTTP 200.

What is that I am missing here?

Answer 1

It turns out that, I was pointing to wrong VPC Link. Once I pointed to correct VPC Link it started working.

Key here is that even though API Gateway logs tells me that, it is hitting http://masked.elb.us-east-1.amazonaws.com/microservice/v2/api-docs, it doesn't actually hit this URL. Instead it hits the NLB which VPC Link is attached to.

I confirmed this by changing the domain name in the Endpoint URL to, http://domainwhichdoesnotexist.com/microservice/v2/api-docs

And in logs I see this,

Thu Jul 30 09:28:09 UTC 2020 : Sending request to http://domainwhichdoesnotexist.com/microservice/api/api-docs
Thu Jul 30 09:28:09 UTC 2020 : Received response. Status: 200, Integration latency: 72 ms

Answer 2

This 404 is being returned from the application on your load balancer so it is definitely connecting.

I can see from your request the hostname you're specifying is an ELB name, is the application listening on this host name? Some web server services such as Apache or Nginx will hit the first vhost if they do not match one within another vhost which may not hit your application.

The domain name you specify in API Gateway should be the one it will connect to on the host, the VPC Link stores the information of which load balancer this link is for. So if your API has a VHOST for https://api.example.com you would specify https://api.example.com/{proxy}.

From your host you should be able to see within the access logs (and error logs) which host/path it is trying to load from.