AWS Lambda HTTP accessible from the internet, but not accessible from an EC2 on the same account

Question

I have a lambda function, that has an API Gateway attached to it. It has a publicly accessible IP address and a domain name (Created by the serverless framework). I can access it from the broad internet, from my own browser (and other devices).

The issue is, it seems to be inaccessible from other services on my account, like an EC2 instance. From the mentioned instance, curl google.com works and returns a response, but curl mylink.com times out.

I think this has something to do with VPC setup, but I can't put my finger at it. What might be the issue here?

Update: Using curl --verbose, I found out that while accessed from anywhere else, the IP the API Gateway is leading to is different, than when accessed from within my AWS account. The VPC doesn't seem to matter, I created a new VPC, an EC2 instance inside it, and it still did the same.

Answer 1

Based on the comments.

The issue was caused by the presence of VPC interface endpoint for API Gateway in the default VPC. The VPC interface endpoint for API gateway is used for private API, not public APIs as used be the OP. Subsequently, calls to public API endpoints fail, as explained in AWS blog:

When they’re configured as private, the public networks are not made available to route your API. Instead, your API can only be accessed using the interface endpoints that you have configured.

There are two ways to combat the issue:

• disable Private DNS Name option for the endpoint, or
• remove the endpoint.

In the OP's case, the second option was used to solve the problem.

Answer 2

The EC2 instance likely lives inside a VPC which doesn't have public internet access (or may but through a load balancer, bastion host, or any myriad of other options).

You'll need to find out which VPC the EC2 instance lives in, and ensure your lambda function has access to it. You can add a function to a VPC by following the documentation