Cross Account to AWS Private API Gateway with 'ETIMEDOUT' error
Question
I have a service in AWS Account_1 which tries to invoke a AWS Private API Gateway in AWS Account_2. But its unsuccessful and throws ETIMEDOUT error
I tried whitelisting Account_1's user and role in Account_2 Private API gateway's resource policy with no luck.
{"code":"ETIMEDOUT","errno":"ETIMEDOUT","syscall":"connect","address":"xxx.xxx.xxx.xxx","port":443}
1 answers
solution1
0 2021-04-15 05:56:10
In order to access Private API from a cross account. Lets say Account A has Private API and Account B has VPC Endpoint
Make sure the VPC Endpoint and Private API both are in same region
The security group of AWS resource eg EC2 from where the request is made have a security group rule that allows TCP Port 443 outbound traffic to the interface VPC endpoint's IP address range or security group.
The interface VPC endpoint's security group in Account B is correctly configured. It must have a rule that allows TCP Port 443 inbound traffic from the IP address range or security group of the AWS resource that's making requests.
VPC Endpoint is whitelisted in resource policy of Private API in Account A
See more for troubleshooting private API here - https://cloudnamaste.com/troubleshooting-api-gateway-private-api/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.