AWS Cloudformation - Attach VPC_Link / NLB to method in api gateway gives "Invalid method setting path" error

Question

I am trying to use CloudFormation to deploy API Gateway with VPC Link and NLB. The Goal is to proxy pass all requests to the NLB:

  NLB:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties: 
      Type: "network"
      IpAddressType: "ipv4"
      Name: !Ref NLBName
      Scheme: "internal"
      # LoadBalancerAttributes: 
      #   - LoadBalancerAttribute
      Subnets: 
        - !Ref NLBSubnetApNortheast1a
        - !Ref NLBSubnetApNortheast1c
        - !Ref NLBSubnetApNortheast1d

  ... other code ... 

  ApiProxyMethod: 
    Type: AWS::ApiGateway::Method
    Properties: 
      RestApiId: !Ref ApiGatewayRestApi
      ResourceId: !Ref ApiProxyResource
      AuthorizationType: COGNITO_USER_POOLS
      AuthorizerId: !Ref ApiAuthorizer
      HttpMethod: ANY
      OperationName: "ProxyAllRequests"
      Integration: 
        ConnectionType: VPC_LINK
        ConnectionId: !Ref ApiGatewayVpcLink
        IntegrationHttpMethod: ANY
        # PassthroughBehavior: String        
        Type: "HTTP" # Member must satisfy enum value set: [HTTP, AWS_PROXY, HTTP_PROXY, AWS] 
        Uri: !Sub 
          - 'http://${DNSName}/{proxy}'
          - DNSName: !GetAtt NLB.DNSName
          # DNSName: The DNS name for the load balancer. For example, my-load-balancer-424835706.us-west-2.elb.amazonaws.com

And when I try to run this, I get this error:

Error Detail:

1 validation error detected: Value 'Invalid method setting path: 
null/null/logging/dataTrace. Must be one of: [/deploymentId, 
/description, /cacheClusterEnabled, /cacheClusterSize, 
/clientCertificateId, /accessLogSettings, 
/accessLogSettings/destinationArn, /accessLogSettings/format, 
/{resourcePath}/{httpMethod}/metrics/enabled, 
/{resourcePath}/{httpMethod}/logging/dataTrace, 
/{resourcePath}/{httpMethod}/logging/loglevel, 
/{resourcePath}/{httpMethod}/throttling/burstLimit/{resourcePath}/{ht
tpMethod}/throttling/rateLimit/{resourcePath}/{httpMethod}/caching/t
tlInSeconds, /{resourcePath}/{httpMethod}/caching/enabled,
 /{resourcePath}/{httpMethod}/caching/dataEncrypted, /{resourcePath}/{httpMethod}/caching/requireAuthorizationForCacheControl, 
/{resourcePath}/{httpMethod}/caching/unauthorizedCacheControlHeaderStrategy, /*/*/metrics/enabled, /*/*/logging/dataTrace, 
/*/*/logging/loglevel, /*/*/throttling/burstLimit 
/*/*/throttling/rateLimit /*/*/caching/ttlInSeconds, 
/*/*/caching/enabled, /*/*/caching/dataEncrypted, 
/*/*/caching/requireAuthorizationForCacheControl, 
/*/*/caching/unauthorizedCacheControlHeaderStrategy, 
/variables/{variable_name}, /tracingEnabled] (Service: ApiGateway, 
Status Code: 400, Request ID: 748f725f-fa59-4885-9058-9d4d17722d5e, 
Extended Request ID: null)' at 'statusMessage' failed to satisfy 
constraint: Member must have length less than or equal to 1024

I was able to located the source of the error to be AWS::ApiGateway::Method , and it seems that the Uri is not right.

When I change the Uri to be "http://NLB-myapp-internal-beta-123.elb.ap-northeast-1.amazonaws.com/{proxy}" , things work just fine.

I tried to search for the error message, but there is no clue. what could be the cause? What does the error message mean?

Answer 1

I think it just should be:

        Type: HTTP_PROXY 
        Uri: !Sub "http://${NLB.DNSName}"

You don't need any {proxy} there.