0

I'm attempting to call a deployed API through GPRS AT-Commands. I am able to make HTTPS calls, for instance doing a GET on https://www.amazon.jobs/ gives me a 200 and a large response. However I've tried doing something similar on my deployed API but end up receiving a 601 error which is simply just a "Network Error" for the GPRS.

The API works through my browser or even a Python one-liner in the command prompt. I figure it has maybe something to do with certificates or headers or many other things but I'm not sure. What is the difference between a GET to API Gateway and say for example, a GET to other Amazon URLs (like amazon.jobs)? Would a better idea be to create an intermediary endpoint that could construct a successful call to API Gateway?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Shreyas
  • 3
  • 3
  • Maybe just set-up the APIGateway/domain and the DNS is not propagated yet. Anyway you should trace the request(can you post what `curl -v $your_API_gateway` returns?) to have a better idea where is the blocking point. Is HTTP 601 returned by the API endpoint? Can you check the API endpoint logs? – The user with no hat Aug 27 '16 at 03:26
  • I can't use `curl` as the GPRS is a module for an Arduino and so I can't see where it trips up. However it did show that SSL/TLS versions were not an issue. Fair point about the logs, unfortunately I have to wait for someone else to add CloudWatch logging as I don't have the permissions within our account. I will update as soon as it's available. – Shreyas Aug 27 '16 at 04:45
  • API Gateway requires a https connection with a client that support server name indicator (SNI). Check the documentation for your GPRS module to ensure that it support https and SNI. – MikeD at AWS Aug 27 '16 at 20:51
  • Thanks @MikeDatAWS . Seeing as SNI is an extension to TLS I don't believe it's bundled with the SIM900 GPRS module's functionality. Do you know any way around this, apart from having an EC2 instance do all the work? – Shreyas Aug 28 '16 at 06:55
  • There's no great option for using API Gateway without SNI. You can put a CloudFront distribution in front of your API and enable CloudFront's support for dedicated IPs which removes the need for SNI. That's a rather expensive option at $600 per month. It would be cheaper to set-up multiple EC2 instances behind an ELB. – MikeD at AWS Aug 28 '16 at 19:05

1 Answers1

1

Recapping the discussion from the comments...

API Gateway requires a https connection with a client that support server name indicator (SNI). SNI is an extension to TLS and it sounds like the SIM900 GPRS module probably doesn't support it.

There's current no great option for using API Gateway without SNI. You can put a CloudFront distribution in front of your API and enable CloudFront's support for dedicated IPs which removes the need for SNI. That's a rather expensive option at $600 per month. It would be cheaper to set-up multiple EC2 instances behind an ELB.

MikeD at AWS
  • 3,565
  • 16
  • 15