0

I have a NodeJS Rest API that is deployed on AWS throught Serverless, which automatically creates a Lambda function and a API on API Gateway for me.

Every time I try to make a HTTPS request to any external APIs, I get an error from API Gateway (502 - Internal Server Error), even thought everything works fine when I'm testing in my local PC. And the error only happens if I call the route that makes the external request, so I'm sure that's the problem.

I've already activated API Gateway logs with Cloudwatch (following this post), but the only important log I get is Endpoint response body before transformations: {"errorMessage":"2020-10-21T18:34:14.038Z 4cf0e078-fec9-4b9c-a199-26216a3951aa Task timed out after 6.01 seconds"} (complete logs in that image). The Lambda logs are less detailed, but here they are.

I also have set up a VPC and a Security Group for my Lambda function. My Security Group already alows all trafic for both inbound and outbound rules. My VPC may be the problem, since I don't understand very much about subnets and the configurations I got there. These are my Lambda VPC configurations.

Can someone tell me what's the problem? I'm available to add any more information that you may want/need.

--------- Edit 1:

I tried to follow the steps of this post, but it didn't work. Let me explain everything I did:

First of all, I created a NAT Gateway to my VPC and a new Route Table with the 0.0.0.0/0 destination routed to this NAT Gateway. Then I created a Public Subnet, assigned the new Route Table to it and turned on the Enable auto-assign public IPv4 address option. Finally, I assigned this new Public Subnet to my Lambda function, but the error was still there. I also tried to remove the Public Subnet from the Lambda function, 'cause someone said it would work on the post, but it still didn't work.

The only thing I couldn't do was to set my new Public Subnet as a default subnet. I don't know if it was a core thing to do and if it only didn't work because of that.

Am I forgetting something?

João Bonsegno
  • 31
  • 1
  • 6
  • Are the API's your're trying to hit in the same VPC? – rogerdpack Oct 23 '20 at 16:09
  • 1
    So your API Gateway is calling a Lambda function, and the Lambda function calls an external API? And the Lambda functions are deployed in a VPC? It seems like you should be including the Lambda logs instead of the API Gateway logs, but the most likely cause of this issue is you haven't deployed the Lambda functions in a VPC subnet that has a route to a NAT Gateway. – Mark B Oct 23 '20 at 16:18
  • Possible duplicate: https://stackoverflow.com/questions/40741579/api-gatewaylambdavpc-timeout-issue – Mark B Oct 23 '20 at 16:19
  • @MarkB I updated the post with some thing I tried to do to solve the problem. It didn't work =/ I also posted the Lambda logs you talked about. They are in the third paragraph – João Bonsegno Oct 26 '20 at 18:06
  • @rogerdpack No, they are not. But the APIs I'm trying to hit are from other domains, I think I should just give my VPC access to internet, shouldn't I? – João Bonsegno Oct 26 '20 at 18:08
  • Are you saying that even when you ran the Lambda function completely outside of the VPC that it still can't connect to the external API? – Mark B Oct 26 '20 at 18:12
  • @MarkB What do you mean with "running the Lambda function completely outside of the VPC "? I think I did something wrong in this VPC configuration, but I can't say what =/ – João Bonsegno Oct 26 '20 at 18:23
  • In the Lambda configuration, if you just completely remove the VPC settings, so that it doesn't run in a VPC. If that works then you have a VPC configuration issue, if not, then it's something else. – Mark B Oct 26 '20 at 19:04
  • @MarkB When I completely remove the VPC settings of the Lambda function, every request returns me error 502. When I put the VPC back, only the requets that make other external requests returns 502. That's why I think there's any VPC issue – João Bonsegno Oct 26 '20 at 19:59
  • I solved it now, thanks for your help @MarkB – João Bonsegno Oct 26 '20 at 20:50

1 Answers1

1

I just solved it.

I kept searching on the internet for possible solutions and I found this link that has a video on the right corner (right there) with the perfect tutorial.

The problem was that I only had Subnets connected to a Internet Gateway and no Subnets to a NAT Gateway, like @MarkB said. But I tried to solve it by changing my only 3 Private Subnets, that were assigned to both Lambda and RDS, to connect only with the NAT Gateway and ended up removing the Internet Gateway assignment from my RDS's.

I decided to create 3 new Private Subnets ONLY for my Lambda Functions, those connected to the NAT Gateway, and 1 Public Subnet, connected to the Internet Gateway. The previous Subnets that I already had were intact in the end, and it fits just well.

João Bonsegno
  • 31
  • 1
  • 6