【发布时间】:2020-10-19 19:27:20
【问题描述】:
我有 EC2 实例在私有子网中运行,并且想要访问 API 网关。
我做的步骤:-
- 在 API 网关中创建和部署阶段
- 通过测试 URL 和邮递员测试 - 工作正常
- 使用 execute-api 接口创建 VPC 端点
- 更新 API-Gateway 资源策略如下并保存
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:eu-west-1:{{MY_ACCOUNT}}:{{MYAPI}}/*",
"Condition": {
"StringNotEquals": {
"aws:sourceVpc": "vpce-{{ID}}"
}
}
}
]
}
- 尝试使用 curl 和 wget 从 EC2 访问得到 403
[ec2-user@ip-xx-xx-xx-xx ~]$ wget https://{{MYAPI}}.execute-api.eu-west-1.amazonaws.com/DEV/CustomerInfo/?customerId={{CUST_ID}}
--2020-06-29 14:43:29-- https://{{MYAPI}}.execute-api.eu-west-1.amazonaws.com/DEV/CustomerInfo/?customerId={{CUST_ID}}
Resolving {{MYAPI}}.execute-api.eu-west-1.amazonaws.com ({{MYAPI}}.execute-api.eu-west-1.amazonaws.com)... xx.xx.xx.xx, xx.xx.xx.xxx
Connecting to {{MYAPI}}.execute-api.eu-west-1.amazonaws.com ({{MYAPI}}.execute-api.eu-west-1.amazonaws.com)|xx.xx.xx.xx|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2020-06-29 14:43:29 ERROR 403: Forbidden.
【问题讨论】:
标签: amazon-web-services amazon-ec2 api-gateway