Open In App

Amazon Web Services – Resolving 403 Forbidden Error When Connecting to API from VPC through API Gateway

Last Updated : 28 Mar, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

The Amazon API Gateway is used to create scalable APIs. It can perform additional functionalities like publishing the API, monitoring and maintaining the API.  These can also be used to develop RESTful APIs and WebSocket APIs which can be used for real-time two-way communication between the client and the server. In simpler words we can say that, the Amazon API Gateway is one spot for accepting, processing and managing APIs concurrently on a large scale. 

In this article, we will resolve the error 403 forbidden that occurs while accessing a public API gateway API from within a Virtual Private Cloud(VPC). To resolve the 403 Forbidden error follow the below steps:

Step 1: First check if there is a VPC endpoint for the Execute API service, related within the VPC. To check this go to the AWS management console.

Step 2: After logging into the AWS management console navigate to the VPC console.

Step 3: Then choose Endpoints in the left navigation panel.

 Here you can see the list of interface VPC endpoints in the current region for your account.

Step 4: Now filter the VPC endpoints using the VPC ID.

Step 5: Again filter the VPC endpoints using the Service name. 

Now you can see the VPC endpoint for the execute API service, related within the VPC.

Note that VPC endpoints with Private DNS enabled will route all the API gateway requests to this VPC endpoint because we can access the private API gateway endpoint only from this VPC endpoint. We can’t access any public API gateway APIs and AWS will throw the  error “403 forbidden”.

There are two ways we can resolve this error:

  1. Use a custom domain name.
  2. Disable the private DNS on the VPC endpoint that’s in use and then access the private APIs using the public DNS name of the VPC endpoint

Note: Any clients that are using the private DNS name will no longer be able to connect to the private API and would have to use the public DNS name of the VPC endpoint instead.

Let’s look into how to disable the private DNS name settings for a VPC endpoint.

Step 1: Using the VPC endpoint console select the VPC endpoint whose settings you want to change.

Step 2:  Choose Actions followed by Modify Private DNS names option.

Step 3: To enable private DNS name, clear the checkmark next to “enable for this endpoint”. Then choose “Modify Private DNS names” to save your changes.

After the private DNS name setting is disabled you can access the private API gateway APIs using the below command in the AWS command-line interface.

curl -X GET -v https://apiId.execute-api.region.amazonaws.com/stageName/resourceName

This will resolve the 403 Forbidden Error in the API Gateway connection.


Like Article
Suggest improvement
Previous
Amazon Web Services - Creating an Amazon Mechanical Turk Account
Next
Amazon Web Services - Cost and Usage Report
Share your thoughts in the comments

Similar Reads

Amazon Web Services - Resolving Server Authorization Error in Amazon EKS API Server
Amazon Web Services (AWS) Transit Gateway VS VPC Peering
Amazon Web Services - Resolving Domain Pending Verification Status in Amazon SES
Amazon VPC - Launching an EC2 Instance into a VPC
Amazon VPC - IP Addressing in VPC
Amazon VPC - View Information About Your VPC
Amazon VPC - Concept of VPC Peering
How to Set up a NAT Gateway For a Private Subnet in Amazon VPC?
Machine Learing (ML) Services Offered By Amazon Web Services (AWS)
Amazon Web Service - Introduction to API Gateway

D
ddeevviissaavviittaa
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox