Open In App

Amazon Web Services – Resolving 403 Forbidden Error When Connecting to API from VPC through API Gateway

Last Updated : 28 Mar, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

The Amazon API Gateway is used to create scalable APIs. It can perform additional functionalities like publishing the API, monitoring and maintaining the API.  These can also be used to develop RESTful APIs and WebSocket APIs which can be used for real-time two-way communication between the client and the server. In simpler words we can say that, the Amazon API Gateway is one spot for accepting, processing and managing APIs concurrently on a large scale. 

In this article, we will resolve the error 403 forbidden that occurs while accessing a public API gateway API from within a Virtual Private Cloud(VPC). To resolve the 403 Forbidden error follow the below steps:

Step 1: First check if there is a VPC endpoint for the Execute API service, related within the VPC. To check this go to the AWS management console.

Step 2: After logging into the AWS management console navigate to the VPC console.

Step 3: Then choose Endpoints in the left navigation panel.

 Here you can see the list of interface VPC endpoints in the current region for your account.

Step 4: Now filter the VPC endpoints using the VPC ID.

Step 5: Again filter the VPC endpoints using the Service name. 

Now you can see the VPC endpoint for the execute API service, related within the VPC.

Note that VPC endpoints with Private DNS enabled will route all the API gateway requests to this VPC endpoint because we can access the private API gateway endpoint only from this VPC endpoint. We can’t access any public API gateway APIs and AWS will throw the  error “403 forbidden”.

There are two ways we can resolve this error:

  1. Use a custom domain name.
  2. Disable the private DNS on the VPC endpoint that’s in use and then access the private APIs using the public DNS name of the VPC endpoint

Note: Any clients that are using the private DNS name will no longer be able to connect to the private API and would have to use the public DNS name of the VPC endpoint instead.

Let’s look into how to disable the private DNS name settings for a VPC endpoint.

Step 1: Using the VPC endpoint console select the VPC endpoint whose settings you want to change.

Step 2:  Choose Actions followed by Modify Private DNS names option.

Step 3: To enable private DNS name, clear the checkmark next to “enable for this endpoint”. Then choose “Modify Private DNS names” to save your changes.

After the private DNS name setting is disabled you can access the private API gateway APIs using the below command in the AWS command-line interface.

curl -X GET -v https://apiId.execute-api.region.amazonaws.com/stageName/resourceName

This will resolve the 403 Forbidden Error in the API Gateway connection.


Similar Reads

Amazon Web Services - Resolving Server Authorization Error in Amazon EKS API Server
In this article, we will look into how users who get the error you must be logged in to the server unauthorized when connecting to an Amazon Elastic Kubernetes Service API server. Here we have an Amazon EKS cluster that was created by a user initially. Only the creator of the Amazon EKS cluster has system masters permission to access and communicat
3 min read
Amazon Web Services (AWS) Transit Gateway VS VPC Peering
Are you looking forward to enhancing the connectivity of your Cloud Infrastructure using AWS? If it is so, you have landed in the right place. This article covers detailed AWS Transit Gateway and VPC Peering, their advantages, use cases, and differences. By the end of this article, you will be easily able to decide which AWS networking solution bes
8 min read
Amazon Web Services - Resolving Domain Pending Verification Status in Amazon SES
In this article, we are going to look into how to resolve pending verification for your domain in Amazon Simple Email Service(SES) by recreation. This procedure resolves the problem that occurs when the domain.txt record was initially defined incorrectly and then was correct after it later and as a result the verification status is still shown as p
2 min read
Amazon VPC - Launching an EC2 Instance into a VPC
This article will cover all the aspects of Launching an EC2 Instance into a VPC. As we are already aware of the basic process of launching an EC2 instance on AWS, launching it into VPC is almost the same. Every EC2 instance launched on AWS is by default launched inside the default VPC of that particular user. To know more about the basic protocol f
3 min read
Amazon VPC - IP Addressing in VPC
This article intends to educate you all about IP Addressing in VPC's. An IP address is a unique identifier attached to a particular or particular computer network. It acts as a bridge while communicating with the respective device. IP addresses are generally classified into four categories, Public IP AddressPrivate IP AddressStatic IP AddressDynami
3 min read
Amazon VPC - View Information About Your VPC
This article intends to make you aware of Viewing Information About Your VPC. This is very essential to keep an eye on our VPC's when you have a decent amount of confidential datasets. A VPC is nothing but an isolated network or group of networks dedicated or belonging to you and your organization only. For any root account user, there is a signifi
2 min read
Amazon VPC - Concept of VPC Peering
Amazon peering provides an effective way of linking Virtual Private Clouds ( VPCs ) and offers strong networking capabilities inside AWS. In this Article, the complexities of VPC peering are addressed with an effective way of explanation. This Article clarifies how to establish smooth communication across different cloud environments in AWS. What I
10 min read
How to Set up a NAT Gateway For a Private Subnet in Amazon VPC?
AWS(Amazon Web Service) offers a service NAT Gateway which is used to allow the outbound connection to the instance which is available in the private subnet of VPC(Virtual Private Cloud). The inbound access will be restricted to the private instance that is coming from the internet and any other resources. Sometimes you need to update the packages
5 min read
Machine Learing (ML) Services Offered By Amazon Web Services (AWS)
In today's rapidly evolving technologies, harnessing the power of cloud computing has become imperative for businesses striving to stay ahead. Among the many cloud computing platforms, AWS is the most used cloud computing platform. In this guide, I will make sure that you will understand what is AWS and why cloud computing services are important to
10 min read
Amazon Web Service - Introduction to API Gateway
Firstly, API stands for Application Program Interface. An API Gateway is a management tool that acts as an interface between users and microservices. The Amazon API Gateway is an AWS service that allows users to create, publish, secure, maintain and monitor APIs at any scale. You can create APIs in your client application and can also make them ava
10 min read