Can anyone please help me out? I am trying to subscribe SNS to private API GW endpoint. Unfortunately I can’t get the subscription confirmation message through. My serverless config should be correct, I even made it more permissive and still nothing. Can you please check the config and see if I am doing anything wrong (I only posted the relevant bits):
custom:
url: "https://#{ApiGatewayRestApi}-#{TriggerVPCEndpoint}.execute-api.${self:provider.region}.amazonaws.com/${self:provider.stage}"
provider:
endpointType: PRIVATE
vpcEndpointIds:
- !Ref TriggerVPCEndpoint
vpc:
securityGroupIds:
- ${opt:vpcSecurityGroupId}
subnetIds:
- ${opt:vpcPrivateSubnet1}
- ${opt:vpcPrivateSubnet2}
resourcePolicy:
- Effect: Allow
Principal: '*'
Action: execute-api:Invoke
Resource: arn:aws:execute-api:*
functions:
func1:
name: ${self:service}-${self:provider.stage}-func1
handler: src/handlers/func.handler
timeout: 29
events:
- http:
path: somepath
method: post
resources:
Resources:
TriggerVPCEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal: "*"
Action: execute-api:Invoke
Resource: arn:aws:execute-api:${self:provider.region}:#{AWS::AccountId}:*
ServiceName: com.amazonaws.${self:provider.region}.execute-api
SubnetIds: ${self:provider.vpc.subnetIds}
VpcEndpointType: Interface
VpcId: ${opt:vpcId}
TriggerSNS:
Type: AWS::SNS::Topic
Properties:
TopicName: topicName
Subscription:
# url = "https://#{ApiGatewayRestApi}-#{TriggerVPCEndpoint}.execute-api.${self:provider.region}.amazonaws.com/${self:provider.stage}"
- Endpoint: ${self:custom.url}/somepath
Protocol: https
I even tried requesting the confirmation again via console and still nothing.