How do I resolve the "Network Error communicating with endpoint" error in API Gateway?
Last updated: 2021-05-10
I want to resolve the "Network Error communicating with endpoint" error in Amazon API Gateway.
If the number of API requests is significantly greater than the number of errors that you receive, then you're likely experiencing transient network issues. To resolve these issues, complete the steps in the Resolve low-frequency network errors section.
If you're experiencing errors frequently or all the time, then complete the steps in the Resolve high-frequency network errors section
Resolve low-frequency network errors
Use retries with exponential backoff. For more information, see View API Gateway log events in the CloudWatch console.
Resolve high-frequency network errors
Set up Amazon CloudWatch logging, and be sure to choose the Log full requests/responses data option. This option allows you to log full API requests and responses so that you can troubleshoot errors.
Now, consider the following resolutions:
- If your load balancer has multiple target groups, use cross-zone load balancing to reduce latency. You can reduce latency by distributing incoming traffic evenly across all enabled Availability Zones and preventing requests from being routed to Availability Zones without targets.
- Confirm that there are registered healthy instances in all your enabled Availability Zones that use a Network Load Balancer and Application Load Balancer.
Note: Your load balancer is most effective when each enabled Availability Zone has at least one registered target. Your Availability Zone must have at least one healthy instance per target group. This healthy instance is required to reach healthy status in a Network Load Balancer or Application Load Balancer.
- To avoid exceeding the integration timeout quota of API Gateway, confirm that your target group instances serve a response to the API within 29 seconds.
- If you're using a Network Load Balancer, confirm which IP addresses can reach the instance in your Amazon Elastic Compute Cloud (Amazon EC2) security groups. Your IPs should allow traffic either from all sources or from the private IP address of the Network Load Balancer.
- If you're using an Application Load Balancer, confirm that the security group for your Application Load Balancer allows traffic from all sources.
Note: Target instances can restrict access to only the Application Load Balancer. For stricter security, you can limit access from API Gateway IP addresses reserved for the AWS Region where the API is located. To receive a notification whenever the IP range list changes, subscribe to AWS IP address range notifications.