Skip to content

bug: Api integration deployed with configured connection id does not set connection id in localstack #13218

New issue
New issue
Closed
Closed
bug: Api integration deployed with configured connection id does not set connection id in localstack#13218
Assignees
bentsku
Labels
aws:apigatewayAmazon API Gatewaystatus: resolved/fixedResolved with a fix or an implementationtype: bugBug report
@Kieranties

Description

@Kieranties
Kieranties
opened on Oct 3, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

When deploying resources to an api gateway via terraform I have a number of resources configured with integrations that are vpc linked. The terraform provides the connection id as part of the configuration.

My terraform appears to configure the resources correctly:

[tf:apply-target]   # module.baskets.module.storefront_baskets_root.aws_api_gateway_integration.integrations["ANY-ANY"] will be created
[tf:apply-target]   + resource "aws_api_gateway_integration" "integrations" {
[tf:apply-target]       + cache_namespace         = (known after apply)
[tf:apply-target]       + connection_id           = (known after apply)
[tf:apply-target]       + connection_type         = "VPC_LINK"
[tf:apply-target]       + http_method             = "ANY"
[tf:apply-target]       + id                      = (known after apply)
[tf:apply-target]       + integration_http_method = "ANY"
[tf:apply-target]       + passthrough_behavior    = (known after apply)
[tf:apply-target]       + request_parameters      = {
[tf:apply-target]           + "integration.request.header.contact-id" = "context.authorizer.contact-id"
[tf:apply-target]           + "integration.request.header.store-id"   = "context.authorizer.store-id"
[tf:apply-target]         }
[tf:apply-target]       + resource_id             = (known after apply)
[tf:apply-target]       + rest_api_id             = "ubim5gjupd"
[tf:apply-target]       + timeout_milliseconds    = 29000
[tf:apply-target]       + type                    = "HTTP_PROXY"
[tf:apply-target]       + uri                     = "http://platform.elb.localhost.localstack.cloud:80"
[tf:apply-target]     }
[tf:apply-target]
[tf:apply-target]   # module.baskets.module.storefront_baskets_root.aws_api_gateway_method.methods["ANY-ANY"] will be created
[tf:apply-target]   + resource "aws_api_gateway_method" "methods" {
[tf:apply-target]       + api_key_required   = false
[tf:apply-target]       + authorization      = "CUSTOM"
[tf:apply-target]       + authorizer_id      = "02f17c"
[tf:apply-target]       + http_method        = "ANY"
[tf:apply-target]       + id                 = (known after apply)
[tf:apply-target]       + request_parameters = {
[tf:apply-target]           + "method.request.header.Authorization" = true
[tf:apply-target]           + "method.request.header.x-api-key"     = true
[tf:apply-target]         }
[tf:apply-target]       + resource_id        = (known after apply)
[tf:apply-target]       + rest_api_id        = "ubim5gjupd"
[tf:apply-target]     }
[tf:apply-target]
[tf:apply-target]   # module.baskets.module.storefront_baskets_root.aws_api_gateway_resource.main will be created
[tf:apply-target]   + resource "aws_api_gateway_resource" "main" {
[tf:apply-target]       + id          = (known after apply)
[tf:apply-target]       + parent_id   = "n78za6che3"
[tf:apply-target]       + path        = (known after apply)
[tf:apply-target]       + path_part   = "baskets"
[tf:apply-target]       + rest_api_id = "ubim5gjupd"
[tf:apply-target]     }

While the resources are deployed and correctly configured as a connection type of VPC_LINK the connection id in localstack is null:

Image

This is also represented in the attributes of the resource in the terraform state:

"attributes": {
            "cache_key_parameters": null,
            "cache_namespace": "wyhuqg3yym",
            "connection_id": "",
            "connection_type": "VPC_LINK",
            "content_handling": "",
            "credentials": "",
            "http_method": "ANY",
            "id": "agi-ubim5gjupd-wyhuqg3yym-ANY",
            "integration_http_method": "ANY",
            "passthrough_behavior": "WHEN_NO_MATCH",
            "request_parameters": {
              "integration.request.header.contact-id": "context.authorizer.contact-id",
              "integration.request.header.store-id": "context.authorizer.store-id"
            },
            "request_templates": null,
            "resource_id": "wyhuqg3yym",
            "rest_api_id": "ubim5gjupd",
            "timeout_milliseconds": 29000,
            "tls_config": [],
            "type": "HTTP_PROXY",
            "uri": "http://platform.elb.localhost.localstack.cloud:80"
          }

This causes the deployed api to fail, when requests are made with an API_CONFIGURATION_ERROR.
Here you can see the request reaching my gateway and being authenticated through my authorizer, before returning the error

2025-10-03T07:24:59.490  INFO --- [t.reactor-28] localstack.request.http    : POST /_localstack_lambda/0b4a428382b8a661bce86131729aed6a/status/0b4a428382b8a661bce86131729aed6a/ready => 202

2025-10-03T07:24:59.519  INFO --- [t.reactor-27] localstack.request.http    : POST /_localstack_lambda/0b4a428382b8a661bce86131729aed6a/invocations/a980f262-c7ef-417c-bd2d-4d128d33dc79/logs => 202

2025-10-03T07:24:59.520  INFO --- [t.reactor-24] localstack.request.http    : POST /_localstack_lambda/0b4a428382b8a661bce86131729aed6a/invocations/a980f262-c7ef-417c-bd2d-4d128d33dc79/response => 202

2025-10-03T07:24:59.543  INFO --- [t.reactor-18] l.s.a.n.e.h.gateway_except : Error raised during invocation: API_CONFIGURATION_ERROR

I can then attempt to redeploy the same targets via terraform and it attempts to update in place with the connection id from the previous run

[tf:apply-target] Terraform will perform the following actions:
[tf:apply-target]
[tf:apply-target]   # module.baskets.module.storefront_baskets_root.aws_api_gateway_integration.integrations["ANY-ANY"] will be updated in-place
[tf:apply-target]   ~ resource "aws_api_gateway_integration" "integrations" {
[tf:apply-target]       + connection_id           = "95898a5c"
[tf:apply-target]         id                      = "agi-ubim5gjupd-wyhuqg3yym-ANY"
[tf:apply-target]         # (15 unchanged attributes hidden)
[tf:apply-target]     }

But again, the connection id is null

Expected Behavior

I expect the connection id to be set correctly in localstack and the endpoint to be functional

How are you starting LocalStack?

With a docker-compose file

Steps To Reproduce

How are you starting localstack (e.g., bin/localstack command, arguments, or docker-compose.yml)

Using docker compose, localstack is configured as follows

 localstack:
   privileged: true
   image: localstack/localstack-pro:latest
   ports:
     - "127.0.0.1:4566:4566"            # LocalStack Gateway
     - "127.0.0.1:4510-4559:4510-4559"  # external services port range
   environment:
     DEBUG: 0
     PERSISTENCE: 0
     LAMBDA_DOWNLOAD_AWS_LAYERS: 0
     LOCALSTACK_AUTH_TOKEN: ${LOCALSTACK_AUTH_TOKEN- }
   volumes:
     - "localstack_volume:/var/lib/localstack"
     - "/var/run/docker.sock:/var/run/docker.sock"
   restart: unless-stopped

Environment

- OS: Windows 11
- LocalStack:
  LocalStack version: 4.9.1.dev3
  LocalStack Docker image sha: sha256:9b6f35115ee87236d145fb30f1c909277d044336efc2708603184195d7443677
  LocalStack build date: 2025-10-03
  LocalStack build git hash: 4e5163370

Anything else?

I am using gateway v1.

When querying via the cli, localstack does not return the vpc link

aws apigateway get-vpc-links --endpoint-url=http://localhost:4566            stadion@eu-west-3
{
    "items": []
}

Metadata

Metadata

Assignees

Labels

aws:apigatewayAmazon API Gatewaystatus: resolved/fixedResolved with a fix or an implementationtype: bugBug report

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions