S3 endpoint inside docker container collide with api gateway

I am using docker compose and one of the services is a container that I work on (so-called “devcontainer” in vscode).

All services are available from (http://) localstack:4566 because in docker compose the hostname is the name of the service (localstack in my case). If I set the s3 endpoint with s3_use_path_style = true it works.

However, I now want to access api gateway at localstack:4566/restapis and it is colliding with S3 endpoint, giving me an error that restapis is not a valid bucket.

However, if I try setting s3 endpoint to http://s3.localhost.localstack.cloud:4566 or (s3.localstack.localstack.cloud) and s3_use_path_style = false the s3 service complains in terraform apply:

Changes to Outputs:
~ api_gateway_invoke_url = “https://d7gggpnts7.execute-api.us-west-1.amazonaws.com/local_stage” → (known after apply)

│ Error: reading Amazon S3 (Simple Storage) Bucket (local-bucket): RequestError: send request failed
│ caused by: Head “http://local-bucket.s3.localhost.localstack.cloud:4566/”: dial tcp 127.0.0.1:4566: connect: connection refused

│ with module.lambda.aws_s3_bucket.local_bucket,
│ on …/…/…/modules/lambda/main.tf line 5, in resource “aws_s3_bucket” “local_bucket”:
│ 5: resource “aws_s3_bucket” “local_bucket” {

Also, notice that the invoke_url of my api gateway does not look at all like localstack endpoints. How is that configured?

Hello @iop and thank you for your report.

There seems to be different issues there.

First, inter container communication, between LocalStack and your devcontainer. The virtual host addressing of the bucket will fail because your devcontainer does not know how to map <bucket-name>.s3.localhost.localstack.cloud:4566 to your Docker container.
We can go back to using the path style request like you did in your first example to get it working quickly.

How are you trying to access localstack:4566/restapis ? You would need to use an AWS client and sign your request for your request to be recognised as an API Gateway request by LocalStack and properly be routed to the service. This might be the issue?
If no signature is present in your request, then LocalStack will assume it is an S3 request. But this should not be an issue while using a client. Could you provide more information about how you are accessing API Gateway?

Concerning the API Gateway endpoint, how are you applying the Terraform resources against LocalStack? We have documentation about Terraform integration here: Terraform | Docs

Hi,

The “collision” was a bad assumption on my part. I eventually found the documentation that showed there is a special way to query API Gateway: API Gateway V2 | Docs

Also, totally optionally, I switched to the non path-style format for S3. It’s not super well documented, but I learned how you must use a network “alias” for each bucket in your docker container, I think for reasons you just specified. Would be great if that alias trick were documented, and maybe it is already but I couldn’t find it :slight_smile:

Hi — It would be great if you can create an issue on how the docs can be improved or send us a pull request that we can merge :smile: