Intro

I wanted to deploy my FastAPI backend on AWS EC2 and get a proper HTTPS URL without dealing with SSL certificates manually. Turns out API Gateway handles all of that for you — but getting there wasn't as smooth as I expected. Here's everything I went through, including the parts where I got stuck.

EC2 instance setup is covered in my previous post, so I'll skip that part here!

Overview

FastAPI App
    ↓
Dockerize & deploy on EC2
    ↓
Connect API Gateway
    ↓
HTTPS URL ready to go

Step 1. Elastic IP

The Elastic IP was provided by our organization, so I just attached it to the instance.

Without an Elastic IP, your EC2 public IP changes every time you restart the instance — which means you'd have to update your API Gateway integration every single time.

Step 2. SSH into EC2

From my local terminal, I navigated to where my .pem file was and connected.

cd ~/Downloads
chmod 400 your-key.pem
ssh -i your-key.pem ubuntu@YOUR_EC2_PUBLIC_IP

Don't skip the chmod 400 step. If your .pem file permissions are too open, SSH will flat out refuse to connect:

WARNING: UNPROTECTED PRIVATE KEY FILE!
Permissions 0644 for 'your-key.pem' are too open.

Step 3. Install Docker on EC2

# Update packages
sudo apt-get update

# Install Docker
sudo apt-get install -y docker.io

# Run Docker without sudo
sudo usermod -aG docker ubuntu
newgrp docker

# Verify
docker --version
# Docker version 29.1.3 

Step 4. Clone the Repo

cd ~
git clone https://github.com/your-username/your-repo.git
cd  // go to your project
ls

Step 5. Dockerfile

Pretty straightforward setup for a FastAPI app running on uvicorn.

FROM python:3.12-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]

Step 6. docker-compose.yml

services:
  app:
    build: .
    container_name: fastapi-app
    ports:
      - "8000:8000"
    restart: always

Step 7. Installing docker-compose — First Roadblock

docker compose version
# docker: unknown command: docker compose

❌ Problem
Docker was installed but the Compose plugin wasn't.

Tried the obvious fix:

sudo apt-get install -y docker-compose-plugin
# E: Unable to locate package docker-compose-plugin

Nope. Package doesn't exist in the repo either.

✅ Fix
Downloaded the binary directly instead:

sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" \
  -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
# Docker Compose version v5.1.3 

Step 8. Run the FastAPI Server

cd ~/backend
docker-compose up -d --build

Verify it's running:

docker ps
# fastapi-app is up 

curl http://localhost:8000/docs
# Got a response from FastAPI 

Server is live on the EC2 instance. Now let's get that HTTPS URL.

Step 9. Create an API Gateway

AWS Console → API Gateway → Create API → HTTP API

API name: backend
Region:   ap-south-1 (Mumbai)

Step 10. Set Up Integration

This is where API Gateway learns how to talk to your EC2 instance.

Integration type: HTTP_PROXY
HTTP URI:         http://YOUR_EC2_PUBLIC_IP:8000

Step 11. Configure Routes

ANY /{proxy+} → integration

• /{proxy+} — greedy path variable that catches all paths
• ANY — allows all HTTP methods (GET, POST, PUT, DELETE, etc.)

Step 12. Deploy to $default Stage

Stages → $default → Deploy

Once deployed, AWS automatically generates an HTTPS URL

API Gateway comes with SSL out of the box. No need to set up certificates manually — this was honestly the best part.

Step 13. Testing — Second Roadblock

Tried accessing the docs:

https://xxxxxxxxxxxx.execute-api.ap-south-1.amazonaws.com/docs

❌ Problem
No matter what path I hit — /docs, /api/users, anything — it always returned the root / response. Every single path was being swallowed and rerouted to the root.

Went back and looked at the integration config more carefully:

http://YOUR_EC2_PUBLIC_IP:8000   ← path never gets passed through!

Found two things wrong:

Issue 1. The integration URI was missing {proxy} at the end, so every request was hitting EC2's root regardless of the path.

Issue 2. No parameter mapping was set up, so the path information was getting lost at the Gateway level entirely.

✅ Fix

Update the integration URI:

http://YOUR_EC2_PUBLIC_IP:8000/{proxy}

Add a parameter mapping:

API Gateway → Integration → Edit → Create parameter mapping

Mapping type:  Request
Location:      Path
Name:          proxy
Value:         $request.path.proxy

Then redeploy the $default stage — changes don't apply until you redeploy. Took me a minute to realize that too

Step 14. Final Test

https://xxxxxxxxxxxx.execute-api.ap-south-1.amazonaws.com/docs

FastAPI Swagger UI loaded perfectly.

Architecture

Client
    ↓ HTTPS
API Gateway
https://xxxxxxxxxxxx.execute-api.ap-south-1.amazonaws.com/{path}
    ↓ HTTP
EC2 (YOUR_EC2_PUBLIC_IP:8000/{path})
    ↓
Docker Container
    ↓
FastAPI (uvicorn:8000)

Troubleshooting Summary

The {proxy} thing in the integration URI is such a small thing, but since it was my first time, I got stuck longer than I expected. Hopefully this saves someone else the headache. If anything's unclear, drop a comment below! 🙌