I have created an AWS Lambda with the new function URL feature enabled.
Since the URL isn't that easy to remember, I would like to create a Route 53 alias like lambda.mywebsite.com.
There is no Route 53 alias for Lambda function URLs in the drop-down menu for aliases in Route 53.
How can I call my AWS Lambda function URL via a custom domain?
Is a CNAME record the way to go?
How can I call my AWS Lambda function URL via a custom domain?
If you must use an AWS Lambda function URL, fronting it with a CloudFront distribution with your desired custom domain name is the only way currently.
There is no support currently for a Route 53 alias record, as the Host header must be set to the Lambda function URL domain. If the Host header does not exist, HTTP 400 Bad Request is returned & if it does exist but is not the correct value, HTTP 403 Forbidden is returned.
They are meant to be the simplest & fastest way to invoke your Lambda functions via a public endpoint without using other AWS services like API gateway, so a native lack of support for a custom domain name makes sense.
I tried the same once lambda url feature was out.
Following are the steps:
Create a cloudfront distribution with lambda url as https endpoint, add the domain name in the alternate domain name field.
Create a A record for the domain in Route53 and point it to the cloudfront distribution.
Note:
If in case you haven't added domain certificate in step1 then the cloudfront option in step2 wont show any value to select.
If you use CloudFlare for your DNS services you can use Redirect Rules under the Rules tab.
For simple projects the DNS management is free, and you get up to 10 free Redirect Rules.
More info here: https://developers.cloudflare.com/rules/url-forwarding/single-redirects/create-dashboard/
For my purposes in CloudFlare I set up a Static redirect to my Lambda URL provided in the AWS Console, with a 307 Status Code:
Looking for a similar solution but you'll be limited to 60secs response timeout for a custom origin in case of cloudfront. It can be requested up to 180 secs. If you looking beyond ALB is your best bet. I am now adding lambda function to a targetgroup than going to add this to ALB. Once it works definitely going to post my complete config or confirmation here.
Related
I registered a domain on Route53 and I would like to use the same domain for both my front-end and the back-end (example xyz.com).
The whole infrastructure is hosted on AWS.
The font-end is an app hosted on S3 and fronted by cloudfront.
The back-end is served via API Gateway.
I created a record of type A to point the API Gateway endpoints and I now try to create a new record of type A to serve the front-end (point cloudfront) which doesn't allow me, returning the error:
A record with the specified name already exists.
What is the correct way to achieve having both the front-end and the back-end behind the same domain?
First of all, you can not create multiple A records like that.
As luk2302 said, the normal approach is use two domains. But if you want to keep the same domain for both FE and BE, you can use multiple path patterns of CloudFront to do the routing for you.
It will look like this: You have 1 CloudFront distribution, it will have 2 behaviors with 2 origins: S3 and API Gateway. The first behavior will have path pattern /api/* and it will point to API Gateway's Origin. And the default path pattern will go to S3's Origin
I have a custom domain setup in route53 and using rout53 as domain service provider. I have a static page hosted in aws s3 bucket which I am using as the home page of the site. In route53 I have mapped the aws s3 url to my custom domain by adding alias records as per this document.
I also have some lambda functions, which serves html pages on requests. Now I am trying to map the api endpoint of these lambda functions to my custom domain.
The flow is mainly like this, when the user hits the home website i.e. xyz.com, the homepage is served from the s3 static site. When the user navigates to other page say xyz.com/products/productId, the html is served from the lambda function. I am able to follow and do most of the steps for mapping api gateway endpoint to custom domain, but it's at adding DNS records I am facing the issue and getting the error A record with specified name already exists, which is understandable as I have already added the A record for routing to s3 bucket for my root domain.
My question is, can I add multiple records for the same type A in aws? Or is there other way to approach this problem?
No, you can't do it this way. A DNS name can only resolve to one thing.
Instead, you could create a subdomain so that:
xyz.com --> Amazon S3 bucket
products.xyz.com --> API Gateway
You could pass the productId as a parameter (eg products.xyz.com/?productId=42).
I have created an AWS Lambda with the new function URL feature enabled.
Since the URL isn't that easy to remember, I would like to create a Route 53 alias like lambda.mywebsite.com.
There is no Route 53 alias for Lambda function URLs in the drop-down menu for aliases in Route 53.
How can I call my AWS Lambda function URL via a custom domain?
Is a CNAME record the way to go?
How can I call my AWS Lambda function URL via a custom domain?
If you must use an AWS Lambda function URL, fronting it with a CloudFront distribution with your desired custom domain name is the only way currently.
There is no support currently for a Route 53 alias record, as the Host header must be set to the Lambda function URL domain. If the Host header does not exist, HTTP 400 Bad Request is returned & if it does exist but is not the correct value, HTTP 403 Forbidden is returned.
They are meant to be the simplest & fastest way to invoke your Lambda functions via a public endpoint without using other AWS services like API gateway, so a native lack of support for a custom domain name makes sense.
I tried the same once lambda url feature was out.
Following are the steps:
Create a cloudfront distribution with lambda url as https endpoint, add the domain name in the alternate domain name field.
Create a A record for the domain in Route53 and point it to the cloudfront distribution.
Note:
If in case you haven't added domain certificate in step1 then the cloudfront option in step2 wont show any value to select.
If you use CloudFlare for your DNS services you can use Redirect Rules under the Rules tab.
For simple projects the DNS management is free, and you get up to 10 free Redirect Rules.
More info here: https://developers.cloudflare.com/rules/url-forwarding/single-redirects/create-dashboard/
For my purposes in CloudFlare I set up a Static redirect to my Lambda URL provided in the AWS Console, with a 307 Status Code:
Looking for a similar solution but you'll be limited to 60secs response timeout for a custom origin in case of cloudfront. It can be requested up to 180 secs. If you looking beyond ALB is your best bet. I am now adding lambda function to a targetgroup than going to add this to ALB. Once it works definitely going to post my complete config or confirmation here.
I'm trying to set up an API using a REGIONAL custom domain that routes HTTP requests to ALB.
The domain is registered with another DNS provider so I will not be using Route53.
Concept:
/path/to/service --> ALB (Listener: /path/*) --> ECS
I first tried with the original invoke URL https://cuxxxxmvk0.execute-api.ap-east-1.amazonaws.com/stage/path/to/service, it returns ALB context path error (It's expected because ALB gets /stage/path/to/service which doesn't hit any prefix).
Then I created a custom domain with API mapping (no base path) that maps to the stage, and try invoking it with the provided "API Gateway domain name" (The one generated by custom domain). Full URL: https://d-yjexxxds3.execute-api.ap-east-1.amazonaws.com/path/to/service
However, it returns {"message":"Not Found"}
API Gateway domain name
So my question here is:
How does the "API Gateway domain name" generated by custom domain works? Can I directly invoke the API with it?
Is it a must to CNAME it (i.e. CAME api.mydomain.com d-yjexxxds3.execute-api.ap-east-1.amazonaws.com)?
Can I make my final endpoint to be api.mydomain.com/path/to/service without the stage in path?
From the question I can see that you're trying to use CNAME to resolve to URL/some/path but that's not how it works. DNS service will only map your CNAME to some other URL only. The path (/some/path) part will remain same from your domain or API-GW URL.
Other thing to note here is that since you're not using Route53, you do not need Custom Domain Name of API-GW. Create a CNAME which is something like
example.com CNAME d-yjexxxds3.execute-api.ap-east-1.amazonaws.com
I would suggest you add /stage in your ALB prefix so that it can be accessed by API-GW and your own domain.
How does the "API Gateway domain name" generated by custom domain works? Can I directly invoke the API with it?
Yes, you can
Is it a must to CNAME it (i.e. CAME api.mydomain.com d-yjexxxds3.execute-api.ap-east-1.amazonaws.com)?
It is either CNAME (when the DNS is managed by an external provider) or it can be ALIAS (directly returning A records if you manage the DNS in Route53). Please note you need a validated certificate in the certificate manager.
Can I make my final endpoint to be api.mydomain.com/path/to/service without the stage in path?
https://d-xxxxxxds3.execute-api...
As far I know you should invoke the API by defined custom domain name (api.mydomain.com). If calling the d-.. domain will work, I'm not sure
https://api.mydomain.com/path/to/api
I'm not sure what is not working in your setup. Indeed in the custom domain mapping you can have a mapping directly to certain stage, so you may invoke the API as https://customdomain/path/to/api We have it working this way.
Long story short, your setup / idea is generally good. You may enable logging on the API Gateway or stage to find out what is not working (if the NOT FOUND is retuned by the API GW or backend ELB)
Is it possible to CNAME my own domain to AWS API gateway invoke URL?
For example, i owned example.com. I want to create (in Route53) a CNAME record from api.example.com to abcefg.execute-api.ap-southeast-1.amazonaws.com.
Using my terminal, i am able to resolve api.example.com to the invoke URL listing all 4 AWS DNS server. However, i am unable to reach my API via api.example.com but i can do so with the invoke URL without any issue.
May i know if such a CNAME can work at all or must i use a custom domain to achieve that? Thank you.
In the API Gateway console, you have to declare the custom domain that you want to use to access your API.
You will need to provide:
the protocol (HTTP or WebSocket)
the domain's name
the TLS version (leave default if not sure)
the endpoint configuration (if not sure, check this answer)
an ACM certificate (if you don't have one, you will need to create one in ACM)
The process is pretty straightforward but you will find more documentation on this process in the AWS docs if needed.