Okay , i need help with right direction . I bought divyanayan.com domain in go daddy portal.
Second Step is, I created a certificate in AWS certificate manager , which gives me Cname and cValue . i used these cname and cvalue and added in the manage domain of godaddy domain i.e divyanayan.com . this validated my certificate .
After this was done i created a public api gateway endpoint and mapped to api gateway cdn .
https://vpyueoq2i9.execute-api.ap-southeast-1.amazonaws.com/dev
My requirement is i want to invoke this url from domain name divyanayan.com (which is configured using cname and cvalue of the certificate). what am i missing here do i need to add the follwing mapping as well to godaddy i.e
divyanayan.com -> API Gateway domain name
Please let me know the right direction.
With the setup that you currently have, I recommend using Cloudfront to serve as a proxy between your domain and your API Gateway endpoint. This would be beneficial in the long run if you want to map paths of the domain to other origins including other API gateway endpoints. You would also have more flexibility and control over how your traffic flows between your domain and the endpoint (eg. attaching lambda functions between API requests).
Here are two guides to help you get started:
Setting up API Gateway with cloudfront
https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-cloudfront-distribution/
Setting up self-hosted/thirdparty-hosted domain with cloudfront
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html
Related
I did a search in the aws docs and couldn't find anything that could help me to setup a cloudfront distribution for a non aws origin server to secure my domain with https. I'm using route 53 to manage my dns for the domain, I'd like to setup https for the domain but it is not hosted with aws. How can I use aws to create a secure domain with https?
Update: I've created the cloudfront distribution and set the alternative cnames to the domain (example.com and www.example.com). In Route 53 I updated the A record for the domain - example.com - to be an alias and pointed it to the cloudfront distribution, but when I try to access the site I get page not working error. The domain does now have he secure padlock, but I can't access the site. Here is the error that I get when I access the site:
The simplest way is to use a CloudFront distribution in front of your non AWS endpoint. This endpoint would be configured as a custom origin endpoint.
You would need to generate or upload a certificate to ACM to attach to the resource. This must be done before you can use the distribution on your own domain, if you don't have it when you create the distribution you will need to edit it later.
The AWS documentation includes documentation for Creating a Distribution. If you follow this and reference your endpoint as the custom origin you will be able to create the host.
You will need to ensure you configure the Origins Origin Protocol Policy option to be HTTP Only if your host does not have a HTTPS certificate.
Be aware that as the CloudFront distribution communicates with your endpoint over the internet, any traffic between CloudFront and your endpoint will still not be encrypted.
Hello I´m using Cloudflare to manage my domain DNS and I want to route
test.domain.com to an AWS rest api gateway. is that possible? or I need to fully host the domain in route53?
I tried with
created lambda function
created api gateway (with Authorization set to NONE)
created a certificate for the domain
created the custom domain in api gateway
now when I go to test.domain.com I see
{
message: "Forbidden"
}
Yes of course you can do this, if you setup a custom hostname in API Gateway with the domain name as your subdomain you will be given a DNS name. When you configure this you will add a path binding to a stage in API Gateway which will then route traffic to your deployment.
You would then assign this as the value to your DNS CNAME record for your subdomain.
More information about setting up a custom domain name is available here.
I am trying to setup a custom domain endpoint for API gateway published endpoint but not able to set.
I've followed all steps
Custom domain DNS is managed by AWS (aws cannot own this as its a .ai URL)
Created ACM Certificate for subdomain. (subdomain.host.ai)
Add Custom API in API Gateway with Mapping to particular Stage
Add A record for custom domain to point to "d-abcde12345.execute-api.us-west-2.amazonaws.com"
What might be going wrong.
When you are pointing to a DNS hostname, rather than an IP, you need a CNAME record. More importantly, when you assign a custom domain to your API Gateway, it will create a CloudFront distribution for you and gives you a CloudFront endpoint: E123CNFSOMETHING.cloudfront.net. You need to create a CNAME record in your registrar dashboard to point to this address, not the API Endpoint:
FROM TO TTL
subdomain E123CNFSOMETHING.cloudfront.net. 300
I have domain with aws example.com, currently I have record set so that when user goes to example.com, it serves static website from S3 (done with angular). Now, I have backend api (Lambda and API gate way), which is has url something like,
https://randomid.execute-api.region.amazonaws.com/Prod/api/getSomething?id=1
so, what I am trying to do is if front end makes a http call to example.com /api/getSomething?id=1, it should return me data (since I am using relative urls).
I was reading aws documentation, it seems i cannot use root domain, I have to use subdomain (api.example.com), I am ok with it. But, I am not sure how can i do that, any help would be appreciated.
Also, I may move my front end to subdomain (web.example.com), if I do that, with my backend at (api.example.com, hope fully I will figure this part), will I run into CORS issue?
Go through this AWS developer guide to change the domain name.
Apart from DNS configurations, it also requires to have a SSL certificate for the custom domain (Which could be taken from AWS Certificate Manager for free).
Also note that an API's custom domain name can be the name of a subdomain or the root domain (aka, zone apex) of a registered Internet domain.
If your Web and API have different subdomains, it will run into CORS. However you can setup a CloudFront distribution infront of both Web and API to avoid CORS.
I'm trying to set a CNAME on Cloudflare to point to an Amazon API Gateway endpoint. The CNAME is for use when referring to one of my subdomains. The gateway in turn points to the IP of a server on DigitalOcean. I am very new to Amazon web services and would appreciate if someone could give me an overview of the correct configuration for the DNS, Amazon Gateway and Cloudfront (which I think is needed to expose the gateway to DNS servers external to Amazon). Any help would be much appreciated.
UPDATE
I've been going at this for a while now and not making much progress. Does anyone have an idea if this is a viable approach or how else it might be done?
UPDATE2
I thought I needed to add the CNAME record to cloudFlare and just ended up in a redirect loop, observed by:
curl -L -i -v https://sub.mydomain.com/
NOTE: It seems this method doesn't work anymore as AWS now only accepts certificates from certain authorities. I haven't tested it myself, but the answer by Gunar looks promising.
There are several reasons why it doens't work to simply point Cloudflare at your API Gateway domain and call it a day:
API Gateway uses shared hosting so it uses the domain name to figure out what API to send requests to. It has no way of knowing that api.yourdomain.com belongs to your API.
API Gateway requires that you use https, but the certificate that it uses is only valid for the default domain.
There is a solution, however. Here are the steps that I followed when I recently set this up:
Generate an origin certificate from the crypto tab of the Cloudflare dashboard.
Import the certificate to AWS Certificate manager in the us-east-1 region, even if your API is located in a different region. If you are prompted for the certificate chain you can copy it from here.
Add your custom domain in the API Gateway console and select the certificate you just added. Check the AWS support article for more information on how to do this.
It usually takes about 45 minutes for the custom domain to finish initializing. Once it's done it will give you a new Cloudfront URL. Go ahead and make sure your API still works through this new URL.
Go to the Cloudflare DNS tab and setup a CNAME record pointing to Cloudfront URL you just created.
Switch to the crypto tab and set your SSL mode to "Full (Strict)". If you skip this step you'll get a redirect loop.
That's it. Enjoy your new highly available API served from your custom domain!
Set up Amazon's API Gateway Custom Domain with CloudFlare
In your AWS management console go to the API Gateway service and select Custom Domain Names from the left menu.
Click the Create button.
Log into CloudFlare, select your domain and open the Crypto tab
Go to SSL and set your SSL mode to "Full (Strict)" to avoid a redirect loop.
Go to Origin Certificates and click Create Certificate
Let CloudFlare generate a private key and a CSR and choose RSA as the private key type
Make sure that the hostname for your custom API domain is covered. (e.g. api.mydomain.com. You can specifically configure this custom domain or use a wildcard such as *.mydomain.com as is configured by default.
Pick PEM as the key format which is selected by default.
In AWS switch to region US-EAST-1 and goto the Certificate Manager.
Click Import a Certificate.
Copy the certificate body from your CloudFlare certificate to Certificate body to the configuration of the custom domain in the AWS Management Console.
Copy the Private key to the certificate private key field in the console
In the certificate chain copy the Cloudflare Origin CA - RSA Root which can be found here.
Enter your custom domain name in the AWS console and a name for your certificate
Now the custom domain name will be created in AWS CloudFront. It can take up to an hour before the domain becomes active.
The next thing you need to do is set up the mappings of the custom domain in the AWS Console.
The final step is to create a new CNAME Record in CloudFlare to link your domain to the CloudFront url. When you open the settings page of your custom domain in the AWS console copy the Distribution domain name. This is the domain you need to use when creating the new CNAME Record.
Source
I couldn't get any of the other answers to work. So I ended up having AWS generate the certificate instead of using a Cloudflare Origin one. That's because AWS wouldn't accept my Cloudflare certificate, even when the chain was provided. I couldn't see Cloudflare in Mozilla's Certificate Authority list (which is what AWS relies on, according to the docs) so I guess that makes sense.
Here's the outline of my solution:
Create AWS Route53 Zone
Create AWS ACM Certificate (must be in us-east-1) with validation method DNS
Create Cloudflare DNS Record with the output of (2)
Create AWS API Gateway Domain Name
Create Cloudflare DNS CNAME Record pointing '#' (root domain) to the Cloudfront domain name from step (4)
Create AWS API Gateway Base Path Mapping
This should be roughly it. May this help someone. Feel free to ask questions.
Both existing answers to this question are correct, but if the issue still persists even after following these directions perfectly, try going into the API Gateway settings, navigate to "Custom Domain Name" and configure the Base Path Mappings.
This was the missing step that solved all my problems.