I'm trying to set up an API using a REGIONAL custom domain that routes HTTP requests to ALB.
The domain is registered with another DNS provider so I will not be using Route53.
Concept:
/path/to/service --> ALB (Listener: /path/*) --> ECS
I first tried with the original invoke URL https://cuxxxxmvk0.execute-api.ap-east-1.amazonaws.com/stage/path/to/service, it returns ALB context path error (It's expected because ALB gets /stage/path/to/service which doesn't hit any prefix).
Then I created a custom domain with API mapping (no base path) that maps to the stage, and try invoking it with the provided "API Gateway domain name" (The one generated by custom domain). Full URL: https://d-yjexxxds3.execute-api.ap-east-1.amazonaws.com/path/to/service
However, it returns {"message":"Not Found"}
API Gateway domain name
So my question here is:
How does the "API Gateway domain name" generated by custom domain works? Can I directly invoke the API with it?
Is it a must to CNAME it (i.e. CAME api.mydomain.com d-yjexxxds3.execute-api.ap-east-1.amazonaws.com)?
Can I make my final endpoint to be api.mydomain.com/path/to/service without the stage in path?
From the question I can see that you're trying to use CNAME to resolve to URL/some/path but that's not how it works. DNS service will only map your CNAME to some other URL only. The path (/some/path) part will remain same from your domain or API-GW URL.
Other thing to note here is that since you're not using Route53, you do not need Custom Domain Name of API-GW. Create a CNAME which is something like
example.com CNAME d-yjexxxds3.execute-api.ap-east-1.amazonaws.com
I would suggest you add /stage in your ALB prefix so that it can be accessed by API-GW and your own domain.
How does the "API Gateway domain name" generated by custom domain works? Can I directly invoke the API with it?
Yes, you can
Is it a must to CNAME it (i.e. CAME api.mydomain.com d-yjexxxds3.execute-api.ap-east-1.amazonaws.com)?
It is either CNAME (when the DNS is managed by an external provider) or it can be ALIAS (directly returning A records if you manage the DNS in Route53). Please note you need a validated certificate in the certificate manager.
Can I make my final endpoint to be api.mydomain.com/path/to/service without the stage in path?
https://d-xxxxxxds3.execute-api...
As far I know you should invoke the API by defined custom domain name (api.mydomain.com). If calling the d-.. domain will work, I'm not sure
https://api.mydomain.com/path/to/api
I'm not sure what is not working in your setup. Indeed in the custom domain mapping you can have a mapping directly to certain stage, so you may invoke the API as https://customdomain/path/to/api We have it working this way.
Long story short, your setup / idea is generally good. You may enable logging on the API Gateway or stage to find out what is not working (if the NOT FOUND is retuned by the API GW or backend ELB)
Related
I have created an AWS Lambda with the new function URL feature enabled.
Since the URL isn't that easy to remember, I would like to create a Route 53 alias like lambda.mywebsite.com.
There is no Route 53 alias for Lambda function URLs in the drop-down menu for aliases in Route 53.
How can I call my AWS Lambda function URL via a custom domain?
Is a CNAME record the way to go?
How can I call my AWS Lambda function URL via a custom domain?
If you must use an AWS Lambda function URL, fronting it with a CloudFront distribution with your desired custom domain name is the only way currently.
There is no support currently for a Route 53 alias record, as the Host header must be set to the Lambda function URL domain. If the Host header does not exist, HTTP 400 Bad Request is returned & if it does exist but is not the correct value, HTTP 403 Forbidden is returned.
They are meant to be the simplest & fastest way to invoke your Lambda functions via a public endpoint without using other AWS services like API gateway, so a native lack of support for a custom domain name makes sense.
I tried the same once lambda url feature was out.
Following are the steps:
Create a cloudfront distribution with lambda url as https endpoint, add the domain name in the alternate domain name field.
Create a A record for the domain in Route53 and point it to the cloudfront distribution.
Note:
If in case you haven't added domain certificate in step1 then the cloudfront option in step2 wont show any value to select.
If you use CloudFlare for your DNS services you can use Redirect Rules under the Rules tab.
For simple projects the DNS management is free, and you get up to 10 free Redirect Rules.
More info here: https://developers.cloudflare.com/rules/url-forwarding/single-redirects/create-dashboard/
For my purposes in CloudFlare I set up a Static redirect to my Lambda URL provided in the AWS Console, with a 307 Status Code:
Looking for a similar solution but you'll be limited to 60secs response timeout for a custom origin in case of cloudfront. It can be requested up to 180 secs. If you looking beyond ALB is your best bet. I am now adding lambda function to a targetgroup than going to add this to ALB. Once it works definitely going to post my complete config or confirmation here.
Hello I´m using Cloudflare to manage my domain DNS and I want to route
test.domain.com to an AWS rest api gateway. is that possible? or I need to fully host the domain in route53?
I tried with
created lambda function
created api gateway (with Authorization set to NONE)
created a certificate for the domain
created the custom domain in api gateway
now when I go to test.domain.com I see
{
message: "Forbidden"
}
Yes of course you can do this, if you setup a custom hostname in API Gateway with the domain name as your subdomain you will be given a DNS name. When you configure this you will add a path binding to a stage in API Gateway which will then route traffic to your deployment.
You would then assign this as the value to your DNS CNAME record for your subdomain.
More information about setting up a custom domain name is available here.
Is it possible to CNAME my own domain to AWS API gateway invoke URL?
For example, i owned example.com. I want to create (in Route53) a CNAME record from api.example.com to abcefg.execute-api.ap-southeast-1.amazonaws.com.
Using my terminal, i am able to resolve api.example.com to the invoke URL listing all 4 AWS DNS server. However, i am unable to reach my API via api.example.com but i can do so with the invoke URL without any issue.
May i know if such a CNAME can work at all or must i use a custom domain to achieve that? Thank you.
In the API Gateway console, you have to declare the custom domain that you want to use to access your API.
You will need to provide:
the protocol (HTTP or WebSocket)
the domain's name
the TLS version (leave default if not sure)
the endpoint configuration (if not sure, check this answer)
an ACM certificate (if you don't have one, you will need to create one in ACM)
The process is pretty straightforward but you will find more documentation on this process in the AWS docs if needed.
So I want something like
"example.com/helloworld" to display the Hello World message I have stored in my Lambda Function. My CFN creates a Lambda Function, and creates an API, then connects both of these services.
However, I don't know what resources to use to connect my API Gateway to a Custom DNS name like "example.com/helloworld" so I can display "Hello World" from my Lambda Function in a browser. What resources do I need here?
First step is to go to the "Custom domain names" section of your API Gateway and configure a domain for a particular API and stage. This will instruct the CloudFront distribution that serves your API (API Gateway is always served by a CloudFront in the background) to accept network requests for that domain and forward them to a particular stage (e.g. testing or production). This way you can have different domains instead of URL paths for different stages and use just the endpoint (part after the stage) of the URL.
Then you need to own a domain name (e.g. example.com) and point your domain's CNAME record to the domain that you get when you configure your API Gateway's custom domain.
If your domain is hosted on the AWS Route53 service, you can create just an ALIAS for the domain given to you by the API Gateway instead of the CNAME.
If you are asking for Cloud formation resource for connect APIGW to custom domain name ( or creating a custom domain name in APIGW ) - it is AWS::APIGateway::DomainName
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html
I have a deployed API Gateway Regional Enpoint in the form of:
https://some-id.execute-api.us-east-1.amazonaws.com/prod/my-path/
I know that in order to have a custom domain like www.my-domain.com resolve to https://some-id.execute-api.us-east-1.amazonaws.com/prod/my-path/ I must setup an api gateway custom domain and cloudfront distribution.
However, I'm only interested in having www.my-domain.com resolve to some-id.execute-api.us-east-1.amazonaws.com (without the path). This is so I don't need to update my clients if the deployment id changes.
I tried setting up a Route53 CNAME record with the value of some-id.execute-api.us-east-1.amazonaws.com for api.my-domain.com but it doesn't work.
I believe you just need to leave your custom domain without a base mapping. From the AWS documentation:
If you do not set any base mapping under a custom domain name, the resulting API's base URL is the same as the custom domain (e.g., https://api.example.com.) In this case, the custom domain name cannot support more than one API.