Hello I´m using Cloudflare to manage my domain DNS and I want to route
test.domain.com to an AWS rest api gateway. is that possible? or I need to fully host the domain in route53?
I tried with
created lambda function
created api gateway (with Authorization set to NONE)
created a certificate for the domain
created the custom domain in api gateway
now when I go to test.domain.com I see
{
message: "Forbidden"
}
Yes of course you can do this, if you setup a custom hostname in API Gateway with the domain name as your subdomain you will be given a DNS name. When you configure this you will add a path binding to a stage in API Gateway which will then route traffic to your deployment.
You would then assign this as the value to your DNS CNAME record for your subdomain.
More information about setting up a custom domain name is available here.
Related
I have existing hosted zone and A record in AWS route 53. The A record is pointing to cloudfront distribution.
lets say the hosted zone name is abcd.ci.example.io. The A record name is same as hosted zone. I can access the web site at abcd.ci.example.io without any issue.
I also have AWS Gateway API with invoke url https://xxxxx.execute-api.us-west-2.amazonaws.com/dev I can access a particular API route from the browser using invoke url https://xxxxx.execute-api.us-west-2.amazonaws.com/dev/v1/healthcheck
I want to assign a custom domain name to invoke url. So I created a new CNAME record in the hosted zone as api.abcd.ci.example.io and set the value to https://xxxxx.execute-api.us-west-2.amazonaws.com/dev
But then when I try to access a route using https://api.abcd.ci.example.io/v1/healthcheck I get error This site can’t be reached
A simple command line ping to api.abcd.ci.example.io also returns error as Ping request could not find host api.abcd.ci.example.io. Please check the name and try again.
Below is list of records in hosted. There are couple of acm validation records as well for both the domains.
Before API Gateway will let you point your custom domain to it, you first have to setup the custom domain in API Gateway, which includes setting up the SSL certificate API Gateway will use for that custom domain.
Steps I've taken so far:
I've deployed a lambda function which got me to this endpoint https://#############.amazonaws.com/dev/{action} (using serverless)
I've setup a certificate with AWS Certificate Manager for my subdomain. Added the CNAME name & value to my DNS info at my domain name provider and after a while the certificate was issued.
I've setup AWS API Gateway -> Custom Domain names -> Added my subdomain and added an API mapping.
Now I'm stuck I've tried several things:
A. DNS settings at my domain provider: Pointed my a subdomain using "cname" to the endpoint of the lambda function.
B. Looked at AWS Route 53 and tried several combinations... adding the domain and a subdomain / adding the subdomain directly and tried to set the dns settings for my subdomain at my domain provider to "aws route 53" with a record / cname / ips / txt etc...
To assign custom domain name to API gateway, you should assign Alias record. Look here https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-api-gateway.html
But from what you've written I'm not sure if you created Lambda function with connected API Gateway or Lambda with function URL. The difference is well defined here https://www.serverless.com/blog/aws-lambda-function-urls-with-serverless-framework
I'm trying to set up an API using a REGIONAL custom domain that routes HTTP requests to ALB.
The domain is registered with another DNS provider so I will not be using Route53.
Concept:
/path/to/service --> ALB (Listener: /path/*) --> ECS
I first tried with the original invoke URL https://cuxxxxmvk0.execute-api.ap-east-1.amazonaws.com/stage/path/to/service, it returns ALB context path error (It's expected because ALB gets /stage/path/to/service which doesn't hit any prefix).
Then I created a custom domain with API mapping (no base path) that maps to the stage, and try invoking it with the provided "API Gateway domain name" (The one generated by custom domain). Full URL: https://d-yjexxxds3.execute-api.ap-east-1.amazonaws.com/path/to/service
However, it returns {"message":"Not Found"}
API Gateway domain name
So my question here is:
How does the "API Gateway domain name" generated by custom domain works? Can I directly invoke the API with it?
Is it a must to CNAME it (i.e. CAME api.mydomain.com d-yjexxxds3.execute-api.ap-east-1.amazonaws.com)?
Can I make my final endpoint to be api.mydomain.com/path/to/service without the stage in path?
From the question I can see that you're trying to use CNAME to resolve to URL/some/path but that's not how it works. DNS service will only map your CNAME to some other URL only. The path (/some/path) part will remain same from your domain or API-GW URL.
Other thing to note here is that since you're not using Route53, you do not need Custom Domain Name of API-GW. Create a CNAME which is something like
example.com CNAME d-yjexxxds3.execute-api.ap-east-1.amazonaws.com
I would suggest you add /stage in your ALB prefix so that it can be accessed by API-GW and your own domain.
How does the "API Gateway domain name" generated by custom domain works? Can I directly invoke the API with it?
Yes, you can
Is it a must to CNAME it (i.e. CAME api.mydomain.com d-yjexxxds3.execute-api.ap-east-1.amazonaws.com)?
It is either CNAME (when the DNS is managed by an external provider) or it can be ALIAS (directly returning A records if you manage the DNS in Route53). Please note you need a validated certificate in the certificate manager.
Can I make my final endpoint to be api.mydomain.com/path/to/service without the stage in path?
https://d-xxxxxxds3.execute-api...
As far I know you should invoke the API by defined custom domain name (api.mydomain.com). If calling the d-.. domain will work, I'm not sure
https://api.mydomain.com/path/to/api
I'm not sure what is not working in your setup. Indeed in the custom domain mapping you can have a mapping directly to certain stage, so you may invoke the API as https://customdomain/path/to/api We have it working this way.
Long story short, your setup / idea is generally good. You may enable logging on the API Gateway or stage to find out what is not working (if the NOT FOUND is retuned by the API GW or backend ELB)
I am trying to setup a custom domain endpoint for API gateway published endpoint but not able to set.
I've followed all steps
Custom domain DNS is managed by AWS (aws cannot own this as its a .ai URL)
Created ACM Certificate for subdomain. (subdomain.host.ai)
Add Custom API in API Gateway with Mapping to particular Stage
Add A record for custom domain to point to "d-abcde12345.execute-api.us-west-2.amazonaws.com"
What might be going wrong.
When you are pointing to a DNS hostname, rather than an IP, you need a CNAME record. More importantly, when you assign a custom domain to your API Gateway, it will create a CloudFront distribution for you and gives you a CloudFront endpoint: E123CNFSOMETHING.cloudfront.net. You need to create a CNAME record in your registrar dashboard to point to this address, not the API Endpoint:
FROM TO TTL
subdomain E123CNFSOMETHING.cloudfront.net. 300
I have a aws api gateway hosted in mumbai(ap-south-1). I am trying to add a custom domain to the endpoint.
I created a ACM certificate in the same region and created a Custom Domain Name in the api gateway. The api gateway allowed me to use the ACM certificate only in regionalised(ap-south-1) endpoint configuration and not edge(us-east-1) optimised configuration. This is resulting in a target domain in the format as
*.ap-south-1.amazonaws.com
and not in the cloudfront format like
*.cloudfront.net
After creating the custom domain name(api.mydomain.com) I tried to add it to the hosted zone in route53.
When I try to Create Record Set using target domain in above format(*.ap-south-1.amazonaws.com), I am getting an error
The record set could not be saved because:
- Alias Target contains an invalid value.
I tried by creating the certificate in us-east-1 and creating an edge optimised endpoint. Here I got the cloudfront endpoint. But when I try to access the endpoint, I am getting forbidden exception.
Found that we have to use the certificate from us-east-1(N. Virginia) region and get the cloudfront endpoint it self. I am not sure why they allow regional endpoints if they don't support them in route 53.
For the forbidden error I was not using the correct url(used v1 in endpoint creation).