I'm trying to build a serverless app with AWS. My API is working fine, but my custom domain is not. I'm receiving a 403 forbidden answer. This is how it's configured my custom domain:
And then I'm using the Target URL provided by this Custom Domain in Route 53 as CNAME. How can I fix this?
The CNAME should point to the CloudFront endpoint (*.cloudfront.net) rather than the API Gateway endpoint (*.execute-api.[region].amazonaws.com).
The CloudFront endpoint can be found by going to API Gateway -> Custom Domain Names. A CloudFront domain should be listed under "Target Domain Name".
Related
I am building a graphql server using AWS appsync. It generates a random endpoint URL and I'd like to put it behind a DNS customer domain. I have read this article https://aws.amazon.com/blogs/mobile/use-a-custom-domain-with-aws-appsync-amazon-cloudfront-and-amazon-route-53/ and it mentions cloudfront. I don't really need any cache for my application so I wonder why do I need cloudfront?
Can route53 forward the request to appsync endpoint? I don't understand why I need cloudfront. I thought route53 can work as a proxy to forward request from customised domain to target domain.
There is an open GitHub issue for this feature:
Feature Request: Custom domain name
Based on the issue, the use of CloudFront as in your link, seems to be the only feasible way for now to have custom domains with SSL certificates for your appsync endpoint. Using API Gateway to proxy requests to your endpoint also seems as a possibility.
Hello I´m using Cloudflare to manage my domain DNS and I want to route
test.domain.com to an AWS rest api gateway. is that possible? or I need to fully host the domain in route53?
I tried with
created lambda function
created api gateway (with Authorization set to NONE)
created a certificate for the domain
created the custom domain in api gateway
now when I go to test.domain.com I see
{
message: "Forbidden"
}
Yes of course you can do this, if you setup a custom hostname in API Gateway with the domain name as your subdomain you will be given a DNS name. When you configure this you will add a path binding to a stage in API Gateway which will then route traffic to your deployment.
You would then assign this as the value to your DNS CNAME record for your subdomain.
More information about setting up a custom domain name is available here.
I am trying to setup a custom domain endpoint for API gateway published endpoint but not able to set.
I've followed all steps
Custom domain DNS is managed by AWS (aws cannot own this as its a .ai URL)
Created ACM Certificate for subdomain. (subdomain.host.ai)
Add Custom API in API Gateway with Mapping to particular Stage
Add A record for custom domain to point to "d-abcde12345.execute-api.us-west-2.amazonaws.com"
What might be going wrong.
When you are pointing to a DNS hostname, rather than an IP, you need a CNAME record. More importantly, when you assign a custom domain to your API Gateway, it will create a CloudFront distribution for you and gives you a CloudFront endpoint: E123CNFSOMETHING.cloudfront.net. You need to create a CNAME record in your registrar dashboard to point to this address, not the API Endpoint:
FROM TO TTL
subdomain E123CNFSOMETHING.cloudfront.net. 300
I'm currently testing out how to setup CloudFront with Regional Api Gateway that includes a Custom Domain but have run into a bit of snag.
I would like to be able to use: https://mySuperDomain.com/rest/get_stuff
Setup:
Api Gateway
I have a regional Api Gateway that points to a Lambda function.
The Gateway includes a Cognito Authorizer
The Integration Request is a Lambda Proxy
The base Resource is "/" with Methods: GET & OPTIONS
The stage is "dev"
Custom Domain name and ACM are set to "mySuperDomain.com"
Configuration is also Regional
Directly calling the url works as expected: https://XXXXXXXX.execute-api.REGION.amazonaws.com/dev
Route53
A record is an alias that points to the CloudFront Distribution
Base domain also contains NS, SOA, and MX
CloudFront
Origins:
Alternate Domain Names: www.mySuperDomain.com & mySuperDomain.com
Origin and Domain Path: XXXXXXXX.execute-api.REGION.amazonaws.com/dev
HTTPS only
Behaviors:
/rest/*
Origin group is set to the Origin
HTTPS only
This is where things get confusing.
When including no headers, I get a "Missing Authentication Token" error. This signals to me that I'm hitting the correct endpoint but the Authentication Token is not making it through CloudFront.
However, when I whitelist what I describe as the kitchen sink: "Authorization, Host, Origin, Referer, Accept-Datetime", I get 403 Forbidden when calling: https://mySuperDomain.com/rest/get_stuff.
What am I missing in order to access the specified custom domain URL? Thanks ahead of time.
I have a aws api gateway hosted in mumbai(ap-south-1). I am trying to add a custom domain to the endpoint.
I created a ACM certificate in the same region and created a Custom Domain Name in the api gateway. The api gateway allowed me to use the ACM certificate only in regionalised(ap-south-1) endpoint configuration and not edge(us-east-1) optimised configuration. This is resulting in a target domain in the format as
*.ap-south-1.amazonaws.com
and not in the cloudfront format like
*.cloudfront.net
After creating the custom domain name(api.mydomain.com) I tried to add it to the hosted zone in route53.
When I try to Create Record Set using target domain in above format(*.ap-south-1.amazonaws.com), I am getting an error
The record set could not be saved because:
- Alias Target contains an invalid value.
I tried by creating the certificate in us-east-1 and creating an edge optimised endpoint. Here I got the cloudfront endpoint. But when I try to access the endpoint, I am getting forbidden exception.
Found that we have to use the certificate from us-east-1(N. Virginia) region and get the cloudfront endpoint it self. I am not sure why they allow regional endpoints if they don't support them in route 53.
For the forbidden error I was not using the correct url(used v1 in endpoint creation).