Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS API Gateway not working with custom domain

I've created an expressjs api and hosted in AWS lambda with an api gateway for the same. It is working fine as expected with the url:

https://[api-id].execute-api.[region].amazonaws.com/prod/api/v1/todos

But I want to invoke it using a custom domain and I confgiured it using the custom domain option of the api gateway. I've registered my domain using google domains and I've added the CNAME entry in DNS configuration to map it to the cloudfront target domain name. So far so good.

enter image description here

The api gateway custom domain configuration is as follows with corresponding mappings.

enter image description here

My problem is that I'm getting the message Cannot GET /aprod/api/v1/todos, on invoking with url:

https://apis.mydomain.com/aprod/api/v1/todos

and forbidden on

https://apis.mydomain.com/api/v1/todos

.

My cloudwatch logs is as follows. If I'm not invoking with custom domain it works fine (green block), else no specific message (red block).

enter image description here

I've already spent two weekends on this issue, any help is much appreciated.

like image 726
Krishna Mohan Avatar asked Sep 15 '19 12:09

Krishna Mohan


People also ask

How do I add a domain to AWS API gateway?

Request or import an SSL/TLS certificate Before creating a custom domain name for your API, you must do one of the following: Request an SSL/TLS certificate from AWS Certificate Manager (ACM). Import an SSL/TLS certificate into ACM.


2 Answers

Based on my experience, there are two possible causes.

VPC Link

If your origin server is inside private VPC, it is necessary to create VPC Link and Network Load Balancer (NLB) instead of Application Load Balancer (ALB).

See more detail: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html

Point to API Gateway Endpoint

CNAME should point to the API Gateway endpoint instead of CloudFront. In this case, the value of CNAME should be like this.

https://[api-id].execute-api.[region].amazonaws.com

Otherwise, the access through the custom domain is passed directly to the CloudFront.

(Another Possible Cause) Using A Record

In my case, A record is used to point to the alias of NLB. It is a functionality of Route53 but using A record might be necessary instead of CNAME.

like image 120
Kai Sasaki Avatar answered Oct 03 '22 12:10

Kai Sasaki


The "Cannot GET" error code is not a Lambda or API Gateway error code, and looks specific to Express JS.

The logs you've posted look like lambda logs, and if so then either lambda is getting invoked by something else, or you have successfully invoked your lambda function via the API call using "https://apis.mydomain.com/aprod/api/v1/todos" as user "Sándor Bakos" suggested.

This means that you aren't dealing with a custom domain or API Gateway error, but instead are seeing this error from your Lambda function code. Some quick googling proves that out and I wonder if this SO post will help? Node, Express - CANNOT GET route

For a bit more detail, if you were to invoke an URI in API Gateway that doesn't exist, unless you are successfully using SIGV4(IAM Auth) you will get a 403 with error message "Missing Authentication Token", and even then it would not return a "Cannot GET" error message unless you specifically mapped a gateway response for it.

like image 39
NoPathInParticular Avatar answered Oct 03 '22 11:10

NoPathInParticular