Menu
I've created an expressjs api and hosted in AWS lambda with an api gateway for the same. It is working fine as expected with the url:
https://[api-id].execute-api.[region].amazonaws.com/prod/api/v1/todos
But I want to invoke it using a custom domain and I confgiured it using the custom domain option of the api gateway. I've registered my domain using google domains and I've added the CNAME entry in DNS configuration to map it to the cloudfront target domain name. So far so good.
The api gateway custom domain configuration is as follows with corresponding mappings.
My problem is that I'm getting the message Cannot GET /aprod/api/v1/todos, on invoking with url:
https://apis.mydomain.com/aprod/api/v1/todos
and forbidden on
https://apis.mydomain.com/api/v1/todos
.
My cloudwatch logs is as follows. If I'm not invoking with custom domain it works fine (green block), else no specific message (red block).
I've already spent two weekends on this issue, any help is much appreciated.
726
Request or import an SSL/TLS certificate Before creating a custom domain name for your API, you must do one of the following: Request an SSL/TLS certificate from AWS Certificate Manager (ACM). Import an SSL/TLS certificate into ACM.
Based on my experience, there are two possible causes.
If your origin server is inside private VPC, it is necessary to create VPC Link and Network Load Balancer (NLB) instead of Application Load Balancer (ALB).
See more detail: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html
CNAME should point to the API Gateway endpoint instead of CloudFront. In this case, the value of CNAME should be like this.
https://[api-id].execute-api.[region].amazonaws.com
Otherwise, the access through the custom domain is passed directly to the CloudFront.
In my case, A record is used to point to the alias of NLB. It is a functionality of Route53 but using A record might be necessary instead of CNAME.
120
The "Cannot GET" error code is not a Lambda or API Gateway error code, and looks specific to Express JS.
The logs you've posted look like lambda logs, and if so then either lambda is getting invoked by something else, or you have successfully invoked your lambda function via the API call using "https://apis.mydomain.com/aprod/api/v1/todos" as user "Sándor Bakos" suggested.
This means that you aren't dealing with a custom domain or API Gateway error, but instead are seeing this error from your Lambda function code. Some quick googling proves that out and I wonder if this SO post will help? Node, Express - CANNOT GET route
For a bit more detail, if you were to invoke an URI in API Gateway that doesn't exist, unless you are successfully using SIGV4(IAM Auth) you will get a 403 with error message "Missing Authentication Token", and even then it would not return a "Cannot GET" error message unless you specifically mapped a gateway response for it.
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
