AWS Document says,
Custom domain names are not supported for private APIs.
Source: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html
What does this exactly mean? I am able to attach a custom domain name to the Private API.
However I am facing issues with SSL Certificates.
API Gateway has 4 options:
REST API Private is the same as REST APIs except it is only accessible from within a VPC. To access the REST API from within the VPC an interface VPC endpoint is required. If you do not use an interface VPC endpoint then you can access the REST API on API Gateway via NAT which goes via the internet gateway or just an internet gateway. In either case this would be a public REST API over the internet.
When using the VPC interface endpoint, AWS generates a custom domain name. This domain name is used within the VPC to locate the endpoint and redirect to the REST API. For this reason you cannot specify your own custom domain name at this time. You can specify a custom domain name for a public facing REST API.
Because you cannot specify your own custom domain name, you cannot use your own custom certificates.
Because the VPC interface endpoint is called API Gateway internally TLS 1.2 is used. This cannot be changed either.
If you want to use your own certificates, then you would need to define your own domain name, and use a public facing REST API defined in API Gateway.
Alternatively you could use a custom domain name internal to your VPC, generate a certificate for this domain name. Put the certificate on a proxy server like NGINX, use the proxy to front the interface endpoint. The interface endpoint uses an Elastic Network Interface (ENI) and therefor has a Security Group, and you can restrict traffic to originate from the proxy using the Security Group. In this case the certificate will reside on the proxy, and TLS will terminate on the proxy server. The proxy server will then access the REST API over a new connection.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With