Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Custom domain for API Gateway returning 403

Tags:

amazon-web-services

aws-api-gateway

amazon-cloudfront

I am creating an api using API Gateway and Lambda. Using the url designated in the API Gateway Stage editor everything works fine; however, when I try and move to a custom domain I am running into some issues.

The first thing I tried was using a CNAME record in Route 53 straight from my domain onto the domain that I got from the API Gateway. That was returning some errors and I think it is the incorrect solution is that correct?

Next I tried the Custom Domain Names feature in API Gateway. My understanding is this will roll up a CloudFront distribution that I can then map onto from Route 53. When I created the custom domain and added a Domain Mapping it provides me with a url to what I assume is a CloudFront distribution. The link is returning a 403 response and no distribution has been made in CloudFront. What is a good way of debugging this problem?

like image 820
BBS Avatar asked Apr 07 '16 03:04

BBS

People also ask

Why do I get an HTTP 403 Forbidden error when connecting to my API gateway APIs from a VPC?

The HTTP 403 Forbidden error most commonly occurs when private DNS is enabled for an API Gateway interface VPC endpoint that's associated with a VPC. In this scenario, all requests from the VPC to API Gateway APIs resolve to that interface VPC endpoint.

What are most likely causes If an API starts to send 403 status codes randomly for requests?

The most common cause of a 403 Forbidden Error is simply inputting an incorrect URL. As discussed before, many tightly secured web servers disallow access to improper URLs. This could be anything from accessing a file directory to accessing a private page meant for other users.

2 Answers

You need to use host header in your request. Host should be your custom domain.

curl https://<cf-id>.cloudfront.net/myapi -H "Host: api.myapi.com"
like image 169
Santosh Sahu Avatar answered Oct 12 '22 11:10

Santosh Sahu

Here is the developer guide if you haven't seen it. http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html

All you need to do is set up a CNAME with your DNS provider pointing at the CF distribution that API Gateway gives you. You won't be able to make API calls directly to the CF distribution. API Gateway maps the API/stage from the Base Path mapping you set up in API Gateway so only API calls directed at the domain name will work correctly.

like image 29
jackko Avatar answered Oct 12 '22 12:10

jackko
Sign in to Comment

Related questions

AWS Cognito User Pool without a password
Web Hosting on Amazon AWS (PHP + MySQL)
In AWS Lambda, where can I securely store API Credentials?
Can you export/migrate users out of AWS cognito, does it cause vendor lock-in?
OutOfMemoryError when creating AmazonS3Client in Lambda
How do you look at console.log output of the amazon lambda function
Can I store a temp file on AWS Lambda Function?
Can't detach network interfaces
Amazon EC2/SES SMTP Timeout
NLB Target Group health checks are out of control
aws-lambda Cannot find module
Reading contents of a gzip file from a AWS S3 in Python
Boto - Uploading file to a specific location on Amazon S3
aws s3 replace file atomically
Amazon Cloudfront Cache-Control: no-cache header has no effect after 24 hours
Download file from url and upload it to AWS S3 without saving - node.js
AWS CLI get download S3 URL for private bucket from AWS CLI
What exactly is a single Heroku Web Dyno?
Cloudfront serving over own SSL certificate
How is Amazon DynamoDB throughput calculated and limited?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!