Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Custom domain for API Gateway returning 403

I am creating an api using API Gateway and Lambda. Using the url designated in the API Gateway Stage editor everything works fine; however, when I try and move to a custom domain I am running into some issues.

The first thing I tried was using a CNAME record in Route 53 straight from my domain onto the domain that I got from the API Gateway. That was returning some errors and I think it is the incorrect solution is that correct?

Next I tried the Custom Domain Names feature in API Gateway. My understanding is this will roll up a CloudFront distribution that I can then map onto from Route 53. When I created the custom domain and added a Domain Mapping it provides me with a url to what I assume is a CloudFront distribution. The link is returning a 403 response and no distribution has been made in CloudFront. What is a good way of debugging this problem?

like image 820
BBS Avatar asked Apr 07 '16 03:04

BBS


People also ask

Why do I get an HTTP 403 Forbidden error when connecting to my API gateway APIs from a VPC?

The HTTP 403 Forbidden error most commonly occurs when private DNS is enabled for an API Gateway interface VPC endpoint that's associated with a VPC. In this scenario, all requests from the VPC to API Gateway APIs resolve to that interface VPC endpoint.

What are most likely causes If an API starts to send 403 status codes randomly for requests?

The most common cause of a 403 Forbidden Error is simply inputting an incorrect URL. As discussed before, many tightly secured web servers disallow access to improper URLs. This could be anything from accessing a file directory to accessing a private page meant for other users.


2 Answers

You need to use host header in your request. Host should be your custom domain.

curl https://<cf-id>.cloudfront.net/myapi -H "Host: api.myapi.com" 
like image 169
Santosh Sahu Avatar answered Oct 12 '22 11:10

Santosh Sahu


Here is the developer guide if you haven't seen it. http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html

All you need to do is set up a CNAME with your DNS provider pointing at the CF distribution that API Gateway gives you. You won't be able to make API calls directly to the CF distribution. API Gateway maps the API/stage from the Base Path mapping you set up in API Gateway so only API calls directed at the domain name will work correctly.

like image 29
jackko Avatar answered Oct 12 '22 12:10

jackko