Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to CNAME to Amazon API Gateway Endpoint

Tags:

amazon-web-services

dns

aws-api-gateway

amazon-cloudfront

I'm trying to set a CNAME on Cloudflare to point to an Amazon API Gateway endpoint. The CNAME is for use when referring to one of my subdomains. The gateway in turn points to the IP of a server on DigitalOcean. I am very new to Amazon web services and would appreciate if someone could give me an overview of the correct configuration for the DNS, Amazon Gateway and Cloudfront (which I think is needed to expose the gateway to DNS servers external to Amazon). Any help would be much appreciated.

UPDATE

I've been going at this for a while now and not making much progress. Does anyone have an idea if this is a viable approach or how else it might be done?

UPDATE2

I thought I needed to add the CNAME record to cloudFlare and just ended up in a redirect loop, observed by:

curl -L -i -v https://sub.mydomain.com/
like image 777
Silian Rails Avatar asked Apr 20 '16 07:04

Silian Rails

People also ask

Can you create HTTP endpoints with Amazon API gateway?

You can create an HTTP API by using the AWS Management Console, CLI, APIs, CloudFormation, SDKs, or the Serverless Application Model (SAM). Let's review creating an HTTP API via the AWS Management Console. If you are familiar with API Gateway, the first thing you'll notice is a new console experience.

How do I change API gateway invoke URL?

If you want to change the URL of the integration endpoint, you need to open the "Integration Request" tab on the method settings, make sure the integration type is set to "HTTP Proxy" and update the "Endpoint URL" field.

How do I use API gateway domain?

To set up a custom domain name for your API Gateway API, do the following: Request or import an SSL/TLS certificate. Create the custom domain name for your REST API, HTTP API, or WebSocket API. Test the setup by calling your API using the new custom domain name.

1 Answers

NOTE: It seems this method doesn't work anymore as AWS now only accepts certificates from certain authorities. I haven't tested it myself, but the answer by Gunar looks promising.

There are several reasons why it doens't work to simply point Cloudflare at your API Gateway domain and call it a day:

  • API Gateway uses shared hosting so it uses the domain name to figure out what API to send requests to. It has no way of knowing that api.yourdomain.com belongs to your API.
  • API Gateway requires that you use https, but the certificate that it uses is only valid for the default domain.

There is a solution, however. Here are the steps that I followed when I recently set this up:

  1. Generate an origin certificate from the crypto tab of the Cloudflare dashboard.
  2. Import the certificate to AWS Certificate manager in the us-east-1 region, even if your API is located in a different region. If you are prompted for the certificate chain you can copy it from here.
  3. Add your custom domain in the API Gateway console and select the certificate you just added. Check the AWS support article for more information on how to do this.
  4. It usually takes about 45 minutes for the custom domain to finish initializing. Once it's done it will give you a new Cloudfront URL. Go ahead and make sure your API still works through this new URL.
  5. Go to the Cloudflare DNS tab and setup a CNAME record pointing to Cloudfront URL you just created.
  6. Switch to the crypto tab and set your SSL mode to "Full (Strict)". If you skip this step you'll get a redirect loop.

That's it. Enjoy your new highly available API served from your custom domain!

like image 196
BonsaiOak Avatar answered Sep 17 '22 08:09

BonsaiOak
Sign in to Comment

Related questions

Can you run a rails console or rake command in the elastic beanstalk environment?
UUIDs for DynamoDB?
https on S3 WITHOUT cloudfront possible?
How do you write to the file system of an aws lambda instance?
How many databases can I create on a single Amazon RDS instance
How do you run a worker with AWS Elastic Beanstalk?
How to copy/move all objects in Amazon S3 from one prefix to other using the AWS SDK for Node.js
How can I allow a Group to assume a Role?
How can I import bulk data from a CSV file into DynamoDB?
Is it possible to save datetime to DynamoDB?
DynamoDB : The provided key element does not match the schema
Ansible idempotent MySQL installation Playbook
Allow AWS Lambda to access RDS Database
What is partition key in AWS Kinesis all about?
get ec2 pricing programmatically?
Difference between SAM template and Cloudformation template
How do I use Amazon Cognito as user authentication for my website (NOT mobile app) [closed]
Are there any API's for Amazon Web Services PRICING? [closed]
Amazon RDS Aurora vs RDS MySQL vs MySQL on EC2?
How do you put up a maintenance page for AWS when your instances are behind an ELB?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!