Understanding AWS API Gateway Custom Domain Names

Question

I am struggling to understand how AWS API Gateway Custom Domain works.

I have set up a Regional Custom Domain Name for my api, like api.example.com. The result is a Target Domain Name in the form of:

aaaaaaaaaaaa.execute-api.us-east-1.amazonaws.com

If I try to invoke the API using this link, such as in:

https://aaaaaaaaaaaa.execute-api.us-east-1.amazonaws.com/mymap/mystage/example

But I get a 403 Forbidden.

BUT, if I go to Stages and select mystage there's a big blue Invoke URL in the form of:

https://bbbbbbbbbb.execute-api.us-east-1.amazonaws.com/mymap/mystage/example

Which works!

So here come my first 2 questions:

1 - Why does API Gateway generate 2 different URLs for the same API (the Target Domain Name and the Invoke URL)?

2 - Why does the Invoke URL works and the Target Domain Name doesn't?

---

Here's the second part of my question, I am trying to configure Route 53 for the Regional Custom Domain Name configuration, but I can't find any examples about the right way to do it (just for Edge Optimized Custom Domain Name).

I tried to create an A record for api.example.com as an Alias to aaaaaaaaaaaa.execute-api.us-east-1.amazonaws.com, but it says:

The record set could not be saved because: - Alias Target contains an invalid value.

So I created a CNAME record for api.example.com, setting Alias to No (setting as a Yes brings the same error message as in the A record case) and the value as aaaaaaaaaaaa.execute-api.us-east-1.amazonaws.com but then I get a 404 when I try to invoke my API as https://api.example.com/mymap/mystage/example.

What am I doing wrong?

---

EDIT:

This thread was moved to the AWS Forums here

---

EDIT 2:

Apparently, as the AWS support guys said, there is an inconsistency on how API Gateway treats Custom Domain Names and regular API Gateway URLs, all is documented at this AWS Forum thread here

Answer 1

If anyone wants to understand what was going on with API Gateway, take a look at this thread.

It basically says that API Gateway processes regular URLs (like aaaaaaaaaaaa.execute-api.us-east-1.amazonaws.com) differently than how it processes Custom Domain Name URLs (like api.myservice.com). So when API Gateway forwards your API request to your Lambda Function, your Lambda Function will receive different path values, depending on which type of your URL you used to invoke your API.

In my case I am using the serverless java container, so I can run a Jersey webservice on AWS Lambda. Since the URL is not being passed the same for both URLs, Jersey will return a 404 when it receives an URL that is malformed for its configuration.

The AWS API Gateway team said their are thinking about making this URL invocation uniform, but no compromises on it so far (January 2018).

The Route 53 part of my question is answered by Jack and I have nothing to add.

Answer 2

The Route53 console doesn't support API Gateway as an ALIAS target yet. You'll have to make the ALIAS record using a CLI/SDK (or the hit the R53 API directly) and provide the target hosted zone listed on this page: http://docs.aws.amazon.com/general/latest/gr/rande.html#apigateway_region

Why does API Gateway generate 2 different URLs for the same API (the Target Domain Name and the Invoke URL)?

The Invoke URL is the default endpoint that is always available with a valid SSL certificate. This endpoint is managed by API Gateway. The target domain name is optional (you have to set up the custom domain name), and the DNS and SSL certificate are managed by you/customer.

Thanks, Jack