Creating a custom domain name for a stage in API Gateway and attaching the cert

Question

Hello,
I would like to expose one stage of a deployed API Gateway under a constant url. What is the shortest path to prototyping this?
It looks to me like a Custom Domain Name is required. This in turn will require a certificate. For prototyping, is it sufficient to create a private certificate manager?

To summarize, they believe the following needs to be completed:

1. Create a private certificate manager (within ACM)
 2. Create a private certificate
 3. Create a custom domain name
 4. Add a mapping to the custom domain name, exposing the deployed API Gateway

Can a private cert be used with a custom domain within API Gateway and is this the correct approach?

Thanks!

Accepted Answer

Hi @owenwynn,

As states in the doc you can use private certificates on API Gateway: "With ACM Private CA you can choose to delegate certificate management to ACM for certificates used with ACM-integrated services, such as Elastic Load Balancing and API Gateway." Although you will need to have an existent CA in place, because you can only create subordinate private CAs. And later you will need to add the certificate from the authority in the API client (browser, postman, etc) in order to call it without receiving invalid certificate messages.

Another option is to create public certificates from ACM (it is free). This way their app client won't show any error message that the certificate is invalid. Only issue with using public certificate is the validation, which can be done by adding a DNS entry generated by ACM or by email (you need to have access to some specific email boxes like postmaster).

Unless it is very hard for them to validate the public certificate I would recommend to use it instead of private ones. They can create wildcard certificates, and use the same certificate for all prototypes they need to perform.

Creating a custom domain name for a stage in API Gateway and attaching the cert

Relevanter Inhalt