Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

ApiGatewayV2 - HttpApi - Cannot use a custom domain

0

Hello,

  1. I can use auto-deploy on both the $default or custom "prod" stage to get a working link for my API.

E.g. The $default deploys to https://\[ApiId].execute-api.eu-west-1.amazonaws.com

  1. I can add a custom domain (test.\[domain].com) with a valid certificate, where I receive the "API Gateway domain name".

E.g. d-\[RandomChars].execute-api.eu-west-1.amazonaws.com

  1. I add the a Route53 Alias from my test.\[domain].com to the above "API Gateway domain name".

test.\[domain].com. A ALIAS d-\[RandomChars].execute-api.eu-west-1.amazonaws.com

  1. I add the API mapping of the custom domain to "My Http Api" on stage "$default", I do not specify path, as simply "/" is not supported.

  2. Neither https://d-\[RandomChars].execute-api.eu-west-1.amazonaws.com nor my custom domain navigates to my API (ERR_CONNECTION_REFUSED). But https://\[ApiId].execute-api.eu-west-1.amazonaws.com does.

What am I doing wrong? Is this a bug?

Themen
ServerlosFrontend-Web & MobileVernetzung & Bereitstellung von Inhalten
Tags
Amazon API-Gateway
Sprache
English
DemoWearing
gefragt vor 4 Jahren408 Aufrufe
3 Antworten
1

I fixed the problem,

These steps are correct, I was being foolish, Chrome was trying to access it with http, it of course requires https.

DemoWearing
beantwortet vor 4 Jahren
0

Hey! I am wondering about your Step 2 -- the "with a valid certificate" part.

I added a custom domain, and get a "d-\[RandomChars].execute-api.us-east-1.amazonaws.com" as well.

However, I noticed in this "Endpoint configuration" window that it does not show a "Certificate upload date" -- we have 2 other custom domains that do show a "Certificate upload date" just below the "Hosted zone ID" info, but they are "Edge" and mine is "Regional".

Does your custom domain "Endpoint configuration" show a certificate upload date?

I am searching fiendishly for why my custom domain remains "Forbidden"!!!

Edited by: warrenstephens on Nov 18, 2020 3:27 PM

warrenstephens
beantwortet vor 3 Jahren
0

I found the problem, and it was not with that certificate stuff. Another "foolish" mistake actually.

The issue was actually within the authorizer lambda, which returns an APIGatewayCustomAuthorizerResponse (the name of the struct in Go) which contains a policy to permit the execute lambda to then run.

The authorizer lambda was able to pull the region ("us-east-1") from the host name when it was like "zzzyyxx123.execute-api.us-east-1.amazonaws.com", but when the custom domain request comes in the "host" value in the header does not have the region embedded -- so the policy it created and returned had garbage for the region part of the ARN, and so the execute lambda would not run, i.e. "Forbidden".

warrenstephens
beantwortet vor 3 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt