Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

How to use custom domain name with private API gateway

0

We have a private API gateway and we need to use a custom domain name, however based on AWS docs, it says it's not supported https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html Is there any workaround?

Temas
Sin servidorWeb y móvil front-endRedes y entrega de contenidoSeguridad, identidad y cumplimiento
Etiquetas
Amazon API GatewayAmazon Route 53AWS Certificate Manager
Idioma
English
profile picture
Salim
preguntada hace 9 meses3112 visualizaciones
2 Respuestas
0
Respuesta aceptada

You’re correct, ACM validation of a public TLS certificate issued by ACM requires a public hosted zone or a public domain name (public domain name zone outside Route53) that you own because ACM validates public TLS certificates by either DNS validation or Email and both require a publicly accessible domain name or zone. https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html

Just to recap, what you need to do for generating a public TLS certificate and get it verified by ACM, is the following:

  1. Using ACM Console, request a public TLS certificate for your public domain name that you will use. Example: api.example.com.
  2. Choose either DNS validation or Email validation based on your preference.
  3. Wait for some time until ACM is able to validate the domain ownership.
  4. Once validated, ACM will be generating the TLS certificate and you can associate it with your ALB/NLB and the API Gateway.

Let me know how it goes and I’ll be happy to assist.

AWS
khanakee
respondido hace 9 meses
profile picture
EXPERTO
Sedat Salman
revisado hace 7 meses
  • Salim
    hace 9 meses

    Thanks for clarifying the ambiguity around public and private hosted zones with respect to TLS generation in ACM. I went through the steps you provided and worked perfectly. It would be nice to have the private API Gateway support custom domain name natively without throwing additional layer of elastic load balancing. Nevertheless, at least we have a working solution. Thank you!

0

As you stated, private APIs do not support custom domain names. However, there is a workaround: https://serverlessland.com/repos/apigw-private-custom-domain-name

profile pictureAWS
EXPERTO
Uri
respondido hace 9 meses
  • Salim
    hace 9 meses

    Thanks for your reply. Based on the link you provided it says: “We use a private hosted zone in association with the VPC. The CNAME resolves to the FQDN of the private load balancer, in this example internal-0123-abcd.elb.us-east-1.amazonaws.com. The load balancer terminates TLS with the ACM certificate for private.internal.example.com. For more details, refer to the documentation on private hosted zones.”

    Now that implies that I can have a private hosted zone to generate the TLS certificate of my domain name in ACM too, which is confusing, because ACM validation of the TLS requires a public hosted zone and doesn’t work with PHZ. The repo that was shared includes an Email validation method using a PHZ. https://github.com/aws-samples/serverless-samples/blob/main/apigw-private-custom-domain-name/iac/certificate.yaml

    I’m a bit puzzled on this part.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante