How to configure a custom domain name for api gateway in a multi region scenario?

0

I am following a tutorial to create an aws route 53 hosted zone for my domain via a cloudformation stack , as such

Zone:
  Type: AWS::Route53::HostedZone
  Properties:
    Name: example.com

now , i understand, i have to create a ssl certificate and a custom domain name for my api gateway in each regions . in each region , i plan to create following resources, but i'm not sure what value ( ??? , see below) i should use , in the template below. in each region , for the certificate , what is the domain name i should use , should i create a us-east-1.example.com and us-west-1.example.com separately ? i'm not sure how to link the api gateway in both regions to my domain name (example.com)

cert:
  Type: AWS::CertificateManager::Certificate
   Properties:
      DomainName:  ????
       DomainValidationOptions:
          - DomainName:  ????
             ValidationDomain: example.com
       ValidationMethod: DNS

  ApiGWCustomDomain:
    Type: AWS::ApiGateway::DomainName
    Properties: 
      DomainName: ???
      CertificateArn: !Ref cert
      EndpointConfiguration:
        Types:
          - Regional
      SecurityPolicy: TLS_1_2
1 Answer
0

In API Gateway, you can create the same regional custom domain (e.g., test.example.com) in multiple regions. Each custom domain name in API Gateway comes with a target domain name. You can use the target domain name value for the route53 or you can use an alias record. I recommend reviewing this blog post.

References:

Taka_M
answered 2 months ago
  • @Taka_M - thanks. I did review the blog post you linked. it is helpful. if possible, could you clarify few things for me , so i need a domain name, and a hosted zone , which will be global resources . in each region, I will need to set up a regional custom domain (which can be same, based on your comment) . do i need to create ssl cert in both regions? also , i see in the configuration for custom domain name , there is a hosted zone id field , i assume it must be same for both custom domain names? in other words, in my example , i've created a hosted zone for my domain name. but in second region , will it be a different hosted zone id?

  • Your understanding is correct. You do need a certificate for each region.

    For an API Gateway Regional custom domain name, you must request or import the certificate in the same Region as your API. The certificate must be signed by a publicly trusted Certificate Authority and cover the custom domain name.

    For Route53, you do not need another hosted zone. You can take a look at this CloudFomration template for the blog post that shows how to create multiple record sets for the same hosted zone.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions