How to configure a custom domain name for api gateway in a multi region scenario?


I am following a tutorial to create an aws route 53 hosted zone for my domain via a cloudformation stack , as such

  Type: AWS::Route53::HostedZone

now , i understand, i have to create a ssl certificate and a custom domain name for my api gateway in each regions . in each region , i plan to create following resources, but i'm not sure what value ( ??? , see below) i should use , in the template below. in each region , for the certificate , what is the domain name i should use , should i create a and separately ? i'm not sure how to link the api gateway in both regions to my domain name (

  Type: AWS::CertificateManager::Certificate
      DomainName:  ????
          - DomainName:  ????
       ValidationMethod: DNS

    Type: AWS::ApiGateway::DomainName
      DomainName: ???
      CertificateArn: !Ref cert
          - Regional
      SecurityPolicy: TLS_1_2
1 Answer

In API Gateway, you can create the same regional custom domain (e.g., in multiple regions. Each custom domain name in API Gateway comes with a target domain name. You can use the target domain name value for the route53 or you can use an alias record. I recommend reviewing this blog post.


answered 2 months ago
  • @Taka_M - thanks. I did review the blog post you linked. it is helpful. if possible, could you clarify few things for me , so i need a domain name, and a hosted zone , which will be global resources . in each region, I will need to set up a regional custom domain (which can be same, based on your comment) . do i need to create ssl cert in both regions? also , i see in the configuration for custom domain name , there is a hosted zone id field , i assume it must be same for both custom domain names? in other words, in my example , i've created a hosted zone for my domain name. but in second region , will it be a different hosted zone id?

  • Your understanding is correct. You do need a certificate for each region.

    For an API Gateway Regional custom domain name, you must request or import the certificate in the same Region as your API. The certificate must be signed by a publicly trusted Certificate Authority and cover the custom domain name.

    For Route53, you do not need another hosted zone. You can take a look at this CloudFomration template for the blog post that shows how to create multiple record sets for the same hosted zone.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions