What is different in websocket api gateway api called via custom domain rather than directly?

0

I have an API Gateway websocket api. This works properly when called directly with the API Gateway url for my test stage with authorization info passed in a query parameter. I have defined a custom domain to use with the endpoint. When calling this, I get an unauthorized response if I explicitly omit the query parameter used for authorization but when called with the query parameter it appears that the websocket connection is never established. What is different when calling an API Gateway api via a custom domain than directly? (The route 35 alias for the custom domain appears to work correctly and I am using a wild card cert for the base domain, e.g *.foo.bar for a custom domain myapi.foo.bar. )

  • Some further info. For my api mappings, my stage has a name like ab1 and in the api mapping I have both stage and path set like ab1. When connecting from my client I connect to wss://custom_domain/ab1. I have experimented with variants of this but the websocket connection never successfully upgrades and does not seem to normally cause any logging by my authorizer lambda or for my stage logging (when authorizer is disabled) at all so doesn't seem to even reach my api.

    The API Gateway domain name resolves to different IPv4 addresses than the hostname for the direct execute-api url for my API Gateway API. Is this normal behavior and, if so, what do the diffent Ipv4 address for the api vs the Api Gateway Domain refer to? (I used DNS resolution to verify that the DNs had propagated properly before attempting to connect via the custom domain name.)

2 Answers
0

Hi

There are a guidance for websocket custom domain names here : https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-custom-domain-names.html

By the way some points to consiere 1- the DNS will take some time to be propagated 2- your TLS version shall be TLS 1.2 for websockets this is the only one supported at the moment 3- for authorization you need the querystring to be passed

wish that will help

answered 4 months ago
  • The API Gateway domain name resolves to different IPv4 addresses than the hostname for the direct execute-api url for my API Gateway API. Is this normal behavior and, if so, what do the diffent Ipv4 address for the api vs the Api Gateway Domain refer to? (I used DNS resolution to verify that the DNs had propagated properly before attempting to connect via the custom domain name.)

0

Go to API Gateway >> Custom Domain Names >> API Mappings

Check is your stage and path mapped correctly? I.e if your stage is called prod, is your path also prod or is it blank?

If they are both prod, it would be wss://domain/prod? to map correctly to the api gateway prod stage

If the path is blank, wss://domain? would map correctly to the prod stage

answered 4 months ago
  • For my api mappings, my stage has a name like ab1 and in the api mapping I have both stage and path set like ab1. When connecting from my client I connect to wss://custom_domain/ab1. I have experiemented with variants of this but the websocket connection never successfully upgrades.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions