By using AWS re:Post, you agree to the AWS re:Post Terms of Use

API Gateway + Custom Domain Name = Missing CloudFront headers

1

Hello! We have an API Gateway that uses Custom Domain Name and routes requests to lambda. When request is set to ugly domain https://XXXXXXXXXX.execute-api.eu-west-1.amazonaws.com/production i get the following headers in lambda function event: CloudFront-Is-* CloudFront-Viewer-Country Enter image description here

But when we use nice custom domain name e.g. https://api.example.com those headers are missing. There is not much settings on the custom domain name page of API Gateway and we've tried to add them and even mark as required in different cases. They are still missing. Enter image description here

I assume it's because of some custom integration for custom domain name they are getting flushed on the way. Still, is there any way to preserve them and get inside lambda?

  • What type of API Gateway Protocol and Endpoint Type are you using? You can find this on the APIs tab of the API Gateway console.

  • The protocol is REST Endpoint type is Edge

1 Answer
0

The headers you need are described here in the User-Agent headers section: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#request-custom-headers-behavior

The recommendation is to configure CloudFront to forward these headers to your custom origin. This CloudFront doc lists the options, you may want to try the "All" setting first and then create a Whitelist for the specific headers you need: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesForwardHeaders

Update: Another approach, which is likely better suited to your use case, would be to use the AWS CloudFront console and create a cache policy and an origin request policy: https://repost.aws/knowledge-center/configure-cloudfront-to-forward-headers

If this answer addresses your issue, please upvote and accept the answer. Thank you.

profile picture
answered a year ago
  • That is a plan B. To have CloudFront deal with one of the request using custom behaviors. Yet it would look really bad to have all request going to api.mydomain.com and just one of them through mydomain.com Once again. The CloudFront distribution in this case is managed by AWS. We do not have it under CloudFront distributions list.

  • Assuming the CloudFront distro was created in API Gateway when setting up custom domain name for the API. Have you tried enabling the Caching check boxes (in your screen cap above)?

  • Response will contain uniq token for IVS stream, so it's not supposed to be using caching at all. And once again everything works fine as long as request goes to the same api with such url https://XXXXXXXXXX.execute-api.eu-west-1.amazonaws.com/production. Only Custom Domain Name alias causes issues for some reason.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions