Hello,
I have two AWS accounts: one dev account and one prod account.
In the prod account, I registered an hosted zone (my business domain).
I have all my application components defined in Cloudformation templates (IaC). I'm using API Gateway and Lambda. I can easily deploy my infra in the prod account with the hosted domain, creating a new subdomain and linking it to the API Gateway. But, how could I run the same template in dev when the hosted zone is define in the prod account? Can the deploying role create the subdomain in the prod account and link it to the dev API gateway?
Also, where should the certificate be issued? In the dev or prod account?
My route53 CF template looks like:
AWSTemplateFormatVersion: 2010-09-09
Parameters:
Environment:
Description: Environment to deploy to.
Type: String
AllowedValues:
- dev
- prd
HostedZoneId:
Description: Hosted Zone Id in which we want to add A record
Type: String
Default: SOMEHOSTEDZONEID
Resources:
ApiGWCustomDomain:
Type: AWS::ApiGateway::DomainName
Properties:
DomainName: !Sub api-${Environment}.my.domain
RegionalCertificateArn:
Fn::ImportValue: !Sub ${Environment}-backend-api-certificate-arn
EndpointConfiguration:
Types:
- REGIONAL
SecurityPolicy: TLS_1_2
ApiARecordSet:
Type: AWS::Route53::RecordSet
Properties:
Name: !Sub api-${Environment}.my.domain
Type: A
HostedZoneId: !Ref HostedZoneId
AliasTarget:
DNSName: !GetAtt ApiGWCustomDomain.RegionalDomainName
EvaluateTargetHealth: false
HostedZoneId: !GetAtt ApiGWCustomDomain.RegionalHostedZoneId
Outputs:
ApiDomain:
Description: The sub-domain used for the APIs.
Value: !Ref ApiARecordSet
Export:
Name: !Sub cc-${Environment}-backend-api-domain
And in my Lambda template, I have this resource:
APIMapping:
Type: AWS::ApiGatewayV2::ApiMapping
Properties:
DomainName:
Fn::ImportValue: !Sub ${Environment}-backend-api-domain
ApiId: !Ref HttpApi
Stage: !Sub ${Environment}
Thanks,
Thomas