By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Create. custom domain from API Gateway when the hosted zone is registered into another account

0

Hello,

I have two AWS accounts: one dev account and one prod account. In the prod account, I registered an hosted zone (my business domain). I have all my application components defined in Cloudformation templates (IaC). I'm using API Gateway and Lambda. I can easily deploy my infra in the prod account with the hosted domain, creating a new subdomain and linking it to the API Gateway. But, how could I run the same template in dev when the hosted zone is define in the prod account? Can the deploying role create the subdomain in the prod account and link it to the dev API gateway? Also, where should the certificate be issued? In the dev or prod account?

My route53 CF template looks like:

AWSTemplateFormatVersion: 2010-09-09
Parameters:
  Environment:
    Description: Environment to deploy to.
    Type: String
    AllowedValues:
      - dev
      - prd
  HostedZoneId:
    Description: Hosted Zone Id in which we want to add A record
    Type: String
    Default: SOMEHOSTEDZONEID

Resources:
  ApiGWCustomDomain:
    Type: AWS::ApiGateway::DomainName
    Properties:
      DomainName: !Sub api-${Environment}.my.domain
      RegionalCertificateArn:
        Fn::ImportValue: !Sub ${Environment}-backend-api-certificate-arn
      EndpointConfiguration:
        Types:
          - REGIONAL
      SecurityPolicy: TLS_1_2

  ApiARecordSet:
    Type: AWS::Route53::RecordSet
    Properties:
      Name: !Sub api-${Environment}.my.domain
      Type: A
      HostedZoneId: !Ref HostedZoneId
      AliasTarget:
        DNSName: !GetAtt ApiGWCustomDomain.RegionalDomainName
        EvaluateTargetHealth: false
        HostedZoneId: !GetAtt ApiGWCustomDomain.RegionalHostedZoneId

Outputs:
  ApiDomain:
    Description: The sub-domain used for the APIs.
    Value: !Ref ApiARecordSet
    Export:
      Name: !Sub cc-${Environment}-backend-api-domain

And in my Lambda template, I have this resource:

  APIMapping:
    Type: AWS::ApiGatewayV2::ApiMapping
    Properties:
      DomainName:
        Fn::ImportValue: !Sub ${Environment}-backend-api-domain
      ApiId: !Ref HttpApi
      Stage: !Sub ${Environment}

Thanks,

Thomas

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content DeliveryManagement & GovernanceSecurity, Identity, & Compliance
Tags
AWS LambdaAmazon API GatewayAWS CloudFormationAmazon Route 53AWS Certificate Manager
Language
English
asked 2 years ago1.3K views
1 Answer
1

You need to first delegate a subdomain of your business domain to the dev account and then you will be able to create the API Gateway in the dev account using the IaC templates.

Say your business domain is my.domain.com. You can delegate dev.my.domain.com to the dev account and then create an API Gateway for a custom domain like api.dev.my.domain. The certificate for the domain, possibly a wildcard cert for `*.dev.my.domain, would be issued in the dev account.

AWS
EXPERT
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content