- Newest
- Most votes
- Most comments
Is it possible that your domain hasn't been properly delegated to Route53? If that were the case, another name server somewhere else could be answering queries. Check the SOA record with
dig SOA example.com
and verify that an awsdns nameserver is listed in the answer.
as per the following references
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html
There are two types of custom domain names in API Gateway: Edge-optimized and Regional. When you create a custom domain name for an edge-optimized API, API Gateway sets up an Amazon CloudFront distribution. You must then set up a DNS record to map the custom domain name to the CloudFront distribution domain name. For a Regional API, you need to set up a DNS record to map the custom domain name to the Regional domain name
For both types of custom domain names, you must provide a certificate. This can be requested from AWS Certificate Manager (ACM) or imported from a third-party certificate authority
In your specific situation, you mentioned that you have an 'A' record in Amazon Route 53 for api.mysite.com that points to d-yyyyyyyyyy.execute-api.us-east-1.amazonaws.com, which I assume is your API Gateway endpoint. However, when you run dig api.mysite.com, the result points to dd1111111111111.cloudfront.net, which is a CloudFront distribution.
If your API Gateway is regional (which is typically the case if the domain name includes execute-api), you would expect the dig api.mysite.com to show the API Gateway URL (d-yyyyyyyyyy.execute-api.us-east-1.amazonaws.com) in the results. If it is showing a CloudFront URL instead, it could be that there is a configuration issue with your DNS records in Route 53 or there is a propagation delay for the changes.
Please verify the following:
Check your Route 53 setup again to ensure that your api.mysite.com record is correctly set to alias your API Gateway endpoint (d-yyyyyyyyyy.execute-api.us-east-1.amazonaws.com), not a CloudFront distribution. It might take some time for the DNS changes to propagate. Depending on various factors, DNS changes can take up to 48 hours to fully propagate globally. Confirm that you have correctly set up the custom domain name in the API Gateway console, and it is correctly associated with your API deployment.
I have confirmed that the A record for mysite.com points to the CloudFront distribution, and that the A record for api.mysite.com is routing to the Regional API Gateway's custom domain. Both the CloudFront distribution and API Gateway are tied to the same certificate, which has two domains listed: 'mysite.com' and '.mysite.com'. The CloudFront distribution has two Alternate Domain Name (CNAME) records: 'mysite.com' and 'www.mysite.com'. It used to have the CNAMEs 'mysite.com' and '.mysite.com', but I changed it yesterday. Prior to my change, I was getting a 404 calling https://api.mysite.com. Since changing the CNAME on the CF Distribution to 'www.mysite.com', I get a SSLV3_ALERT_HANDSHAKE_FAILURE when calling any subdomain of 'mysite.com' other than 'www'. So it seems that Route 53 is sending everything through to Cloudfront as dig is indicating. I should also add that the Route 53 and Cloudfront configs were originally set up 4 years ago: I am trying to add the Custom Domain name to my existing Regional API gateway.
Relevant content
- asked a year ago
- asked 5 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
It looks like that is it: I get ns47.domaincontrol.com