Creating a custom domain name for a stage in API Gateway and attaching the cert

0

Hello, I would like to expose one stage of a deployed API Gateway under a constant url. What is the shortest path to prototyping this? It looks to me like a Custom Domain Name is required. This in turn will require a certificate. For prototyping, is it sufficient to create a private certificate manager?

To summarize, they believe the following needs to be completed:

  1. Create a private certificate manager (within ACM)
  2. Create a private certificate
  3. Create a custom domain name
  4. Add a mapping to the custom domain name, exposing the deployed API Gateway

Can a private cert be used with a custom domain within API Gateway and is this the correct approach?

Thanks!

已提问 6 年前924 查看次数
1 回答
0
已接受的回答

Hi @owenwynn,

As states in the doc you can use private certificates on API Gateway: "With ACM Private CA you can choose to delegate certificate management to ACM for certificates used with ACM-integrated services, such as Elastic Load Balancing and API Gateway." Although you will need to have an existent CA in place, because you can only create subordinate private CAs. And later you will need to add the certificate from the authority in the API client (browser, postman, etc) in order to call it without receiving invalid certificate messages.

Another option is to create public certificates from ACM (it is free). This way their app client won't show any error message that the certificate is invalid. Only issue with using public certificate is the validation, which can be done by adding a DNS entry generated by ACM or by email (you need to have access to some specific email boxes like postmaster).

Unless it is very hard for them to validate the public certificate I would recommend to use it instead of private ones. They can create wildcard certificates, and use the same certificate for all prototypes they need to perform.

AWS
已回答 6 年前
profile picture
专家
已审核 5 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则