2

We currently have some APIs set up in API Gateway, with a Custom Domain Name defined with a Regional Endpoint and Base Path Mappings that map incoming requests to the appropriate API and deployment stage. For example:

api.example.com/app1/prod/res1 is mapped to the app1 API, prod stage, and in that API there is a resource res1 directly under the root.

This works great, but now we need to support IPv6. It looks like a CloudFront distribution might be the solution, but trying to define the Distribution's Origin Domain Name to API Gateway's Custom Domain Name Target Domain Name doesn't work. The configuration is as follows:

In CloudFront:

  • Origin Domain Name: API Gateway's Target Domain Name (***.execute-api.eu-central-1.amazonaws.com)
  • Alternate Domain Names (CNAMEs): api6.example.com

In API Gateway:

  • Custom Domain Name: api.example.com
  • Target Domain Name (Regional Endpoint): ***.execute-api.eu-central-1.amazonaws.com

It is worth noting that setting the CNAME in CloudFront to be the same as the API Gateway's Custom Domain Name failed since the CNAME already exists.

Also setting the CloudFront Origin Domain Name to a specific API stage's domain worked, but that by-passes our Base Path Mappings that let us easily change stages. I wouldn't like to configure a separate CloudFront Distribution for every API and stage combination.

Any suggestions how to support IPv6 with API Gateway's Base Path Mappings?

Egal
  • 121
  • 4
  • *"but trying to define the Distribution's Origin Domain Name to API Gateway's Custom Domain Name Target Domain Name doesn't work"* ... in what sense does it not work? – Michael - sqlbot Apr 12 '18 at 09:55
  • A 403 code is returned, with body `{"message": "Forbidden"}` and I don't see the request in the API stage's logs – Egal Apr 12 '18 at 10:26
  • 2
    I believe you need to configure the CloudFront Cache Behavior to whitelist the `Host` header for forwarding to the origin. The target domain name is only used for routing, but without the `Host` header whitelisted, CloudFront rewrites the `Host` header to the origin domain name. – Michael - sqlbot Apr 12 '18 at 12:28
  • I don't see such an option in the Cache Behavior settings page. You can only control query string and cookie forwarding. Also I've managed to set a Target Domain Name to match the Alternate Domain Name of the distribution (api6.example.com), still same response. – Egal Apr 12 '18 at 13:09
  • 2
    Change **Cache Based on Selected Request Headers** from `None` to `Whitelist` on the Cache Behavior settings page. – Michael - sqlbot Apr 12 '18 at 13:29
  • Thank you! It is quite unfortunate they chose to hide forwarding options behind the header caching basis. They could've at least write a note about it in the "i" tooltip besides the dropdown. – Egal Apr 12 '18 at 14:05
  • 1
    With that option configured, and the CloudFront Alternate Domain Name matching the custom domain name in API Gateway, is it working for you at this point? – Michael - sqlbot Apr 12 '18 at 22:31

0 Answers0