0

I have a aws api gateway hosted in mumbai(ap-south-1). I am trying to add a custom domain to the endpoint.

I created a ACM certificate in the same region and created a Custom Domain Name in the api gateway. The api gateway allowed me to use the ACM certificate only in regionalised(ap-south-1) endpoint configuration and not edge(us-east-1) optimised configuration. This is resulting in a target domain in the format as

*.ap-south-1.amazonaws.com

and not in the cloudfront format like

*.cloudfront.net

After creating the custom domain name(api.mydomain.com) I tried to add it to the hosted zone in route53.

When I try to Create Record Set using target domain in above format(*.ap-south-1.amazonaws.com), I am getting an error

The record set could not be saved because: - Alias Target contains an invalid value.

enter image description here

I tried by creating the certificate in us-east-1 and creating an edge optimised endpoint. Here I got the cloudfront endpoint. But when I try to access the endpoint, I am getting forbidden exception.

tharun
  • 348
  • 6
  • 15

1 Answers1

0

Found that we have to use the certificate from us-east-1(N. Virginia) region and get the cloudfront endpoint it self. I am not sure why they allow regional endpoints if they don't support them in route 53.

For the forbidden error I was not using the correct url(used v1 in endpoint creation).

tharun
  • 348
  • 6
  • 15
  • Hi @tharun I am having same issue. I am having the certificate in same region but still getting cert issue. Can you please add more details. – A_01 Apr 17 '19 at 08:36
  • @A_01 sometime it takes time for the cert to reflect. I will try to add more details. – tharun Apr 22 '19 at 08:09