Access 2 AWS API Gateways with single CNAME

Question

I have a hosted zone as customdomain.com and 2 regional API Gateways hosted on AWS.

I want to configure common CNAME as myapp.customdomain.com to call APIGW_REGION_ONE_EXECUTEAPI_URI and APIGW_REGION_TWO_EXECUTEAPI_URI based on latency.

How can I do this? I am confused between custom domain name on API Gateway vs Route 53 CNAME record. Any help or guidance is highly appreciated.

score 1 · Accepted Answer · answered Sep 18 '18 at 08:06

The custom domain name on API Gateway allows it to respond to names other than the AWS provided one (it works via SNI) and to also provide a certificate that has at least one SAN that will match your provided name so you will need to define that as well as any DNS records so that people can then resolve the API Gateway.

As for latency based records you will need to create multiple Route53 records and define the latency policy in each of them. The aws_route53_record docs show how you can create weighted records for shifting 10% of all traffic to a different target:

resource "aws_route53_record" "www-dev" {
  zone_id = "${aws_route53_zone.primary.zone_id}"
  name    = "www"
  type    = "CNAME"
  ttl     = "5"

  weighted_routing_policy {
    weight = 10
  }

  set_identifier = "dev"
  records        = ["dev.example.com"]
}

resource "aws_route53_record" "www-live" {
  zone_id = "${aws_route53_zone.primary.zone_id}"
  name    = "www"
  type    = "CNAME"
  ttl     = "5"

  weighted_routing_policy {
    weight = 90
  }

  set_identifier = "live"
  records        = ["live.example.com"]
}

In your case you are going to want something like this:

data "aws_region" "region_one" {}

data "aws_route53_zone" "selected" {
  name         = "example.com."
}

resource "aws_api_gateway_domain_name" "example" {
  domain_name = "api.example.com"

  certificate_name        = "example-api"
  certificate_body        = "${file("${path.module}/example.com/example.crt")}"
  certificate_chain       = "${file("${path.module}/example.com/ca.crt")}"
  certificate_private_key = "${file("${path.module}/example.com/example.key")}"
}

resource "aws_route53_record" "region_one" {
  zone_id = "${data.aws_route53_zone.selected.zone_id}"
  name    = "${aws_api_gateway_domain_name.region_one.domain_name}"
  type    = "A"

  latency_routing_policy {
    region = "${data.aws_region.region_one.name}"
  }

  set_identifier = "${data.aws_region.region_one.name}"

  alias {
    name                   = "${aws_api_gateway_domain_name.region_one.regional_domain_name}"
    zone_id                = "${aws_api_gateway_domain_name.region_one.regional_zone_id}"
    evaluate_target_health = true
  }
}

And place that where you create each API Gateway or use multiple providers with different region configuration to apply both at the same time.

If the answer is missing generic stuff to make it work then it would be cool to propose an edit so others can use it. If it's just non generic stuff appropriate to your setup then it's probably best to leave it so it doesn't confuse others with the same issue. — ydaetskcoR, Sep 22 '18 at 07:26
Its more problem specific. I just used `regional_certificate_arn` resource attr rather than detailed attr for certificate. With `aws_acm_certificate` data resource and latency based routing policy. But your answer guided me in the right direction. Little bit of reading to victory :) Already accepted as answer. — , Sep 22 '18 at 07:31

Access 2 AWS API Gateways with single CNAME

1 Answers1