3

I run a Django project deployed on AWS lambda using serverless Zappa framework. This can be accessed by a randomly generated link from AWS API Gateway lets say:-

randomly-generated-link.aws.amazon.com/production

I have also created an SSL certificate from ACM and verified it with my domain lets say

example.com

Now when i run zappa certify, this command certifies my domain successfully and creates a custom domain under API gateway console with the following configurations:-

Endpoint Configuration Edge optimized

Target Domain Name d25ihv8a5022zi.cloudfront.net

Hosted Zone ID A2FDTNGATAQYW6

ACM Certificate example.com (c504428e)

Now, I need to point my domain name example.com to randomly-generated-link.aws.amazon.com/production, so I updated my records on Godaddy with CNAME as follows:-

TYPE - CNAME NAME - example.com VALUE - d25ihv8a5022zi.cloudfront.net TTL - 1 HOUR

EXPECTED RESULT - My application thats running on randomly-generated-link.aws.amazon.com show be accessable from example.com.

WHAT I GET - 403 ERROR The request could not be satisfied. Bad request. Generated by cloudfront (CloudFront)

EDIT:- So I get rid of zappa created custom domain and created new cloudfront distribution manually as follows:-

Delivery Method - Web Domain name - d35ihv8a5022fe.cloudfront.net origin - randomly-generated-link.aws.amazon.com/production cNAMES - example.com Status - Deployed State - Enabled

I did this because zappa generated cloudfront distribution is hidden in AWS console. However, I noticed Zappa generated distribution endpoint gives forbidden when I check the address in browser and the newly created distribution endpoint redirects to my application.

Still, going to example.com gives me 403 error.

Abishek
  • 369
  • 4
  • 21
  • just to make sure, example.com is added as CNAME to Cloudfront and HOST header is not whitelisted. – James Dean May 10 '19 at 11:49
  • Yes, I have added example.com, www.example.com in CNAME to CloudFront. Also checked "cloudfront>behaviors tab> cache based on selected request headers --None" is selected – Abishek May 10 '19 at 12:31
  • After moving to Route 53 and adding CNAME with Alias. I happen to visit www.example.com and it redirects to my application at randomly-generated-link.aws.amazon.com/production. How do I mask this? Do I have to change any cloudfront settings to mask this? – Abishek May 10 '19 at 12:35

3 Answers3

0
  • While debugging I like to keep TTL as short as possible. I'd set the CNAME TTL to 1 minute
  • Check that api-gateway custom domain names has your domain listed and you have the Base Path Mappings set correctly.

Base Path Mappings

Path /
Destination [lambda endpoint] . [production]

It may also be a good idea to host the domain if possible on route53

al76
  • 754
  • 6
  • 13
  • I have changed the TTL to 600 seconds on Godaddy console. Now that I have created new distribution on cloudfront(please check edited question) the custom domain of api gateway does'nt allow a new domain to be created and gives "an unexpected error has occured". – Abishek May 10 '19 at 09:55
  • you may need to delete the name in custom domain names and and redeploy with zappa. Can you drop the TTL to 60 while your testing? Waiting for dns is a pain :) – al76 May 10 '19 at 10:00
  • Godaddy console gets greyed out when I try to make it 60. I guess 600 is the minimum. So what happens to the custom created distribution when I redeploy/recertify with Zappa? Does Zappa handle this by default? – Abishek May 10 '19 at 10:05
  • As I understand it the cloudfront distribution happens behind the scenes for api gateway. When you redeploy you may get a fresh cloudfront distribution name. – al76 May 10 '19 at 10:07
  • "An error occurred (TooManyRequestsException) when calling the CreateDomainName operation (reached max retries: 4): Too Many Requests" Now I get this error when I try to certify. I have now moved to route 53 though. – Abishek May 10 '19 at 10:45
0

It's not a DNS problem anymore, Could it be because Edge optimized uses CloudFront and it takes some time to deploy the new custom domain to all the edge location ? How long have you waited after enabling custom domain name ?

James Dean
  • 4,033
  • 1
  • 9
  • 18
  • Also "d25ihv8a5022zi.cloudfront.net" is not resolvable , Have you deleted the config ? – James Dean May 10 '19 at 09:37
  • It has been over 12 hours and Status on AWS console shows Deployed. I have changed my CloudFront endpoint in my question for security reasons. – Abishek May 10 '19 at 09:51
0

Apparently, I got it working. Moved my Domain nameservers to route53 and in zappa_settings.json added

"route53_enabled": true

and recertified again using zappa certify production command.

Had to wait for 40 minutes and it works!

Although, I have no idea why it does'nt work when domain management is with godaddy. Lets say route53 is a quick workaround at the moment.

Abishek
  • 369
  • 4
  • 21