amazon-web-servicesaws-api-gatewayamazon-route53

Understanding AWS API Gateway Custom Domain Names


I am struggling to understand how AWS API Gateway Custom Domain works.

I have set up a Regional Custom Domain Name for my api, like api.example.com. The result is a Target Domain Name in the form of:

aaaaaaaaaaaa.execute-api.us-east-1.amazonaws.com

If I try to invoke the API using this link, such as in:

https://aaaaaaaaaaaa.execute-api.us-east-1.amazonaws.com/mymap/mystage/example

But I get a 403 Forbidden.

BUT, if I go to Stages and select mystage there's a big blue Invoke URL in the form of:

https://bbbbbbbbbb.execute-api.us-east-1.amazonaws.com/mymap/mystage/example

Which works!

So here come my first 2 questions:

1 - Why does API Gateway generate 2 different URLs for the same API (the Target Domain Name and the Invoke URL)?

2 - Why does the Invoke URL works and the Target Domain Name doesn't?


Here's the second part of my question, I am trying to configure Route 53 for the Regional Custom Domain Name configuration, but I can't find any examples about the right way to do it (just for Edge Optimized Custom Domain Name).

I tried to create an A record for api.example.com as an Alias to aaaaaaaaaaaa.execute-api.us-east-1.amazonaws.com, but it says:

The record set could not be saved because: - Alias Target contains an invalid value.

So I created a CNAME record for api.example.com, setting Alias to No (setting as a Yes brings the same error message as in the A record case) and the value as aaaaaaaaaaaa.execute-api.us-east-1.amazonaws.com but then I get a 404 when I try to invoke my API as https://api.example.com/mymap/mystage/example.

What am I doing wrong?


EDIT:

This thread was moved to the AWS Forums here


EDIT 2:

Apparently, as the AWS support guys said, there is an inconsistency on how API Gateway treats Custom Domain Names and regular API Gateway URLs, all is documented at this AWS Forum thread here


Solution

  • API Gateway processes regular URLs (like aaaaaaaaaaaa.execute-api.us-east-1.amazonaws.com) differently than how it processes Custom Domain Name URLs (like api.myservice.com). So when API Gateway forwards your API request to your Lambda Function, your Lambda Function will receive different path values, depending on which type of your URL you used to invoke your API.

    In my case I am using the serverless java container, so I can run a Jersey webservice on AWS Lambda. Since the URL is not being passed the same for both URLs, Jersey will return a 404 when it receives an URL that is malformed for its configuration.

    The AWS API Gateway team said their are thinking about making this URL invocation uniform, but no compromises on it so far (January 2018).

    The Route 53 part of my question is answered by Jack and I have nothing to add.