amazon-web-servicesamazon-cloudfrontaws-lambdaaws-api-gatewaywildcard-subdomain

Forwarding CloudFront Host Header to API Gateway


We have a wildcard(*) subdomain pointing to a CloudFront distribution. The origin is API Gateway.

We need to know the original Host header within API Gateway so we can route the requests.

Simply whitelisting the Host header in CloudFront returns an error when accessing the CloudFront distribution via HTTP - presumably because API Gateway needs the Host header to know which API to invoke.

If this is the case, is it possible to forward the Host header via X-Forwarded-Host from CloudFront to the API Gateway? Or... is there an alternative way to use wildcard subdomains with API Gateway?


Solution

  • I'm answering this late in the day and even though it has an accepted answer because this question shows up at the top of a search for this issue:

    These days it's entirely possible to dynamically forward the original Host header via X-Forwarded-Host from CloudFront to the API Gateway, without having to hard-code a custom origin header as suggested.

    This can be accomplished by creating a Viewer Request edge function (a Lambda@Edge or a CloudFront function) that intercepts the request before it gets to CloudFront, maps the incoming Host header to X-Forwarded-Host and then appends the new X-Forwarded-Host to the request's headers before passing it on.

    Then whitelist the X-Forwarded-Host header for the API Gateway origin.

    In Node.js the edge function would look like:

    export function handler(event, context, callback) {
        const request = event.Records[0].cf.request;
    
        request.headers['x-forwarded-host'] = [{
            key: 'X-Forwarded-Host',
            value: request.headers.host[0].value
        }];
    
        return callback(null, request);
    }