We have a wildcard(*) subdomain pointing to a CloudFront distribution. The origin is API Gateway.
We need to know the original Host
header within API Gateway so we can route the requests.
Simply whitelisting the Host
header in CloudFront returns an error when accessing the CloudFront distribution via HTTP - presumably because API Gateway needs the Host
header to know which API to invoke.
If this is the case, is it possible to forward the Host
header via X-Forwarded-Host
from CloudFront to the API Gateway? Or... is there an alternative way to use wildcard subdomains with API Gateway?
I'm answering this late in the day and even though it has an accepted answer because this question shows up at the top of a search for this issue:
These days it's entirely possible to dynamically forward the original Host
header via X-Forwarded-Host
from CloudFront to the API Gateway, without having to hard-code a custom origin header as suggested.
This can be accomplished by creating a Viewer Request edge function (a Lambda@Edge or a CloudFront function) that intercepts the request before it gets to CloudFront, maps the incoming Host
header to X-Forwarded-Host
and then appends the new X-Forwarded-Host
to the request's headers before passing it on.
Then whitelist the X-Forwarded-Host
header for the API Gateway origin.
In Node.js the edge function would look like:
export function handler(event, context, callback) {
const request = event.Records[0].cf.request;
request.headers['x-forwarded-host'] = [{
key: 'X-Forwarded-Host',
value: request.headers.host[0].value
}];
return callback(null, request);
}