Custom Domain Name & CloudFront
(API Gateway)

⚠️ Using Application Load Balancer? Please read Custom Domain Name, CloudFront, & SSL instead.

If your Rails application is a traditional web application needing a custom domain and caching, we suggest using a REGIONAL API Gateway integration (default in Lamby) with AWS Lambda along with a fully-fledged CloudFront distribution. Do NOT use the Custom Domain Name feature of API Gateway!

After you deploy your Rails application via Lamby & SAM, you will need to do the following 3 steps to get your application running under a custom domain. We assume your domain name is already setup with AWS and available in Route53. Also, we have not created CloudFormation templates yet for this guide. Instead we will rely on ClickOps™ and have documented the steps you will need to perform within the AWS Console.

SSL/TLS Certificate with ACM

We are going to use AWS Certificate Manager to secure your HTTPS traffic under your custom domain. Again, this assumes your domain is setup in Route53 since you will need to validate the certificate and AWS makes that super easy with DNS.

Verification will take about 3 minutes. From the Certificate Manager dashboard, you can wait and/or hit the 🔄 button and the Status will change from "Pending validation" to "Issued". Here is an article titled Caching AWS Lambda behind a custom domain with CloudFront that details the ACM process with screenshots.

CloudFront Distribution

Again, do not use the Custom Domain Name feature of API Gateway which sets up a pseudo CloudFront distribution. That pseudo distro will not allow Rails to have full control on edge caching without adding a ton of complexity in API Gateway's parameters. Using a full CloudFront distro will yield more flexibility as your application grows.

First, navigate to your API Gateway in the Console, click on "Stages" then "production" (or your deployed stage/env) and copy/note the "Invoke URL", ex: ( This will be needed when setting up your CloudFront distribution. Options below assume variations of the defaults. So you only have to focus on changing those in setup.

So why the ⚠️ comment on the custom header? In order to simulate the integration of the pseudo CloudFront distribution it is critical to allow Rails via API Gateway to know the Host you are accessing the site from. Otherwise, Rails will only see the Host header and URL redirects will be to your Invoke URL, not your custom domain name. It means you will also see errors like this.

HTTP Origin header didn't match request.base_url

Grab a ☕️ it could take up to 20 minutes to deploy this new CloudFront distribution. While you wait, you can setup your domain name in Route53 in the next step. Here is some additional reading material on this subject.

Creating a Custom Domain with Route53

Please make sure to copy the "Domain Name" of your newly created CloudFront distribution. It will be needed as a target for your new DNS entry and will look something like this

That's it! 🎉🎊🥳 Once your CloudFront distribution fully deploys, you can access your Rails application on Lambda and everything from forms, redirects, caching, etc will all just work!

Why Regional vs. Edge?

This section is here for academic purposes and research. Basically we suggest using the REGIONAL endpoint for API Gateway. A few quick summary and notes.

More reading on this topic if you are interested.

☰ Lamby ☰ 🆕 Application Load Balancer ALB Support     GitHub