Custom Domain Names, CloudFront, & SSL

Mapping your Lambda application to a custom domain name can help you access it without the API Gateway stage path prefix. This in turn helps Rails leverage paths and cookies. Depending on your applications setup (HTTP API, REST API, or an Application Load Balancer) creating a Custom Domain Name involves a few manual steps.

But why ClickOps vs code? When doing major changes, like runtime upgrades, it is common to create a new stack and switch API Gateway's mapping to the new function. If this mapping were done in a CloudFormation stack, there would be no way to move to a new stack without deleting the old.

SSL/TLS Certificate with ACM

We are going to use AWS Certificate Manager to secure your HTTPS traffic under your custom domain. Again, this assumes your domain is setup in Route53 since you will need to validate the certificate and AWS makes that super easy with DNS.

Verification will take about 3 minutes. From the Certificate Manager dashboard, you can wait and/or hit the 🔄 button and the Status will change from "Pending validation" to "Issued".

API Gateway Custom Domain Names (Everyone)

No mater if you have HTTP API, REST API Public, or REST API Private with an ALB; you will need to specify a Custom Domain Name in API Gateway. The only exception would be if you are using an Application Load Balancer without REST API. Here are the ClickOps steps to setup an API Gateway Custom Domain Name:

After this has been created, the mappings tab should be selected. From here we need to create an API Mapping to point to your specific API Gateway and stage/path. Assuming it is selected:

From here there are various ways to setup Route53 and route traffic to your Lambda application. This work simply sets up API Gateway to understand how traffic is routed via what is called SNI. Choose one of the methods below matching your need for Route53.

Route53 for Public API Gateway (HTTP or REST)

✅ Make sure to complete the "API Gateway Custom Domain Names" section first.

From here all we need is a simple DNS entry in Route53 that points to the "API Gateway domain name" we created in the step above. That domain name looks something like: d-byp3km86t3.execute-api.us-east-1.amazonaws.com

Route53 for Private API Gateway (ALB Only or REST with ALB)

✅ Make sure to complete the "API Gateway Custom Domain Names" section first if you are using the "REST with ALB". Ignore doing so if you are using an "ALB Only".

From here all we need is a simple DNS entry in Route53 that points to our Application Load Balancer's DNS name CloudFormation output. That domain name looks something like: internal-myapp-rails-bj5cmdxb307p-856336498.us-east-1.elb.amazonaws.com

Optional CloudFront Distribution

This part is optional and can be used with any integration method. Instead of creating a Route53 entry for API Gateway's custom domain (d-xxxxxxxxxx.execute-api.us-east-1.amazonaws.com) or an ALB's DNS Name (internal-myapp-rails-bj5cmdxb307p-856336498.us-east-1.elb.amazonaws.com) you would instead use those as the CloudFront's origin. The final CloudFront distribution name (dxxxxxxxxxxxxx.cloudfront.net) would be the Route53 target instead. Here are the steps to create your CloudFront Distribution:

This process takes a while to fully deploy. Once done you will have a CloudFront domain name looking something like dxxxxxxxxxxxxx.cloudfront.net. Head to Route53 and create an alias for myapp.example.com to this CloudFront distibution domain name.