Is it possible to change the generated Web Service URL?

[gtamas]

When I deploy my web service, AWS generates this long URL:

http://some-other212121212-23232323.me-south-1.elb.amazonaws.com/

Is it possible to change this URL to something like api.mydomain.com ? I know this is not possible using copilot, but is there way to do this using ECS console or some other AWS tool?

[efekarakus]

Hi @gtamas !

With copilot, you can specify a domain name while initializing an application: copilot app init --domain mydomain.com which will result in all Load Balanced Web Services to get a domain name like this: https://{service}.{env}.{app}.mydomain.com

@kohidave has a step-by-step guide here: https://github.com/kohidave/dns-and-lb-copilot-demo.

@iamhopaul123 on the team is currently working on https://github.com/aws/copilot-cli/issues/1188#issuecomment-788224426 which will add a new field in the manifest file:

http:
  alias: api.mydomain.com # new

to support this usecase.

In the mean time, for doing this outside of Copilot you can follow similar steps to this blog post.

1. Create a new Listener for the load balancer where the Protocol: HTTPS and Port: 443.
2. While configuring the security settings, request a new ACM certificate for api.mydomain.com
3. Choose the certificate after validating it.
4. While configuring the routing follow the exact same settings for the TargetGroup as your current HTTP target group created with Copilot.
5. Once the ALB is configured then you'll need to add a CNAME record pointing api.mydomain.com to http://some-other212121212-23232323.me-south-1.elb.amazonaws.com/ Hopefully that should get the service going with an HTTPS endpoint.

Apologies :bow: for all this manual labor, copilot app init --domain automates all these steps but the resulting domain is not configurable yet, once #1188 is delivered this complex setup should go away!

[gtamas]

OK thank you for the detailed info! I'll follow these instructions.

[heyheman11]

Hi @efekarakus, thanks for the detailed response. I'm curious, do we need to have the domain registered in route53? Would it be possible to create a CNAME record from a DNS provider outside of AWS to point to our load balancer?

[iamhopaul123]

Hello @heyheman11. Technically it is possible right now as long as you create a valid certificate and then attach it to the listener. The only problem is right now any new update to that listener by CloudFormation could potentially override this manual update (e.g., environment update to a new version).

We also have a feature request related to this: https://github.com/aws/copilot-cli/issues/2694, which will allow you to import a validated certificate to the load balancer. Would you mind to give a thumb-up so that we can better prioritize this feature request? Thank you!

[heyheman11]

Hey @iamhopaul123, thanks for responding. Yeah that makes sense, I'll add my support on that issue

[klevo]

Hi @gtamas !

With copilot, you can specify a domain name while initializing an application: copilot app init --domain mydomain.com which will result in all Load Balanced Web Services to get a domain name like this: https://{service}.{env}.{app}.mydomain.com

@kohidave has a step-by-step guide here: https://github.com/kohidave/dns-and-lb-copilot-demo.

@iamhopaul123 on the team is currently working on #1188 (comment) which will add a new field in the manifest file:

http:
  alias: api.mydomain.com # new

to support this usecase.

In the mean time, for doing this outside of Copilot you can follow similar steps to this blog post.

1. Create a new Listener for the load balancer where the Protocol: HTTPS and Port: 443.
2. While configuring the security settings, request a new ACM certificate for api.mydomain.com
3. Choose the certificate after validating it.
4. While configuring the routing follow the exact same settings for the TargetGroup as your current HTTP target group created with Copilot.
5. Once the ALB is configured then you'll need to add a CNAME record pointing api.mydomain.com to http://some-other212121212-23232323.me-south-1.elb.amazonaws.com/ Hopefully that should get the service going with an HTTPS endpoint.

Apologies 🙇 for all this manual labor, copilot app init --domain automates all these steps but the resulting domain is not configurable yet, once #1188 is delivered this complex setup should go away!

Even with the support for alias present in the current codebase, I still find this to be the best solution when adding new HTTPS enabled domains to existing (Production) service, that you don't want to delete and recreate.

4. While configuring the routing follow the exact same settings for the TargetGroup as your current HTTP target group created with Copilot.

I actually had to select the "other" target group available to make it work though. Selecting the same (default) one that associated is associated with the port 80 listener resulted in 503 error. Might have something to do with the fact that the backed service listens on port 3000 internally.

Anyway huge thanks for this comment, looks like it saved me a lot of time.

[dannyrandall]

Hey @klevo, glad you were able to get it working!:blush: Out of curiosity - what kept you from being able to use the alias field?

[klevo]

Hey @klevo, glad you were able to get it working!😊 Out of curiosity - what kept you from being able to use the alias field?

Hi @dannyrandall . Our use case is a already deployed (production) environment using copilot cli, that is not associated to any domain or has any existing aliases (yet). As we onboard new clients, we need to expose our application on new domains, without deleting and recreating the whole environment.

If I attempt to add such domains into alias field, copilot instructs me to initialize my app again, which of course I don't want to do:

manifest.yml before

Classic ALB setup, this is deployed and running:

http:
  path: '/'
  healthcheck: '/health_check'

Attempted manifest modification and then deploy

http:
  path: '/'
  healthcheck: '/health_check'
  # We want to add new domains (sometimes subdomains, sometimes even root domains) over the lifecycle of this environment
  alias: ["africa.auctionapp.io", "africa2.auctionapp.io", "example.com"]

So this currently does not work, you'll be asked to initialize the app again. Ideally I'd expect copilot to add these as new HTTPS listeners to he load balancer, generate the appropriate certificate(s) and print out the certificate validation instructions.

[dannyrandall]

Thanks for sharing those details! I think you'll definitely benefit from our work on Environment Manifests (planned to be in our upcoming release) - it will allow you to make updates to an environment after it's been deployed. While Copilot won't generate the certificates for you, you'll be able to generate a cert in ACM, import the cert to your Copilot environment, and then use any valid aliases under that cert in your services!

That will solve your use case of adding new root domains, but just wanted to let you know that in the current version (v1.19) you can add new subdomains already - there's some details on that here and here. Note that you can include the hosted_zone id in your manifest and Copilot will add the A records pointing to the Load Balancer as well!

[klevo]

Thank you for the heads up @dannyrandall and huge thanks to the whole aws copilot team and all the contributors for a super useful tool and supportive community!

[dannyrandall]

Hey @klevo! Environment Manifests are now released in v1.20 and should enable you to add new aliases without recreating your environments!🚀 Release notes: https://github.com/aws/copilot-cli/releases/tag/v1.20.0 Blog post: https://aws.github.io/copilot-cli/blogs/release-v120/

[klevo]

Awesome, thanks Danny and the team!