My understanding is that we need to make sure all the app API endpoints still work when the app is working in offline mode, meaning there's just the local instance of the server running on our on-prem machine with no internet connection. If we needed the offline API endpoint to still use https and if it were to use the same FQDN as the AWS endpoint, we'd somehow have to have a copy of the cert and make that look valid to the app. This could work, but we'd likely need to configure our local DNS such that our local offline server could pretend to be Amazon (e.g. if we're using a static IP, create a fake A record for that IP on our local DNS and also pretend our local server has that IP, etc).
Another thing we could do is have the user app code detect when it's in "offline mode" and switch to using an API endpoint with a different FQDN, which can be mapped on our local DNS to an IP we already have for the local server. Then the app would just change its behavior when knocked offline, and our server wouldn't have to pretend to be Amazon.
What would be the requirements for each case (or another strategy), and which is most feasible/robust?
My understanding is that we need to make sure all the app API endpoints still work when the app is working in offline mode, meaning there's just the local instance of the server running on our on-prem machine with no internet connection. If we needed the offline API endpoint to still use https and if it were to use the same FQDN as the AWS endpoint, we'd somehow have to have a copy of the cert and make that look valid to the app. This could work, but we'd likely need to configure our local DNS such that our local offline server could pretend to be Amazon (e.g. if we're using a static IP, create a fake A record for that IP on our local DNS and also pretend our local server has that IP, etc).
Another thing we could do is have the user app code detect when it's in "offline mode" and switch to using an API endpoint with a different FQDN, which can be mapped on our local DNS to an IP we already have for the local server. Then the app would just change its behavior when knocked offline, and our server wouldn't have to pretend to be Amazon.
What would be the requirements for each case (or another strategy), and which is most feasible/robust?