We need to add custom domain functionality to our existing API Gateway configuration in our AWS SAM template. This will allow us to use a custom domain name for our API instead of the default AWS-provided URL. Additionally, we'll create an SSL/TLS certificate using AWS Certificate Manager (ACM) within the same template.
Current State
Our current template.yaml file defines an API Gateway (ApiGatewayApi) using AWS SAM, but it doesn't include any custom domain configuration or SSL/TLS certificate.
Proposed Changes
Add a new parameter to the template:
CustomDomainName: To specify the custom domain name
Create new resources in the template:
Certificate: To create an ACM certificate for the custom domain
ApiGatewayCustomDomain: To set up the custom domain
ApiGatewayBasePathMapping: To link the API stage to the custom domain
Add new outputs to provide information about the custom domain configuration and certificate
Implementation Details
Here's a snippet of the changes to be made to template.yaml:
Parameters:
# ... (existing parameters)
CustomDomainName:
Type: String
Description: Custom domain name for the API (e.g., api.example.com)
Resources:
# ... (existing resources)
Certificate:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName: !Ref CustomDomainName
ValidationMethod: DNS
ApiGatewayCustomDomain:
Type: AWS::ApiGateway::DomainName
Properties:
DomainName: !Ref CustomDomainName
CertificateArn: !Ref Certificate
ApiGatewayBasePathMapping:
Type: AWS::ApiGateway::BasePathMapping
Properties:
DomainName: !Ref ApiGatewayCustomDomain
RestApiId: !Ref ApiGatewayApi
Stage: Prod
Outputs:
# ... (existing outputs)
ApiGatewayCustomDomainName:
Description: Custom domain name for the API
Value: !Ref ApiGatewayCustomDomain
ApiGatewayCustomDomainTarget:
Description: Target domain name for DNS configuration
Value: !GetAtt ApiGatewayCustomDomain.DistributionDomainName
CertificateArn:
Description: ARN of the created ACM Certificate
Value: !Ref Certificate
Tasks
[x] Update template.yaml with new parameter, resources, and outputs
[x] Update the Makefile to include a custom domain parameter for the sam deploy command
[x] Test the updated template by deploying to a test environment
[x] Update deployment documentation to include steps for providing custom domain
[x] Add instructions for completing DNS validation for the ACM certificate
[x] Add instructions for configuring DNS settings post-deployment
[ ] Add API tests
[ ] update the readme to explain changes of makefile, especially about deploy
[ ] note changes to CHANGELOG.md
Additional Notes
The certificate uses DNS validation. When you create the stack, ACM will generate DNS records that you need to add to your domain's DNS configuration to validate ownership of the domain.
Certificate creation and validation can take some time (sometimes up to 30 minutes or more). Stack creation might seem to hang during this process, but it's normal.
If the domain validation is not completed within 72 hours, the certificate request will time out, and you'll need to delete the stack and try again.
Ensure you have the necessary permissions to create ACM certificates in your AWS account.
Deployment Steps
Deploy the stack, providing the value for CustomDomainName (e.g., api.example.com).
After deployment starts, go to the ACM console and find the newly created certificate.
In the certificate details, you'll find the DNS records needed for validation. Add these to your domain's DNS configuration.
Wait for the validation to complete and the stack to finish creating.
Once done, create a CNAME record for your custom domain pointing to the value of ApiGatewayCustomDomainTarget in the stack outputs.
Description
We need to add custom domain functionality to our existing API Gateway configuration in our AWS SAM template. This will allow us to use a custom domain name for our API instead of the default AWS-provided URL. Additionally, we'll create an SSL/TLS certificate using AWS Certificate Manager (ACM) within the same template.
Current State
Our current
template.yaml
file defines an API Gateway (ApiGatewayApi
) using AWS SAM, but it doesn't include any custom domain configuration or SSL/TLS certificate.Proposed Changes
Add a new parameter to the template:
CustomDomainName
: To specify the custom domain nameCreate new resources in the template:
Certificate
: To create an ACM certificate for the custom domainApiGatewayCustomDomain
: To set up the custom domainApiGatewayBasePathMapping
: To link the API stage to the custom domainAdd new outputs to provide information about the custom domain configuration and certificate
Implementation Details
Here's a snippet of the changes to be made to
template.yaml
:Tasks
template.yaml
with new parameter, resources, and outputssam deploy
commanddeploy
CHANGELOG.md
Additional Notes
Deployment Steps
CustomDomainName
(e.g., api.example.com).ApiGatewayCustomDomainTarget
in the stack outputs.