Connect Cloudflare To AWS Api Gateway
In this article we will see how we can define a CNAME on Cloudflare to connect our domain to our AWS API Gateway.
Client Certificate On Cloudflare
First of all we need a TLS certificate to be able to verify Cloudflare as a trusted party on AWS.
To generate the certificate:
- Go to Cloudflare dash board
- Go to SSL/TLS section
- Click on Origin Server
- Click on “Create Certificate“
After clicking on “Create Certificate” you need to fill in some information, You need to define which subdomain of you main domain can be used for this certificate, I used “*.mydomain.net” which mean this certificate can be used for all sub domains associated with this domain. Keep the default value for other parameters as they are and click on create.
After clicking on create it shows you the values for the Origin Certificate and the Private Key, Make sure to save both somewhere secure, Since you need the values of them in our further step when you wanna import it in your “AWS Certificate Manager”.
Import Cloudflare Certificate In AWS Certificate Manager
In order to let the Cloudflare and AWS interact with each other in a secure way you need to import the certificate generated by Cloudflare in our previous step in AWS Certificate Manager. To do so; First search for “Certificate in your AWS Console” and choose the Certificate Manager.
Now click on “Import a certificate”. Now fill in the fields with the values obtained from CloudFlare.
The value for the Certificate chain can be obtained using this link. For more information you can visit this Cloudflare support page.
After the import if you have entered correct values you should be able to see your certificate with the specified sub domain in your “AWS Certificate Manager” console with the status of “Issued”.
Create The Custom Domain Name In AWS API Gateway
Now go to the AWS Api Gateway console, Click on “Custom domain names” And click on “Create”.
Now you should set your sub domain of your choice, Here I set it as “test.mydomain.net”.
After that you need to choose your certificate we imported before in AWS Certificate Manager under the Endpoint Configuration Section.
And keep the other settings as they are and click on “create domain name”.
Add API Gateway To Custom Domain Name
Now we need to add our API Gateway to our created Custom Domain Name. To do so, Go to API mappings section and Click on Configure API mappings.
Now click on “Add new mapping” and select your desired API Gateway and stage, Then click on save.
Create CNAME Record On Cloudflare
Now the last step!😮💨
Go to your Cloudflare dashboard under the DNS section, choose Records, Then click on Add record. Set the Type as CNAME, The value for the Name should be your sub domain which in our case is “test”. Now the value for the Target, You should get this from your Custom Domain Name in AWS Console, Under the Endpoint configuration section there is a field called “API Gateway domain name” copy the value of it and set it for the Target in Cloudflare.
Now hit the save button and your are good to go!!!🍾🍾🍾
Congratulations!!! Now your Domain is connected to your API Gateway. You can test it out by calling one of your API Gateway’s apis using your subdomain, Which in our case is “test.mydomain.net/hello”. 🎉🎉🎉
Troubleshooting
If you encountered 521 error on CloudFlare, make sure to set the SSL setting in Cloudflare to “Full”.
If you have this problem you should see something like below.
To fix it; Go to Cloudflare dashboard -> SSL/TLS -> overview and set your SSL/TLS encryption mode to Full.
I have more articles about the AWS world and more will come, If you’d care to read more and learn more tricks about AWS, follow me on Medium :)