Automatic Multi-Region DNS Failover in AWS Route53 For AWS API Gateway API’s

Rocky Top Solutions
Oct 15 · 5 min read

Do you have an API hosted on AWS API Gateway? Do you wonder how you can deploy that API into multiple regions around the globe and have automatic failover protection in case one region goes offline so that your API keeps on working without any intervention? Well, you came to the right blog post.

In this post, I will show you how to setup and configure your AWS Route53 DNS entries, health checks, and AWS API Gateway APIs in order to have that automatic failover protection you’re looking for.


The first thing we need to do is have domain setup in AWS Route 53. Once you have a domain, we also need to setup a hosted zone in Route 53 for that domain. Inside this hosted zone is where we will add our DNS records we need as part of our automatic DNS failover configuration. Once you have a domain name and hosted zone setup, let’s get going on configuring automatic DNS failover!


First things first, we need to have the desired API deployed to AWS API Gateway in each of the AWS regions we want in our setup. If you do not have that yet, you can follow this guide as an example on how to create an API using HTTP front-end with AWS Lambda as the back-end for processing the requests. You will need an endpoint on your API that will respond to GET requests and be able to return status code of 2XX in order for our healthchecks to know that our API is healthy in each region.

Once you have that, you will need to create an SSL certificate on AWS Certificate Manager in each of the same regions to use with your domain which we will use in the next step. You will need to verify the entries you add to your SSL certificate. If you are using Route 53 as we have discussed in this article, you can expand each of the domain name listings and add it to Route 53. We then just need to wait on the verification to complete before moving onto the next step.

Now that you have your API deployed to AWS API Gateway and we have SSL certificate for our domain, we need to setup a custom domain name in AWS API Gateway in each of our AWS regionsif they. Go to the AWS API Gateway console and click Create Custom Domain Name. It will open up a form to create a new custom domain in which you should fill it out as follows:

  • For Domain Name, fill in your desired domain for this API. (e.g. examplecorp.com)
  • Choose HTTP Protocol
  • Security Policy: TLS 1.2 (1.2 is latest and most secure as of this writing. If there is a newer version as you’re reading this, choose it instead)
  • Endpoint Configuration: Regional (this selection is important!)
  • Choose the SSL certificate you created in the previous steps, then click Save

Cool. Now we have everything configured in API Gateway. Let’s move on to Route 53.


We now need to setup our healthchecks that will allow us to determine if a certain region is unavailable automatically, which we will use to route our traffic accordingly. Visit the AWS Route 53 Console then click on Health Checks in the left hand menu and then click Create health check.

Under the first section under Configure health check, give this health check a name that would specify the region, service, and environment this is being used for so we can keep things organized and easy to know what health check is monitoring what. A good name may be something like Production — US-East-1 — API for example. For What to monitor, select Endpoint.

Now, in the Monitor an endpoint section, use the following configuration:

  • Specify endpoint by: Domain Name
  • Protocol: HTTPS (this is required to be HTTPS because we use API Gateway API stage generated URLs which are HTTPS)
  • Domain Name: This will be the Invoke URL generated for the API stage in API Gateway such as dev, prod, etc after deploying an API. Template URL for where you can find it is https://console.aws.amazon.com/apigateway/home?region=us-east-1#/apis/{{API_ID}}/stages/dev and an example URL is dk0bnnfwn2.execute-api.us-east-1.amazonaws.com
  • Leave Port as default since it is determined by the protocol you selected
  • For Path, enter the stage name for the URL you copied above (e.g. dev,production, etc) followed by the endpoint path you want the health check to monitor. (The one I mentioned earlier that needed to have a GET method and return a 2XX status code). For example, a valid path could be dev/health

You can expand the Advanced Configuration section and change some of the options if you wish. One I would possibly really consider modifying is the list of Health Checker Regions. The reason is that if you are using Lambda as your backend, this will cause many more invocations of your method to be invoked. You have to choose at least 3 regions, and so I normally only choose 3 for my development and staging environment APIs, and 4 for my production environment APIs.

Click Next and on the next screen, you can setup CloudWatch alarms when the health check fails for the number of consecutive times specified in the Advanced Configuration section on the first page. Continue on and create the health check.

Repeat the above steps for each of the regions you wish to deploy your API, remembering to grab the correct Invoke URL for the API in each region. Now you should have all of your health checks in place, lets move on to the last piece of the puzzle, the DNS entries in your hosted zone for your domain.


Let’s get the last piece configured now. Head over to the AWS Route 53 Console once again, and click on Hosted Zones in the left menu, then click on the hosted zone for your domain. Click on Create Record Set and enter the following details:

  • Name: desired domain/subdomain mapping you want for this api (e.g. api.examplecorp.com).
  • Record type:CNAME
  • Alias: No
  • TTL: 300 (5m)
  • Value: This is the value of Target Domain Name generated when you created the custom domain in API Gateway. Copy that value and paste it here
  • Routing Policy: Latency
  • Select the region that matches the custom domain Target Domain Name you just pasted, and then give this policy a name that distinguishes it from the other regions and environments you may use.
  • Associate With Health Check: Yes then select the health check that corresponds with the same region and environment that matches the other values for this CNAME record
  • Click Create
  • Follow the same steps for all other regions you deployed your API to

That’s it! Now whenever one of your regions are unavailable for whatever reason, it will take just a few minutes (<5 minutes) for your other regions to pick up the load. The response times may be a little slower than the desired region since these are latency based routing rules, but your application should keep on working after the health checks fail the specified number of times and the other regions take over!

Software Development Tutorials

Tutorials on the different aspects of software development workflow

Rocky Top Solutions

Written by

Service Disabled Veteran Owned Small Business providing custom website and mobile app development services, SEO services, and technology consulting.

Software Development Tutorials

Tutorials on the different aspects of software development workflow

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade