Create a custom domain without migrating the parent domain and certificates in AWS for APIs

Fig 1. API gateway as an entry point for API

Introduction

In this article, we are going to discuss how we can create custom domains for web and API microservices without migrating the parent domain and SSL certificates in AWS. Also, this is useful when your parent domain and DNS service is not managed by AWS (AWS DNS entry can be used to manage only DNS at the parent domain managed side).

Managing Certificates through ACM

AWS Certificate Manager (ACM) allows requesting public certificates for domains trusted by the browser and operating systems. You can request certificates for your domain or import an existing certificate without requesting a new one. Here, we will explain how we can request a public certificate for your domain.

Fig 2. ACM service to request a certificate

Add the domain name for which you need the certificate.

Fig 3. Add domain name

Now the domain validation can be performed in two ways. DNS validation will provide a CNAME entry that needs to be added to the DNS entry for the parent domain. Email validation requires providing the email address of the contact address of the domain owner.

Fig 4. Validation method (DNS/ Email)

Once the validation is completed, you can use Amazon issued certificate for our domain with AWS services like API Gateway.

Create custom domain

A subdomain for the parent domain can be created from the custom domain tab under the API gateway service. Provide the preferred domain name and choose the certificate from the ACM tab as shown in the figure below.

Fig 5. Create Custom Domain

Once the custom domain is created it will provide a CloudFront endpoint as an entry. Now this record needs to be added as a CNAME in the parent domain DNS entry. e.g. api.example.com -> CNAME (Record Type) -> Cloudfront URL. Those are marked in the figure below with red boxes.

Fig 6. Endpoint Configuration for Custom Domain Names

Now in the API mapping section, the custom domain can be mapped to API created from the API gateway. Users requesting resources to the custom domain will route to the corresponding API.

Conclusion

In this article, we covered ACM to issue a certificate for a domain and use it for the custom domain. Also, the Custom domain can be mapped to the API gateways. API gateway can be used as a single point of entry for the web applications and API microservices hosted in AWS. This is really useful when the parent domain is not owned by AWS and DNS is also not managed by AWS Route 53 service.

Please provide feedback/post questions in the comments.