how to make AWS api gateway accept http instead of https

Question

I have a Lambda function proxied by API Gateway. However, API Gateway only expose https and not http. I searched everywhere but looks like API Gateway is not po

Answer 1

You may create a CloudFront distribution just for the HTTP to HTTPS redirection.

I advise you to first obtain a SSL certificate for your domain, in ACM (Certificate Manager), the region must be us-east-1.

In CloudFront, click Create Distribution then select Web to create a web distribution.

Here are all the settings you may use, with some extra explanation. Please note that I use v0 as API Gateway stage for this example.

# ORIGIN SETTINGS
# ---

# Origin Domain Name - Paste the domain name of your API Gateway > Stages > v0 but without the path at the end
Origin Domain Name: https://.execute-api.eu-central-1.amazonaws.com

# Origin Path - The name of your API Gateway stage
Origin Path: /v0

# Origin ID - The ID for this origin
# By default it will be defined as `Custom-.execute-api.eu-central-1.amazonaws.com/v0`
# I replace `Custom` by `v0` just to quickly recognise it in the list later on.
Origin ID: v0-.execute-api.eu-central-1.amazonaws.com/v0

# Minimum Origin SSL Protocol - Choose the minimum SSL protocol for CloudFront to use when it establishes an HTTPS connection to your origin.
Minimum Origin SSL Protocol: TLSv1.2

# Origin Protocol Policy - HTTPS since that is all that API Gateway supports. So with HTTPS CloudFront to connects to your origin only over HTTPS.
Origin Protocol Policy: HTTPS

# DEFAULT CACHE BEHAVIOR SETTINGS
# ---

# Viewer Protocol Policy - CloudFront allowed protocol to access your web content
Viewer Protocol Policy: Redirect HTTP to HTTPS

# Allowed HTTP Methods - HTTP methods you want to allow for this cache behavior
# Select at least GET, HEAD, OPTIONS
Allowed HTTP Methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE

# Compress Objects Automatically - No since we are not serving files via CloudFront, we are just returning redirects
Compress Objects Automatically: No


# DISTRIBUTION SETTINGS
# ---

# Price Class
# There is no extra charge for using extra locations, so you may leave it on `Use All Edge Locations`. The total request count is aggregated across all locations for the free tier.
Price Class: Use All Edge Locations

# Alternate Domain Names (CNAMEs) - The domain names of your websites
Alternate Domain Names (CNAMEs): www.example.com

# SSL Certificate - The `Custom SSL Certificate` MUST be a certificate obtained in us-east-1
# So, you may go to ACM (certificate manager) and request a certificate there
# https://console.aws.amazon.com/acm/home?region=us-east-1
SSL Certificate: Custom SSL Certificate > www.example.com

# Custom SSL Client Support - Leave to default value
Custom SSL Client Support: Clients that Support Server Name Indication (SNI)

# Security Policy - Leave to default value
Security Policy: TLSv1.2_2018

Once your CloudFront distribution deployed, go to Route 53 and select your Domain Name in your Hosted Zones.

Create a Record Set > A or select the existing A record. Then in the Record edition console:

Set Alias to Yes. Then set the Alias Target so it points to your CloudFront distribution (instead of your API Gateway if that's what you previously defined). It will appear in a dropdown, and be like www.example.com (.cloudfront.net)