I\'m trying to set a CNAME on Cloudflare to point to an Amazon API Gateway endpoint. The CNAME is for use when referring to one of my subdomains. The gateway in turn points
Both existing answers to this question are correct, but if the issue still persists even after following these directions perfectly, try going into the API Gateway settings, navigate to "Custom Domain Name" and configure the Base Path Mappings.
This was the missing step that solved all my problems.
There are several reasons why it doens't work to simply point Cloudflare at your API Gateway domain and call it a day:
api.yourdomain.com
belongs to your API.https
, but the certificate that it uses is only valid for the default domain.There is a solution, however. Here are the steps that I followed when I recently set this up:
us-east-1
region, even if your API is located in a different region. If you are prompted for the certificate chain you can copy it from here.That's it. Enjoy your new highly available API served from your custom domain!
I couldn't get any of the other answers to work. So I ended up having AWS generate the certificate instead of using a Cloudflare Origin one. That's because AWS wouldn't accept my Cloudflare certificate, even when the chain was provided. I couldn't see Cloudflare in Mozilla's Certificate Authority list (which is what AWS relies on, according to the docs) so I guess that makes sense.
Here's the outline of my solution:
This should be roughly it. May this help someone. Feel free to ask questions.
Set up Amazon's API Gateway Custom Domain with CloudFlare
In your AWS management console go to the API Gateway service and select Custom Domain Names
from the left menu.
Click the Create
button.
Log into CloudFlare, select your domain and open the Crypto
tab
Go to SSL
and set your SSL mode to "Full (Strict)" to avoid a redirect loop.
Go to Origin Certificates
and click Create Certificate
Let CloudFlare generate a private key and a CSR and choose RSA as the private key type
Make sure that the hostname for your custom API domain is covered. (e.g. api.mydomain.com
. You can specifically configure this custom domain or use a wildcard such as *.mydomain.com as is configured by default.
Pick PEM
as the key format which is selected by default.
In AWS switch to region US-EAST-1
and goto the Certificate Manager
.
Click Import a Certificate
.
Copy the certificate body from your CloudFlare certificate to Certificate body to the configuration of the custom domain in the AWS Management Console.
Copy the Private key to the certificate private key field in the console
In the certificate chain copy the Cloudflare Origin CA - RSA Root which can be found here.
Enter your custom domain name in the AWS console and a name for your certificate
Now the custom domain name will be created in AWS CloudFront. It can take up to an hour before the domain becomes active.
The next thing you need to do is set up the mappings of the custom domain in the AWS Console.
The final step is to create a new CNAME Record
in CloudFlare to link your domain to the CloudFront url. When you open the settings page of your custom domain in the AWS console copy the Distribution domain name. This is the domain you need to use when creating the new CNAME Record
.
Source