问题
I've created an expressjs api and hosted in AWS lambda with an api gateway for the same. It is working fine as expected with the url:
https://[api-id].execute-api.[region].amazonaws.com/prod/api/v1/todos
But I want to invoke it using a custom domain and I confgiured it using the custom domain option of the api gateway. I've registered my domain using google domains and I've added the CNAME entry in DNS configuration to map it to the cloudfront target domain name. So far so good.
The api gateway custom domain configuration is as follows with corresponding mappings.
My problem is that I'm getting the message Cannot GET /aprod/api/v1/todos, on invoking with url:
https://apis.mydomain.com/aprod/api/v1/todos
and forbidden on
https://apis.mydomain.com/api/v1/todos
.
My cloudwatch logs is as follows. If I'm not invoking with custom domain it works fine (green block), else no specific message (red block).
I've already spent two weekends on this issue, any help is much appreciated.
回答1:
Based on my experience, there are two possible causes.
VPC Link
If your origin server is inside private VPC, it is necessary to create VPC Link and Network Load Balancer (NLB) instead of Application Load Balancer (ALB).
See more detail: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html
Point to API Gateway Endpoint
CNAME should point to the API Gateway endpoint instead of CloudFront. In this case, the value of CNAME should be like this.
https://[api-id].execute-api.[region].amazonaws.com
Otherwise, the access through the custom domain is passed directly to the CloudFront.
(Another Possible Cause) Using A Record
In my case, A record is used to point to the alias of NLB. It is a functionality of Route53 but using A record might be necessary instead of CNAME.
回答2:
Did you check the official documentation for setting up custom domain name for API in API Gateway? Note that the recommendation is different based on the deployment option you chose -- regional or edge-optimized:
When you create a custom domain name for an edge-optimized API, API Gateway sets up a CloudFront distribution. But you must set up a DNS record to map the custom domain name to the CloudFront distribution domain name for API requests bound for the custom domain name to be routed to API Gateway through the mapped CloudFront distribution. You must also provide a certificate for the custom domain name.
When you create a custom domain name for a regional API, API Gateway creates a regional domain name for the API. You must set up a DNS record to map the custom domain name to the regional domain name for API requests bound for the custom domain name to be routed to API Gateway through the mapped regional API endpoint. You must also provide a certificate for the custom domain name.
This other Stack Overflow thread might also be helpful: Regional/Edge-optimized API Gateway VS Regional/Edge-optimized custom domain name
回答3:
Please check below links,
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html
https://medium.com/@maciejtreder/custom-domain-in-aws-api-gateway-a2b7feaf9c74
https://forums.aws.amazon.com/thread.jspa?threadID=251731
https://aws.amazon.com/premiumsupport/knowledge-center/custom-domain-name-amazon-api-gateway/
https://datanextsolutions.com/blog/setup-custom-domain-for-an-api-in-aws-api-gateway/
回答4:
The "Cannot GET" error code is not a Lambda or API Gateway error code, and looks specific to Express JS.
The logs you've posted look like lambda logs, and if so then either lambda is getting invoked by something else, or you have successfully invoked your lambda function via the API call using "https://apis.mydomain.com/aprod/api/v1/todos" as user "Sándor Bakos" suggested.
This means that you aren't dealing with a custom domain or API Gateway error, but instead are seeing this error from your Lambda function code. Some quick googling proves that out and I wonder if this SO post will help? Node, Express - CANNOT GET route
For a bit more detail, if you were to invoke an URI in API Gateway that doesn't exist, unless you are successfully using SIGV4(IAM Auth) you will get a 403 with error message "Missing Authentication Token", and even then it would not return a "Cannot GET" error message unless you specifically mapped a gateway response for it.
来源:https://stackoverflow.com/questions/57944161/aws-api-gateway-not-working-with-custom-domain