问题
I know that custom domain names are not supported for private APIs.
Also, similar question was answered here.
Unlike the problem of ugly url as in question above, my problem is with format of private dns, which is as follows:
https://{restapi-id}.execute-api.{region}.amazonaws.com/{stage}
The problem is that hostname is dynamic - RestapiId can change whenever CloudFormation stack is recreated. This recreation is done when CF stack is in rollback_complete state and can not be updated. Then I need to delete stack, create it again and all clients using my API need to update RestapiId part of hostname, which would not be acceptable. Also the answer mentioned above (using proxy server) is not acceptable. Maybe a solution could be a possibility to set id for ApiGateway resource manually in CF template, but as I know it is not possible.
Any ideas how to solve this? Thanks in advance.
回答1:
Looks like here's a workaround for this. You can create an ALB which targets your private endpoint, and target custom domain to this ALB.
More details in this post: https://medium.com/@george.mao/enabling-private-apis-with-custom-domain-names-aws-api-gateway-df1b62b0ba7c
But it still have some caveats and doesn't look very reliable to me.
回答2:
The solution linked by tmn4jq (and the similar one by add9 in a comment) worked for me in our environment.
As I understand it, an internal ALB or NLB with an SSL certificate for your domain name attached is able to act like a proxy, which associates the certificate and matching domain name to the incoming request.
You use API Gateway's "Custom Domain Name" tool make the connection between that domain name, certificate, and the API Gateway. Then your API Gateway will accept traffic passing from the ALB with the expected domain name.
This is an updated link for the article formerly at cloudbanshee that I followed: https://www.sentiatechblog.com/connecting-to-a-private-api-gateway-over-vpn-or-vpc-peering
回答3:
You can create a mapping from a custom domain name to an API GW as part of the same cloudformation template.
High level steps are:
- Manually create a custom domain name on API GW.
- Create a cloudformation template that creates an API GW resource
- Create an API GW mapping that maps the previously created custom domain with the API GW resource created as part of the Cfn template.
This allows the URL to remain the same even though the restapi id changes on each Cloudformation depoyment.
来源:https://stackoverflow.com/questions/57674716/how-to-workaround-custom-domain-for-private-api-gateway