Description
I'm not an AWS expert and quite frankly I don't anyone should be an aws expert to be able to do what I'm trying to do: I'm trying to create an RESTful API with aws-sam and it's done, but I'm stuck on custom domains, I want to use my own custom domain api-dev.my-custom-domain.com and I'm trying to do that with this:
mainBackendApi:
Type: AWS::Serverless::Api
Properties:
StageName: !Ref Stage
customDomainCert:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName: !Sub api-${Stage}.cost-trail.com
DomainValidationOptions:
- DomainName: !Sub api-${Stage}.cost-trail.com
HostedZoneId: Z07232412TMTPG59JSC93
ValidationMethod: DNS
customDomain:
Type: AWS::ApiGateway::DomainName
Properties:
DomainName: !Sub api-${Stage}.cost-trail.com
CertificateArn: !Ref customDomainCert
UrlMapping:
Type: AWS::ApiGateway::BasePathMapping
DependsOn:
- mainBackendApi
Properties:
DomainName: !Ref customDomain
RestApiId: !Ref mainBackendApi
Stage: !Ref Stage
I got this far but now I'm getting this error when deploying:Certificate must be in 'us-east-1', so I need to be able to create the certificate on a different region instead of my region (ap-southeast-1). I can manually create it and pass the ARN to the template that gives me yet another error: certificate provided must be owned by the account creating the domain, i.e., it must have been created by the same user as my aws sam cli user. I honestly can't believe how hard this is compared to just using the serverless framework thing, but that thing is expensive and it's really just an unnecessary expense for me, if only there were more resources, more guides, that are actually beginner friendly.
Steps to reproduce
NOTHING
Observed result
NOTHING
Expected result
I AM NOT SURE.
Additional environment details (Ex: Windows, Mac, Amazon Linux etc)
- OS:
sam --version:
Add --debug flag to command you are running
aprilmintacpineda
All 4 comments
On my list of todos I have now decided to put a label IMPOSSIBLE on this task. It's amazing how there's almost zero resources about this.
One option I have is to migrate to us-east-1, such inconvenience....
aprilmintacpineda
on 12 Oct 2020
I tried this approach:
mainBackendApi:
Type: AWS::Serverless::Api
Properties:
StageName: !Ref Stage
Domain:
DomainName: !Sub api-${Stage}.cost-trail.com
CertificateArn: <ARN_HERE>
Route53:
HostedZoneId: <HOSTEDZONEID>
and got this error: the certificate provided must be owned by the account creating the domain., I'm using an cert that I manually created on ACM us-east-1 region, just provided the ARN
aprilmintacpineda
on 12 Oct 2020
Hello! Kumusta po? I had trouble finding documentation on this as well and encountered several errors, but I can provide the code I used in the end (slight differences from yours above). Does the following work for you?
ExampleApiCertificate:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName: api.example.com
ValidationMethod: DNS
ExampleApi:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
EndpointConfiguration: REGIONAL
Domain:
DomainName: api.example.com
CertificateArn: !Ref ExampleApiCertificate
Route53:
HostedZoneName: "example.com."
Note that the first time you sam deploy, you will have to validate the certificate by creating a DNS record in Route 53. The way I did this was by logging into the Certificate Manager console, then expanding the entry with my domain name ("Pending validation"), expanding the domain again, and clicking "Create record in Route 53." It'll take a few minutes for everything to update and no longer raise errors, but hopefully it will work then! Let me know how it goes.
kirmar
on 14 Oct 2020
@kirmar AWESOME! your suggestion worked!
# API gateway configuration
customDomainCert:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName: !Sub api-${Stage}.example.com
ValidationMethod: DNS
mainBackendApi:
Type: AWS::Serverless::Api
Properties:
StageName: !Ref Stage
EndpointConfiguration: REGIONAL
Domain:
DomainName: !Sub api-${Stage}.example.com
CertificateArn: !Ref customDomainCert
Route53:
HostedZoneId: <HostedZoneId>
but why did that work? From what I read so far on my google search it appears to be because of the EndpointConfiguration.
But I thought EndpointConfiguration is already default to REGIONAL
aprilmintacpineda
on 14 Oct 2020
Related issues
zhangzhx
路
3Comments
bjea
路
3Comments
cmccoypdx
路
3Comments
jpbarto
路
4Comments
rhlsthrm
路
4Comments
Most helpful comment
Hello! Kumusta po? I had trouble finding documentation on this as well and encountered several errors, but I can provide the code I used in the end (slight differences from yours above). Does the following work for you?
Note that the first time you
sam deploy, you will have to validate the certificate by creating a DNS record in Route 53. The way I did this was by logging into the Certificate Manager console, then expanding the entry with my domain name ("Pending validation"), expanding the domain again, and clicking "Create record in Route 53." It'll take a few minutes for everything to update and no longer raise errors, but hopefully it will work then! Let me know how it goes.