Custom domain for API Gateway returning 403

amazon-web-services amazon-cloudfront aws-api-gateway
20,190

Solution 1

Here is the developer guide if you haven't seen it. http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html

All you need to do is set up a CNAME with your DNS provider pointing at the CF distribution that API Gateway gives you. You won't be able to make API calls directly to the CF distribution. API Gateway maps the API/stage from the Base Path mapping you set up in API Gateway so only API calls directed at the domain name will work correctly.

Solution 2

You need to use host header in your request. Host should be your custom domain.

curl https://<cf-id>.cloudfront.net/myapi -H "Host: api.myapi.com"

Solution 3

In my case I had to add base path mapping.

Solution 4

In my case Legacy cache settings headers was the issue.

If you have selected Legacy cache settings in cloud-front behaviour In cloud-front distribution under behaviour-> Legacy cache settings-> Header drop down

After selecting value as None solved my problem

Share:
20,190
BBS
Author by

BBS

I am a software engineer living in Canberra.

Updated on December 28, 2021

Comments

  • BBS
    BBS over 2 years

    I am creating an api using API Gateway and Lambda. Using the url designated in the API Gateway Stage editor everything works fine; however, when I try and move to a custom domain I am running into some issues.

    The first thing I tried was using a CNAME record in Route 53 straight from my domain onto the domain that I got from the API Gateway. That was returning some errors and I think it is the incorrect solution is that correct?

    Next I tried the Custom Domain Names feature in API Gateway. My understanding is this will roll up a CloudFront distribution that I can then map onto from Route 53. When I created the custom domain and added a Domain Mapping it provides me with a url to what I assume is a CloudFront distribution. The link is returning a 403 response and no distribution has been made in CloudFront. What is a good way of debugging this problem?

  • user510101
    user510101 over 6 years
    adding the Host header was the missing piece for me. I have an API key required for the APIG, and was already providing the x-api-key custom header, but without the Host header, the request was always forbidden when using cloudfront
  • Nate Barbettini
    Nate Barbettini over 6 years
    This is the real answer!
  • JamesQMurphy
    JamesQMurphy almost 6 years
    No, it's not. The whole point of using a custom domain is so that you can use it instead of using cloudfront.net.
  • shrumm
    shrumm over 5 years
    It's useful to verify everything is working before connecting it to the 'real' domain.
  • bormansquirrel
    bormansquirrel about 5 years
    Yes, even if you don't want to have an extra bit in your url layout (e.g. api.mydomain.com/whatever), you will need to add a / base path mapping in order to make it work
  • Steven
    Steven over 3 years
    I tried with postman and this solved half of the problem. But you can't set Host header in AJAX requests, the browser does not let you. Is there a solution to this?
  • Fernando Piancastelli
    Fernando Piancastelli about 3 years
    In my case, adding this Host header with my desired api.example.com is what allowed my api.example.com Route 53 record to go through - I didn't touch my cloudfront console tab.
  • l33tHax0r
    l33tHax0r over 2 years
    This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review
  • Jesse Barnum
    Jesse Barnum over 2 years
    This answer solved my problem.
  • Marcello Romani
    Marcello Romani over 2 years
    I wonder if it's possible to use an APIGW custom domain without a cloudfront distribution...
  • Marcello Romani
    Marcello Romani over 2 years
    Ah, it depends on the endpoint type, Edge or Regional...
  • Ashish Karpe
    Ashish Karpe about 2 years
    Bty my I am getting {“message”:“Forbidden”} on my hosted domain name URL but when I open api endpoint my service is accessed. Note my api is open but my route 53 entry is in different aws account and my custom domain created for api and cloudfront are in different aws account

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to keep WebSocket connection Alive - Flutter AWS?
AWS API Gateway Model : Invalid model schema specified
Invalidate all files in a folder in cloudfront console
AWS Lambda Function is misinterpreting event dictionary in python?
Increase maximum POST size for Amazon API Gateway
AWS Lambda gateway API gives error message
AWS API-Gateway communicating to SNS
API Gateway Static IP Address
how to Put json data using Amazon API gateway to Kinesis stream
How to correctly call queryStringParameters for AWS Lambda + API Gateway?