how to make AWS api gateway accept http instead of https

amazon-web-services aws-lambda aws-api-gateway
13,044

Solution 1

I recently had a 4 hour long phone call with an AWS representative about a similar problem we had in production stage. My situation was similar, there was nothing we could change in APIGateway to fix it (the rep tried all kinds of tricks, but nothing seemed working). So our conclusion was to spin up an EC2 instance as a proxy server for APIGateway and forward all the traffic. There was some additional work such as transferring the domain name, but overall it worked just fine. In your case, as you only need to redirect HTTP traffic, a simple ElasticBeanstalk proxy app might be enough (EB uses HTTP by default and is behind a Nginx proxy server).

Solution 2

You can put a Cloudfront distribution in front of API Gateway with to following setup:

  • Origin Protocol Policy: HTTPS Only
  • Viewer Protocol Policy: HTTP and HTTPS
  • Forward Headers: None
  • Object Caching: Use Origin Cache Headers

Solution 3

CloudFront is a quick solution as it's much easier to set up compared to instantiating an Elastic Beanstalk.

I have spent couple of hours trying to get this right, so just to share some good write-ups and one more gentle reminder:

  1. This Smartcam project utilize Amazon API Gateway and CloudFront, it describes the setup procedure in details.
  2. The official example given in Amazon's doc demonstrates how to create GET and POST method with query string parameters (e.g. /search?keyword=mars&...), JSON payload and plus path parameters. Must read!
  3. Personal 2 cents:
    • if you are using query string parameters, make sure to edit behavior cloudfront panel and then choose forward all, cache all under Query String Forwarding and Caching.querystring forwarding choice
    • Alternatively, read this doc for another two possible configurations.
    • If you already set the Origin Path to your stage variable (by default: /prod), then when you invoke your CloudFront domain, skip the /prod, simply: xxxx.cloudfront.net/resource1/resource2?param1=...&param2=...origin path screenshot

Solution 4

You may create a CloudFront distribution just for the HTTP to HTTPS redirection.

I advise you to first obtain a SSL certificate for your domain, in ACM (Certificate Manager), the region must be us-east-1.

In CloudFront, click Create Distribution then select Web to create a web distribution.

Here are all the settings you may use, with some extra explanation. Please note that I use v0 as API Gateway stage for this example.

# ORIGIN SETTINGS
# ---

# Origin Domain Name - Paste the domain name of your API Gateway > Stages > v0 but without the path at the end
Origin Domain Name: https://<getway-id>.execute-api.eu-central-1.amazonaws.com

# Origin Path - The name of your API Gateway stage
Origin Path: /v0

# Origin ID - The ID for this origin
# By default it will be defined as `Custom-<getway-id>.execute-api.eu-central-1.amazonaws.com/v0`
# I replace `Custom` by `v0` just to quickly recognise it in the list later on.
Origin ID: v0-<getway-id>.execute-api.eu-central-1.amazonaws.com/v0

# Minimum Origin SSL Protocol - Choose the minimum SSL protocol for CloudFront to use when it establishes an HTTPS connection to your origin.
Minimum Origin SSL Protocol: TLSv1.2

# Origin Protocol Policy - HTTPS since that is all that API Gateway supports. So with HTTPS CloudFront to connects to your origin only over HTTPS.
Origin Protocol Policy: HTTPS

# DEFAULT CACHE BEHAVIOR SETTINGS
# ---

# Viewer Protocol Policy - CloudFront allowed protocol to access your web content
Viewer Protocol Policy: Redirect HTTP to HTTPS

# Allowed HTTP Methods - HTTP methods you want to allow for this cache behavior
# Select at least GET, HEAD, OPTIONS
Allowed HTTP Methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE

# Compress Objects Automatically - No since we are not serving files via CloudFront, we are just returning redirects
Compress Objects Automatically: No


# DISTRIBUTION SETTINGS
# ---

# Price Class
# There is no extra charge for using extra locations, so you may leave it on `Use All Edge Locations`. The total request count is aggregated across all locations for the free tier.
Price Class: Use All Edge Locations

# Alternate Domain Names (CNAMEs) - The domain names of your websites
Alternate Domain Names (CNAMEs): www.example.com

# SSL Certificate - The `Custom SSL Certificate` MUST be a certificate obtained in us-east-1
# So, you may go to ACM (certificate manager) and request a certificate there
# https://console.aws.amazon.com/acm/home?region=us-east-1
SSL Certificate: Custom SSL Certificate > www.example.com

# Custom SSL Client Support - Leave to default value
Custom SSL Client Support: Clients that Support Server Name Indication (SNI)

# Security Policy - Leave to default value
Security Policy: TLSv1.2_2018

Once your CloudFront distribution deployed, go to Route 53 and select your Domain Name in your Hosted Zones.

Create a Record Set > A or select the existing A record. Then in the Record edition console:

Set Alias to Yes. Then set the Alias Target so it points to your CloudFront distribution (instead of your API Gateway if that's what you previously defined). It will appear in a dropdown, and be like www.example.com (<cloudfront-id>.cloudfront.net)

Share:
13,044

Related videos on Youtube

Frank Luo
Author by

Frank Luo

Updated on June 07, 2022

Comments

  • Frank Luo
    Frank Luo almost 2 years

    I have a Lambda function proxied by API Gateway. However, API Gateway only expose https and not http. I searched everywhere but looks like API Gateway is not possible to accept http.

    So my question is how to translate http client calls to https and send to api gateway? I am asking because my client can only make http calls and they won't change.

    • stdunbar
      stdunbar about 7 years
      Unless you want to create your own HTTP->HTTPS or HTTP->Lambda proxy, API Gateway is not the correct solution.
  • Paramvir Singh Karwal
    Paramvir Singh Karwal over 3 years
    Yes, It works. Only that if you are using custom domains within api gateway which automatically creates a cloudfront distribution for you, you will not be able to do such custom change in this automatically created distribution.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

AWS Lambda Function is misinterpreting event dictionary in python?
Increase maximum POST size for Amazon API Gateway
API Gateway Static IP Address
How to correctly call queryStringParameters for AWS Lambda + API Gateway?
How to get validate Cognito Access Token in AWS Lambda to allow Gateway API call?
Lambda return only 200 respose code
POST url encoded form to Amazon API Gateway
AWS API Gateway error response generates 502 "Bad Gateway"
AWS API Gateway Custom Authorizer AuthorizerConfigurationException
AWS API Gateway and Lambda to return image