Redirect http:// requests to https:// on AWS API Gateway (using Custom Domains)

amazon-web-services aws-sdk aws-api-gateway amazon-route53
13,594

API Gateway doesn't directly support http without TLS, presumably as a security feature, as well as for some practical considerations.

There is not a particularly good way to do this for APIs in general, because redirection of a POST request from HTTP to HTTPS is actually a little bit pointless -- the data is has already been sent insecurely by the time the redirect is generated, unless the client has asked the server to inspect the request headers before the body is sent, with Expect: 100-continue.

You can create a CloudFront distribution, and configure it to redirect GET and HEAD requests from HTTP to HTTPS... but if you send a POST request to such a distribution, CloudFront doesn't redirect -- it just throws an error, since (as noted) such a redirection would be more harmful than helpful.

However... if GET is your application, then it's pretty straightforward: first, deploy your API with a Regional (not Edge-Optimized) API endpoint with a system-assigned hostname, not a custom domain.

Then, create a CloudFront distribution that uses this regional API endpoint as its origin server, and configure the CloudFront distribution's behavior to redirect HTTP to HTTPS. Associate your custom domain name with the CloudFront distribution, rather than with API Gateway directly.

Share:
13,594
supersan
Author by

supersan

Creator, Article Video Robot (PHP7, Mysql, Angular 1.x) https://www.articlevideorobot.com Created Article Video Robot, an online software that can turn any text article into an animated movie with music and narration (text-to-speech). Creator, Uploader Window (Laravel, Mysql, Vue) https://www.uploader.win Uploader window allows web developers to easily add a File Uploader forin their own projects. It was ranked as #1 Product of the Day (January 21, 2018) on Product hunt (www.producthunt.com) Creator, InstaKeywords (PHP7, Mysql, AWS Lambda) https://www.instakeywords.com Created Instakeywords, a SEO tool for website owners to find long tail keywords and increase website rankings. Creator, Toufee (PHP, Mysql, AS3) https://www.toufee.com Co-Created toufee.com, initially a flash based tool for webmasters to create banners and slideshows (now with HTML5 / Canvas). Toufee has been featured on Techcrunch, Mashable, Lifehacker, etc Founder, Day and Night Solutions India http://www.dayandnight.in Established an India-based company in 2004 that has products featured in Techcrunch, Mashable, Adobe and Discovery channel. Created LambdaPHP (open source) https://www.github.com/san-kumar/lambdaphp - 62 stars My own PHP framework for hosting websites on AWS Lambda using AWS's API.

Updated on June 07, 2022

Comments

  • supersan
    supersan about 2 years

    I'm using AWS API Gateway with a custom domain. When I try to access https://www.mydomain.com it works perfectly, but when i try http://www.mydomain.com it can't connect.

    Is there a way to redirect the http -> https with the custom domain in API Gateway? If not, is there a way to get the http:// links to work just like the https:// links?

  • Kyeotic
    Kyeotic over 5 years
    Can you explain how to associate the custom domain with cloudfront?
  • Michael - sqlbot
    Michael - sqlbot over 5 years
  • Philipp Kyeck
    Philipp Kyeck over 3 years
    Hi @Michael-sqlbot, I know that this is a pretty old answer but maybe you can help me nonetheless. I set everything up as you explained. Had most of it but had to switch from pure API Gateway to CloudFront for the http->https redirects ... if I want to disable the default API endpoint and only serve through CloudFront's custom domain, can I do that? Just disabling it leads to 404s. What do I have to use as origin domain name if I disable it. Or can't this be done when using CloudFront?
  • Finesse
    Finesse almost 3 years
    Thanks for the answer. AWS makes my life so much more complicated. What I want to do is just make my website run as a lambda function. I need all HTTP GET requests to be redirected to HTTPS (for users who type the website address manually) and to have access to the original request headers (accept-language, hostname, user-agent, etc). API Gateway doesn't even offer to redirect HTTP to HTTPS (why???) and CloudFront removes all the headers so that the website can't even get its hostname.
  • Jamneck
    Jamneck almost 2 years
    @Finesse I had the same issue. It appears that when using API Gateway with regional custom domains only HTTPS is supported and API Gateway does not redirect from HTTP to HTTPS. stackoverflow.com/a/58683733/3310669

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

AWS API Gateway : Execution failed due to configuration error: No match for output mapping and no default output mapping configured
Access HTTP request (headers, query string, cookies, body) object in lambda with http endpoint
Is there a .NET library that can sign a request with AWS V4 Signature?
How to keep WebSocket connection Alive - Flutter AWS?
How Should I integrate Amazon RDS in Flutter? Any native dart support package?
Increase maximum POST size for Amazon API Gateway
AWS Lambda gateway API gives error message
AWS API-Gateway communicating to SNS
AWS Cognito + google signup
Is it possible to write to s3 via a stream using s3 java sdk