DEV Community

Matias Kreder for AWS Community Builders

Posted on

15

Using a custom domain name in a Private REST API Gateway

When working on internal networks, particularly within a VPC, developers often encounter the need to interact with a private API gateway. A common scenario is when a network resource, which must make non-internet HTTPS calls without involving the AWS API, requires access to a specific lambda function. While using the API gateway assigned hostname is an option, opting for a private DNS name can provide a more consistent approach across environments.

According to the AWS Documentation: "Custom domain names are not supported for private APIs."
However, there is a simple hack to get this to work.

TL;DR; Architecture

Image description

Full Solution

  1. On the VPC, create a "execute-api" VPC endpoint for API Gateway
  2. On API Gateway, create a private REST API and all necessary/ resource methods. Create a resource policy that only allow access through the VPC Endpoint
  3. On the VPC Endpoints, explore the Subnets section of the VPC endpoint created in step 1 and grab the IPs
  4. Create a TLS target group using the IPs from step 3.
  5. Create a TLS internal NLB, using the target group from step 4.
  6. Create a custom domain name in API Gateway (Regional type) but point it to the private API gateway.
  7. On Route53, configure a private zone attached to the same VPC with a CNAME record that points to the NLB DNS address.

Once this is done, it should work. I have done this many times in different projects but keep forgetting about it, so I figured it was a good time to document it to be useful for someone else.

Image of Datadog

Create and maintain end-to-end frontend tests

Learn best practices on creating frontend tests, testing on-premise apps, integrating tests into your CI/CD pipeline, and using Datadog’s testing tunnel.

Download The Guide

Top comments (0)

Best Practices for Running  Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK cover image

Best Practices for Running Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK

This post discusses the process of migrating a growing WordPress eShop business to AWS using AWS CDK for an easily scalable, high availability architecture. The detailed structure encompasses several pillars: Compute, Storage, Database, Cache, CDN, DNS, Security, and Backup.

Read full post