AWS API Gateway behind CloudFront, forwarding headers?

4
votes

I have an API Gateway that is one of many origins behind a CloudFront distribution that I created. I am trying to forward certain headers to origins (Host, Origin, among others). When I do not forward any headers, the requests reach the API Gateway just fine. However, as soon as I enable header forwarding in the CloudFront distribution (either All or Whitelist) the API Gateway is no longer able to handle the requests. I get the following error:

ERROR

The request could not be satisfied.

CloudFront wasn't able to connect to the origin.

Any advice on fixing this problem?

1
amazon-web-servicesaws-lambdaamazon-cloudfrontaws-api-gateway
Do you have API Gateway logging enabled? I would check the API Gateway logs to see if it is logging any errors that may be helpful here. - Mark B
I see that there is a log group in CloudWatch but there are no streams within it - Marty
Of course you can't forward the Host: header from the original request to API gateway. That doesn't make sense. API gateway needs to see the hostname it has assigned to your endpoint in the incoming request's host header. What other headers break your configuration if you enable them? - Michael - sqlbot
Yeah, that seems obvious now that you have written it. Is there a header that I can use to get the CNAME that CloudFront is forwarding for? I tried forwarding the X-Forwarded-Host header, but it doesn't seem like CF is setting this. - Marty
@Marty - did you ever solve this? - Petrogad

1 Answers

4
votes

As commented above, you can't forward the Host header to the API Gateway origin. Without the Host header, API Gateway doesn't know what API is being invoked.