Routing to API gateway using AWS Route 53

1
votes

I have a lambda function in all AWS regions. I have clients throughout the globe who will make a POST call to my base domain example.com. It is the responsibility of my (kind-of) load-balancer to make sure that the requests are routed to the API gateway of the region which is closest to the client, in order to minimize the latency.

So, far I have the following configuration:

  • Lambda functions deployed on each region
  • Custom domain names for each of the API gateways, which exposes a CloudFront domain name. For instance, N.California region has custom domain name us-west-1.example.com configured and a mapping of the path which calls my lambda. The CloudFront URL for this API gateway is d12345123.cloudfront.net
  • A RecordSet of type A in the Route53 hosted zone for us-west-1.example.com which is an alias of d12345123.cloufront.net. If I make a POST call to us-west-1.example.com/1.0/localdb, it returns me the correct output.
  • A traffic policy in Route53 and a policy record, for default.example.com of A type, which has a geo-proximity rule assigned to it, which redirects the traffic to the CloudFront instance (the same instance which is exposed after adding the custom domain name in that region) of the region. This creates an entry for default.example.com in the hosted zone of type A
  • A RecordSet of type A in the Route53 hosted zone for example.com which is an alias to default.example.com, so that the traffic which comes to example.com can be routed to default.example.com

After these configurations, when I make a call to example.com, I receive a 403 response from Cloudfront, calling it a Bad Request

Thanks

1
amazon-web-servicesdnsamazon-cloudfrontaws-api-gatewayamazon-route53
Possible duplicate of Set up DNS based URL forwarding in Amazon Route53 - vascop
You'll find a gap between what you think you have accomplished, and what you have actually accomplished, so far. Your default.example.com won't do what you expect, so answering what you've asked won't help. Invoking Lambda functions typically means using API Gateway, and it is not sufficient to point different CNAME records to different API Gateway deployments in different regions -- for a given hostname, you can only configure API Gateway to expect that hostname in one region. Please provide more details about what you are actually trying to accomplish and your specific configuration. - Michael - sqlbot
When a browser makes an HTTP request, it sets the Host header to the hostname in the URL in the address bar. Regardless of any intermediate DNS resolution steps, the original hostname is what the destination sees. That is the fundamental problem you are up against. There is not currently an AWS native, managed, serverless solution for this. It requires regional proxy servers to rewrite those host headers, or redirects to the regional hostnames, or... if your APIs always require < 3 seconds to process requests, then there's a potential solution in Lambda@Edge. - Michael - sqlbot

1 Answers

1
votes

As of Nov 2017 "Amazon API Gateway Supports Regional API Endpoints"

https://aws.amazon.com/about-aws/whats-new/2017/11/amazon-api-gateway-supports-regional-api-endpoints/

You can now choose from two types of API endpoints when creating REST APIs and custom domains with Amazon API Gateway. A regional API endpoint is a new type of endpoint that is accessed from the same AWS region in which your REST API is deployed. This helps you reduce request latency when API requests originate from the same region as your REST API. Additionally, you can now choose to associate your own Amazon CloudFront distribution with the regional API endpoint. The second type of API endpoint is the edge-optimized API. Edge-optimized APIs are endpoints that are accessed through a CloudFront distribution that is created and managed by API Gateway. Previously, edge-optimized APIs were the default option for creating APIs with API Gateway.

To get started, create a new REST API using the Amazon API Gateway console, AWS CLI, or AWS SDKs and APIs. You can also migrate existing REST APIs and custom domains to a regional API endpoint. Visit our documentation to learn more about this feature.

This feature is now available in US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), Canada (Central), South America (São Paulo), EU (Ireland), EU (Frankfurt), EU (London), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Seoul), and Asia Pacific (Mumbai) AWS regions. Visit our product page for more information about Amazon API Gateway.