Receving 403 forbidden from Custom Domain in AWS Api Gateway

Question

I'm trying to build a serverless app with AWS. My API is working fine, but my custom domain is not. I'm receiving a 403 forbidden answer. This is how it's configured my custom domain:

And then I'm using the Target URL provided by this Custom Domain in Route 53 as CNAME. How can I fix this?

Does it work if you use the API Gateway endpoint directly (i.e. bypassing the custom domain)? If not, it could be an issue with the API Gateway -> Lambda permissions. — Tom
The API gateway endpoint works, what doesn't work is the target domain offered by custom domain, neither the domain used in Route 53 with CNAME — Filipe Ferminiano
And your CNAME is pointing to the *.cloudfront.net domain, not the *.execute-api.[region].amazonaws.com one? — Tom
The CNAME is pointing to *.execute-api.us-west-2.amazonaws.com which is the one that custom domain gaves me. How can I get the cloudfront domain? — Filipe Ferminiano
If you go to API Gateway -> Custom Domain Names, there should be a CloudFront domain listed under "Target Domain Name". — Tom

Tom Tom · Accepted Answer · 2018-10-07T19:12:35

The CNAME should point to the CloudFront endpoint (*.cloudfront.net) rather than the API Gateway endpoint (*.execute-api.[region].amazonaws.com).

The CloudFront endpoint can be found by going to API Gateway -> Custom Domain Names. A CloudFront domain should be listed under "Target Domain Name".

Receving 403 forbidden from Custom Domain in AWS Api Gateway

1 Answers