We are setting API Gateway to be accessible only inside VPC or VPC endpoints. In AWS API Gateway you can create a custom domain with Edge or Regional configuration. Is there any way somehow point map DNS name from Route53 to API Gateway "ugly" DNS name for Private type or to VPC Endpoint DNS name but with setting the header parameter automatically(it's also possible to send request VPC Endpoint but with specifying header: <APIGW DNS>)?
2
votes
How did you end up resolving this? Did you decide against a custom domain?
– jbooker
2 Answers
2
votes
This is not possible.
Custom domain names are not supported for private APIs.
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html
If you really wanted this functionality, it could be accomplished with a proxy server (e.g. HAProxy or Nginx) running inside the VPC that accepts requests for the custom domain and forwards requests to the API Gateway private endpoint using the correct Host header and the correct TLS SNI... but this increases complexity and creates an additional dependency in your stack that seems unjustifiable just for the purpose of having a non-ugly domain name for an API that is only consumable internally.
0
votes
What you can do is put an internal application load balancer in front, that points to the IPs of the ENIs of the VPC endpoint. And then Route53 to point to the load balancer.
You can find more information here: https://www.sentiatechblog.com/connecting-to-a-private-api-gateway-over-vpn-or-vpc-peering
It does increase the complexity of course, but this is up to you to decide if it is worth it, based on your use case. But from a technical point of view, it is possible
