From f66fb55fcc005a3db2d42f2d06f60e7d040932aa Mon Sep 17 00:00:00 2001 From: usama-khan98 Date: Wed, 4 Dec 2024 23:11:17 +0000 Subject: [PATCH 01/11] initial commit --- private-apigw-custom-domain/README.md | 60 ++++++++++ .../example-pattern.json | 58 +++++++++ private-apigw-custom-domain/template.yaml | 110 ++++++++++++++++++ 3 files changed, 228 insertions(+) create mode 100644 private-apigw-custom-domain/README.md create mode 100644 private-apigw-custom-domain/example-pattern.json create mode 100644 private-apigw-custom-domain/template.yaml diff --git a/private-apigw-custom-domain/README.md b/private-apigw-custom-domain/README.md new file mode 100644 index 000000000..b87309bf7 --- /dev/null +++ b/private-apigw-custom-domain/README.md @@ -0,0 +1,60 @@ +# Private Amazon API Gateway with Private Custom Domain Name + +The SAM template deploys a Private Amazon API Gateway with a Private Custom Domain Name mapped to deployed stage. This template also create a Route53 CNAME record in a Private Hosted Zone to map the Private Custom Domain Name (e.g. private.mydomain.com) to the Target VPC Endpoint DNS Name. (e.g. vpce-abcdefgh123456789-abcd1234.execute-api.us-east-1.vpce.amazonaws.com). + +Learn more about this pattern at [Serverless Land Patterns](https://serverlessland.com/patterns/private-apigw-custom-domain) + +## Requirements + +* An [AWS account](https://signin.aws.amazon.com/signup?request_type=register) with an IAM user or role that has sufficient permissions to make the necessary AWS service calls and manage AWS resources. +* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured. +* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git). +* [AWS Serverless Application Model](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) (AWS SAM) installed. +* An [execute-api VPC Endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html). +* A Route 53 [Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html). +* An SSL/TLS certificate in [AWS Certificate Manager](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-specify-certificate-for-custom-domain-name.html#how-to-specify-certificate-for-custom-domain-name-setup). + +## Deployment Instructions + +1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository: + ```bash + git clone https://github.com/aws-samples/serverless-patterns + ``` +2. Change directory to the pattern directory: + ```bash + cd serverless-patterns/private-apigw-custom-domain + ``` +3. From the command line, use AWS SAM to deploy the AWS resources for the pattern as specified in the template.yml file: + ```bash + sam deploy --guided + ``` +4. During the prompts: + - Enter **stack name** and desired **AWS Region**. + - Enter **DNS Name** of the **execute-api** VPC endpoint for the VpcEndpointDNSName parameter. (e.g. vpce-abcdefgh123456789-abcd1234.execute-api.us-east-1.vpce.amazonaws.com) + - Enter **Private Custom Domain Name** (e.g. private.mydomain.com) for the CustomDomainName parameter. + - Enter **ACM Certificate ARN** from the same region as Private Amazon API Gateway for the CertificateArn parameter. The certificate must cover the Private Custom Domain name entered in the previous step. + - Enter **Private Hosted Zone ID** that has the domain name you would like to use (e.g. mydomain.com) for the parameter PrivateHostedZoneId. + - Allow SAM to create roles with the required permissions if needed. + + Once you have run guided mode once, you can use `sam deploy` in future to use these defaults. + +1. Note the outputs from the SAM deployment process. This contain the curl command to test the Private Custom Domain Name. + +## Testing + +The stack will output the **Private Custom Domain Name**. You can use `curl` to send a HTTP request to the Private Custom Domain endpoint to test the correct mapping to your API. + +```bash +curl https://{PrivateCustomDomainName}/ +``` + +## Cleanup + +1. Delete the stack + ```bash + sam delete + ``` +1. Confirm the stack has been deleted + ```bash + aws cloudformation list-stacks --query "StackSummaries[?contains(StackName,'STACK_NAME')].StackStatus" + ``` diff --git a/private-apigw-custom-domain/example-pattern.json b/private-apigw-custom-domain/example-pattern.json new file mode 100644 index 000000000..715c261d1 --- /dev/null +++ b/private-apigw-custom-domain/example-pattern.json @@ -0,0 +1,58 @@ +{ + "title": "Private Amazon API Gateway with Private Custom Domain Name", + "description": "Create a Private API Gateway with a Private Custom Domain Name, configure access based on VPC endpoint, and set up DNS routing using Amazon Route 53 private hosted zone.", + "language": "", + "level": "200", + "framework": "SAM", + "introBox": { + "headline": "How it works", + "text": [ + "This sam template demonstrates how to create a Private Amazon API Gateway with a Private Custom Domain Name, configure secure access based on a specific VPC endpoint, and route traffic through Route 53 in a private hosted zone.", + "Private Custom Domain name is only accessible from a VPC endpoint, which is mapped to a stage in private Amazon API Gateway. A custom domain name is configured with an SSL/TLS certificate to provide secure access, and an associated Route 53 CNAME record ensures that traffic is routed to the API.", + "As prerequisites for this pattern, you must have:" + "* A DNS Name of execute-api VPC Endpoint", + "* A custom domain name that you would like to create (e.g. private.mydomain.com)", + "* A valid certificate in ACM (Amazon Certificate Manager) in the same Region as Private Amazon API Gateway, that covers the namespace of the domain you would like to use (i.e. *.mydomain.com).", + "* A Route 53 Private Hosted Zone ID that has the domain name you would like to use (e.g. mydomain.com).", + ] + }, + "gitHub": { + "template": { + "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/private-apigw-custom-domain", + "templateURL": "serverless-patterns/private-apigw-custom-domain", + "projectFolder": "private-apigw-custom-domain", + "templateFile": "template.yaml" + } + }, + "resources": { + "bullets": [ + { + "text": "Custom domain names for private APIs in API Gateway", + "link": "https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-custom-domains.html" + } + ] + }, + "deploy": { + "text": [ + "Deploy the stack: sam deploy --guided + ] + }, + "testing": { + "text": [ + "See the GitHub repo for detailed testing instructions." + ] + }, + "cleanup": { + "text": [ + "Delete the stack: sam delete." + ] + }, + "authors": [ + { + "name": "Usama Ali Khan", + "image": "https://media.licdn.com/dms/image/v2/D4E03AQHcLMpZ1LV9UQ/profile-displayphoto-shrink_800_800/profile-displayphoto-shrink_800_800/0/1685892371158?e=1737590400&v=beta&t=RaPZkIgm7m3thW4PyKSQNn_w9fMbYBeu5PPrQ6K4vBU", + "bio": "Usama is a Technical Account Manager at Amazon Web Services.", + "linkedin": "usama-ali-khan" + } + ] +} diff --git a/private-apigw-custom-domain/template.yaml b/private-apigw-custom-domain/template.yaml new file mode 100644 index 000000000..3972a505a --- /dev/null +++ b/private-apigw-custom-domain/template.yaml @@ -0,0 +1,110 @@ +AWSTemplateFormatVersion: '2010-09-09' +Transform: AWS::Serverless-2016-10-31 +Description: > + Serverless patterns - Amazon Private API Gateway endpoint with Private Custom Domain Name + +Parameters: + VpcEndpointDNSName: + Type: String + CustomDomainName: + Type: String + CertificateArn: + Type: String + PrivateHostedZoneId: + Type: String + +Resources: + PrivateApi: + Type: AWS::Serverless::Api + Properties: + EndpointConfiguration: PRIVATE + StageName: Prod + AlwaysDeploy: true + DefinitionBody: + openapi: "3.0.1" + info: + version: "1.0" + title: !Sub "PrivateApi-${AWS::StackName}" + paths: + /: + get: + responses: + "200": + description: "200 response" + content: + application/json: + schema: + $ref: "#/components/schemas/Empty" + x-amazon-apigateway-integration: + type: "mock" + responses: + default: + statusCode: "200" + responseTemplates: + application/json: '{\"message\":\"Hello from Amazon Private API Gateway\"\}' + requestTemplates: + application/json: "{\"statusCode\": 200}" + passthroughBehavior: "when_no_match" + x-amazon-apigateway-policy: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Principal: "*" + Action: "execute-api:Invoke" + Resource: "execute-api:/*" + Condition: + StringEquals: + aws:sourceVpce: !Join ["-", [!Select [0, !Split ["-", !Select [0, !Split [".", !Ref VpcEndpointDNSName]]]], !Select [1, !Split ["-", !Select [0, !Split [".", !Ref VpcEndpointDNSName]]]]]] + + PrivateDomainName: + Type: AWS::ApiGateway::DomainNameV2 + Properties: + DomainName: !Ref CustomDomainName + CertificateArn: !Ref CertificateArn + EndpointConfiguration: + Types: + - PRIVATE + SecurityPolicy: TLS_1_2 + Policy: + Statement: + - Action: 'execute-api:Invoke' + Effect: Allow + Principal: '*' + Resource: 'execute-api:/*' + - Action: 'execute-api:Invoke' + Condition: + StringNotEquals: + aws:SourceVpce : !Join ["-", [!Select [0, !Split ["-", !Select [0, !Split [".", !Ref VpcEndpointDNSName]]]], !Select [1, !Split ["-", !Select [0, !Split [".", !Ref VpcEndpointDNSName]]]]]] + Effect: Deny + Principal: '*' + Resource: 'execute-api:/*' + Version: 2012-10-17 + + BasePathMapping: + Type: AWS::ApiGateway::BasePathMappingV2 + Properties: + RestApiId: !Ref PrivateApi + DomainNameArn: !GetAtt PrivateDomainName.DomainNameArn + Stage: !Ref PrivateApi.Stage + + DomainNameAccessAssociation: + Type: AWS::ApiGateway::DomainNameAccessAssociation + Properties: + DomainNameArn: !GetAtt PrivateDomainName.DomainNameArn + AccessAssociationSource: !Join ["-", [!Select [0, !Split ["-", !Select [0, !Split [".", !Ref VpcEndpointDNSName]]]], !Select [1, !Split ["-", !Select [0, !Split [".", !Ref VpcEndpointDNSName]]]]]] + AccessAssociationSourceType: VPCE + + R53Alias: + Type: AWS::Route53::RecordSet + Properties: + Name: !Ref CustomDomainName + HostedZoneId: !Ref PrivateHostedZoneId + ResourceRecords: + - !Ref VpcEndpointDNSName + Type: CNAME + TTL: 300 + +Outputs: + CURLCommand: + Description: "Curl Command to test" + Value: !Sub "curl https://${CustomDomainName}/" \ No newline at end of file From aca6fcc37423dd67363d7a88c5a3f2ea41815e14 Mon Sep 17 00:00:00 2001 From: usama-khan98 Date: Thu, 5 Dec 2024 13:09:00 +0000 Subject: [PATCH 02/11] added a note for Public Hosted zone in README file --- private-apigw-custom-domain/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private-apigw-custom-domain/README.md b/private-apigw-custom-domain/README.md index b87309bf7..51762a8d2 100644 --- a/private-apigw-custom-domain/README.md +++ b/private-apigw-custom-domain/README.md @@ -11,7 +11,7 @@ Learn more about this pattern at [Serverless Land Patterns](https://serverlessla * [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git). * [AWS Serverless Application Model](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) (AWS SAM) installed. * An [execute-api VPC Endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html). -* A Route 53 [Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html). +* A Route 53 [Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html). (*You can also use Public Hosted Zone but it is recommnded to use Private Hosted Zone to make sure that the Domain Name is only resolvable from within the VPC*) * An SSL/TLS certificate in [AWS Certificate Manager](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-specify-certificate-for-custom-domain-name.html#how-to-specify-certificate-for-custom-domain-name-setup). ## Deployment Instructions From 165c9a38cf55db598ee08c32b230ca90769bf709 Mon Sep 17 00:00:00 2001 From: usama-khan98 Date: Fri, 13 Dec 2024 18:44:39 +0000 Subject: [PATCH 03/11] added one more parameter and modified R53 record to be A-Alias instead of CNAME --- private-apigw-custom-domain/README.md | 5 +++-- private-apigw-custom-domain/example-pattern.json | 2 +- private-apigw-custom-domain/template.yaml | 12 +++++++----- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/private-apigw-custom-domain/README.md b/private-apigw-custom-domain/README.md index 51762a8d2..0650b60bc 100644 --- a/private-apigw-custom-domain/README.md +++ b/private-apigw-custom-domain/README.md @@ -1,6 +1,6 @@ # Private Amazon API Gateway with Private Custom Domain Name -The SAM template deploys a Private Amazon API Gateway with a Private Custom Domain Name mapped to deployed stage. This template also create a Route53 CNAME record in a Private Hosted Zone to map the Private Custom Domain Name (e.g. private.mydomain.com) to the Target VPC Endpoint DNS Name. (e.g. vpce-abcdefgh123456789-abcd1234.execute-api.us-east-1.vpce.amazonaws.com). +The SAM template deploys a Private Amazon API Gateway with a Private Custom Domain Name mapped to deployed stage. This template also create a Route53 A-Alias record in a Private Hosted Zone to map the Private Custom Domain Name (e.g. private.mydomain.com) to the Target VPC Endpoint DNS Name. (e.g. vpce-abcdefgh123456789-abcd1234.execute-api.us-east-1.vpce.amazonaws.com). Learn more about this pattern at [Serverless Land Patterns](https://serverlessland.com/patterns/private-apigw-custom-domain) @@ -31,9 +31,10 @@ Learn more about this pattern at [Serverless Land Patterns](https://serverlessla 4. During the prompts: - Enter **stack name** and desired **AWS Region**. - Enter **DNS Name** of the **execute-api** VPC endpoint for the VpcEndpointDNSName parameter. (e.g. vpce-abcdefgh123456789-abcd1234.execute-api.us-east-1.vpce.amazonaws.com) + - Enter **Hosted Zone ID** of the **execute-api** VPC endpoint for the VPCEndpointHostedZoneID parameter. (This can be found along with the DNS Name of the VPC endpoing on the AWS Console.) - Enter **Private Custom Domain Name** (e.g. private.mydomain.com) for the CustomDomainName parameter. - Enter **ACM Certificate ARN** from the same region as Private Amazon API Gateway for the CertificateArn parameter. The certificate must cover the Private Custom Domain name entered in the previous step. - - Enter **Private Hosted Zone ID** that has the domain name you would like to use (e.g. mydomain.com) for the parameter PrivateHostedZoneId. + - Enter **Private Hosted Zone ID** that has the domain name you would like to use for the parameter PrivateHostedZoneId. - Allow SAM to create roles with the required permissions if needed. Once you have run guided mode once, you can use `sam deploy` in future to use these defaults. diff --git a/private-apigw-custom-domain/example-pattern.json b/private-apigw-custom-domain/example-pattern.json index 715c261d1..f6eef8364 100644 --- a/private-apigw-custom-domain/example-pattern.json +++ b/private-apigw-custom-domain/example-pattern.json @@ -8,7 +8,7 @@ "headline": "How it works", "text": [ "This sam template demonstrates how to create a Private Amazon API Gateway with a Private Custom Domain Name, configure secure access based on a specific VPC endpoint, and route traffic through Route 53 in a private hosted zone.", - "Private Custom Domain name is only accessible from a VPC endpoint, which is mapped to a stage in private Amazon API Gateway. A custom domain name is configured with an SSL/TLS certificate to provide secure access, and an associated Route 53 CNAME record ensures that traffic is routed to the API.", + "Private Custom Domain name is only accessible from a VPC endpoint, which is mapped to a stage in private Amazon API Gateway. A custom domain name is configured with an SSL/TLS certificate to provide secure access, and an associated Route 53 A-Alias record ensures that traffic is routed to the API.", "As prerequisites for this pattern, you must have:" "* A DNS Name of execute-api VPC Endpoint", "* A custom domain name that you would like to create (e.g. private.mydomain.com)", diff --git a/private-apigw-custom-domain/template.yaml b/private-apigw-custom-domain/template.yaml index 3972a505a..750a3b794 100644 --- a/private-apigw-custom-domain/template.yaml +++ b/private-apigw-custom-domain/template.yaml @@ -6,6 +6,8 @@ Description: > Parameters: VpcEndpointDNSName: Type: String + VPCEndpointHostedZoneID: + Type: String CustomDomainName: Type: String CertificateArn: @@ -93,16 +95,16 @@ Resources: DomainNameArn: !GetAtt PrivateDomainName.DomainNameArn AccessAssociationSource: !Join ["-", [!Select [0, !Split ["-", !Select [0, !Split [".", !Ref VpcEndpointDNSName]]]], !Select [1, !Split ["-", !Select [0, !Split [".", !Ref VpcEndpointDNSName]]]]]] AccessAssociationSourceType: VPCE - + R53Alias: Type: AWS::Route53::RecordSet Properties: Name: !Ref CustomDomainName HostedZoneId: !Ref PrivateHostedZoneId - ResourceRecords: - - !Ref VpcEndpointDNSName - Type: CNAME - TTL: 300 + Type: A + AliasTarget: + DNSName: !Ref VpcEndpointDNSName + HostedZoneId: !Ref VPCEndpointHostedZoneID Outputs: CURLCommand: From aba206296155dc748b64516cea3590d1a2a9759e Mon Sep 17 00:00:00 2001 From: Usama ali khan <56304192+usama-khan98@users.noreply.github.com> Date: Tue, 17 Dec 2024 17:07:59 +0000 Subject: [PATCH 04/11] Update private-apigw-custom-domain/README.md Co-authored-by: Marco --- private-apigw-custom-domain/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private-apigw-custom-domain/README.md b/private-apigw-custom-domain/README.md index 0650b60bc..6ca402a5d 100644 --- a/private-apigw-custom-domain/README.md +++ b/private-apigw-custom-domain/README.md @@ -1,4 +1,4 @@ -# Private Amazon API Gateway with Private Custom Domain Name +# Private Amazon API Gateway with private custom domain name The SAM template deploys a Private Amazon API Gateway with a Private Custom Domain Name mapped to deployed stage. This template also create a Route53 A-Alias record in a Private Hosted Zone to map the Private Custom Domain Name (e.g. private.mydomain.com) to the Target VPC Endpoint DNS Name. (e.g. vpce-abcdefgh123456789-abcd1234.execute-api.us-east-1.vpce.amazonaws.com). From c7a8025cad245dd7620b3258f7b976b47607ec2f Mon Sep 17 00:00:00 2001 From: Usama ali khan <56304192+usama-khan98@users.noreply.github.com> Date: Tue, 17 Dec 2024 17:08:13 +0000 Subject: [PATCH 05/11] Update private-apigw-custom-domain/README.md Co-authored-by: Marco --- private-apigw-custom-domain/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private-apigw-custom-domain/README.md b/private-apigw-custom-domain/README.md index 6ca402a5d..2978b0663 100644 --- a/private-apigw-custom-domain/README.md +++ b/private-apigw-custom-domain/README.md @@ -1,6 +1,6 @@ # Private Amazon API Gateway with private custom domain name -The SAM template deploys a Private Amazon API Gateway with a Private Custom Domain Name mapped to deployed stage. This template also create a Route53 A-Alias record in a Private Hosted Zone to map the Private Custom Domain Name (e.g. private.mydomain.com) to the Target VPC Endpoint DNS Name. (e.g. vpce-abcdefgh123456789-abcd1234.execute-api.us-east-1.vpce.amazonaws.com). +The AWS SAM template deploys a private Amazon API Gateway with a private custom domain name mapped to deployed stage. This template also create a Amazon Route53 A-Alias record in a private hosted zone to map the private custom domain name (e.g. `private.mydomain.com`) to the target VPC Endpoint DNS name. (e.g. `vpce-abcdefgh123456789-abcd1234.execute-api.us-east-1.vpce.amazonaws.com`). Learn more about this pattern at [Serverless Land Patterns](https://serverlessland.com/patterns/private-apigw-custom-domain) From fde4c1ca1e634dcbfad840ea0d617f7e08458a1d Mon Sep 17 00:00:00 2001 From: Usama ali khan <56304192+usama-khan98@users.noreply.github.com> Date: Tue, 17 Dec 2024 17:08:35 +0000 Subject: [PATCH 06/11] Update private-apigw-custom-domain/example-pattern.json Co-authored-by: Marco --- private-apigw-custom-domain/example-pattern.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private-apigw-custom-domain/example-pattern.json b/private-apigw-custom-domain/example-pattern.json index f6eef8364..62a1027a9 100644 --- a/private-apigw-custom-domain/example-pattern.json +++ b/private-apigw-custom-domain/example-pattern.json @@ -1,5 +1,5 @@ { - "title": "Private Amazon API Gateway with Private Custom Domain Name", + "title": "Private Amazon API Gateway with private custom domain name", "description": "Create a Private API Gateway with a Private Custom Domain Name, configure access based on VPC endpoint, and set up DNS routing using Amazon Route 53 private hosted zone.", "language": "", "level": "200", From c7942568d0eaf2c511ead3593316a07cb9163e7f Mon Sep 17 00:00:00 2001 From: Usama ali khan <56304192+usama-khan98@users.noreply.github.com> Date: Tue, 17 Dec 2024 17:08:46 +0000 Subject: [PATCH 07/11] Update private-apigw-custom-domain/example-pattern.json Co-authored-by: Marco --- private-apigw-custom-domain/example-pattern.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private-apigw-custom-domain/example-pattern.json b/private-apigw-custom-domain/example-pattern.json index 62a1027a9..281d99659 100644 --- a/private-apigw-custom-domain/example-pattern.json +++ b/private-apigw-custom-domain/example-pattern.json @@ -1,6 +1,6 @@ { "title": "Private Amazon API Gateway with private custom domain name", - "description": "Create a Private API Gateway with a Private Custom Domain Name, configure access based on VPC endpoint, and set up DNS routing using Amazon Route 53 private hosted zone.", + "description": "Create a Private API Gateway with a private custom domain name, configure access based on VPC endpoint, and set up DNS routing using Amazon Route 53 private hosted zone.", "language": "", "level": "200", "framework": "SAM", From a1f828f1ee879068397622c09d89386fead09b92 Mon Sep 17 00:00:00 2001 From: Usama ali khan <56304192+usama-khan98@users.noreply.github.com> Date: Tue, 17 Dec 2024 17:09:06 +0000 Subject: [PATCH 08/11] Update private-apigw-custom-domain/example-pattern.json Co-authored-by: Marco --- private-apigw-custom-domain/example-pattern.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private-apigw-custom-domain/example-pattern.json b/private-apigw-custom-domain/example-pattern.json index 281d99659..672ac3509 100644 --- a/private-apigw-custom-domain/example-pattern.json +++ b/private-apigw-custom-domain/example-pattern.json @@ -7,7 +7,7 @@ "introBox": { "headline": "How it works", "text": [ - "This sam template demonstrates how to create a Private Amazon API Gateway with a Private Custom Domain Name, configure secure access based on a specific VPC endpoint, and route traffic through Route 53 in a private hosted zone.", + "This AWS SAM template demonstrates how to create a private Amazon API Gateway with a private custom domain mame, configure secure access based on a specific VPC endpoint, and route traffic through Route 53 in a private hosted zone.", "Private Custom Domain name is only accessible from a VPC endpoint, which is mapped to a stage in private Amazon API Gateway. A custom domain name is configured with an SSL/TLS certificate to provide secure access, and an associated Route 53 A-Alias record ensures that traffic is routed to the API.", "As prerequisites for this pattern, you must have:" "* A DNS Name of execute-api VPC Endpoint", From 2ba6fecefbd4016d0c0b6c5065b011816460aa4c Mon Sep 17 00:00:00 2001 From: Usama ali khan <56304192+usama-khan98@users.noreply.github.com> Date: Tue, 17 Dec 2024 17:09:18 +0000 Subject: [PATCH 09/11] Update private-apigw-custom-domain/example-pattern.json Co-authored-by: Marco --- private-apigw-custom-domain/example-pattern.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private-apigw-custom-domain/example-pattern.json b/private-apigw-custom-domain/example-pattern.json index 672ac3509..c7f8c14d5 100644 --- a/private-apigw-custom-domain/example-pattern.json +++ b/private-apigw-custom-domain/example-pattern.json @@ -8,7 +8,7 @@ "headline": "How it works", "text": [ "This AWS SAM template demonstrates how to create a private Amazon API Gateway with a private custom domain mame, configure secure access based on a specific VPC endpoint, and route traffic through Route 53 in a private hosted zone.", - "Private Custom Domain name is only accessible from a VPC endpoint, which is mapped to a stage in private Amazon API Gateway. A custom domain name is configured with an SSL/TLS certificate to provide secure access, and an associated Route 53 A-Alias record ensures that traffic is routed to the API.", + "Private custom domain name is only accessible from a VPC endpoint, which is mapped to a stage in private Amazon API Gateway. A custom domain name is configured with an SSL/TLS certificate to provide secure access, and an associated Route 53 A-Alias record ensures that traffic is routed to the API.", "As prerequisites for this pattern, you must have:" "* A DNS Name of execute-api VPC Endpoint", "* A custom domain name that you would like to create (e.g. private.mydomain.com)", From a7bb0191cd58d67b2184d4cd24c529ddfc214926 Mon Sep 17 00:00:00 2001 From: Usama ali khan <56304192+usama-khan98@users.noreply.github.com> Date: Tue, 17 Dec 2024 17:09:29 +0000 Subject: [PATCH 10/11] Update private-apigw-custom-domain/example-pattern.json Co-authored-by: Marco --- private-apigw-custom-domain/example-pattern.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private-apigw-custom-domain/example-pattern.json b/private-apigw-custom-domain/example-pattern.json index c7f8c14d5..39f557a55 100644 --- a/private-apigw-custom-domain/example-pattern.json +++ b/private-apigw-custom-domain/example-pattern.json @@ -10,7 +10,7 @@ "This AWS SAM template demonstrates how to create a private Amazon API Gateway with a private custom domain mame, configure secure access based on a specific VPC endpoint, and route traffic through Route 53 in a private hosted zone.", "Private custom domain name is only accessible from a VPC endpoint, which is mapped to a stage in private Amazon API Gateway. A custom domain name is configured with an SSL/TLS certificate to provide secure access, and an associated Route 53 A-Alias record ensures that traffic is routed to the API.", "As prerequisites for this pattern, you must have:" - "* A DNS Name of execute-api VPC Endpoint", + "* A DNS name of execute-api VPC endpoint", "* A custom domain name that you would like to create (e.g. private.mydomain.com)", "* A valid certificate in ACM (Amazon Certificate Manager) in the same Region as Private Amazon API Gateway, that covers the namespace of the domain you would like to use (i.e. *.mydomain.com).", "* A Route 53 Private Hosted Zone ID that has the domain name you would like to use (e.g. mydomain.com).", From a31dad1b5a91c45e23698e26f6a6a3af9b086b9f Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 18 Dec 2024 09:25:07 +0100 Subject: [PATCH 11/11] Create pattern.json --- private-apigw-custom-domain/pattern.json | 95 ++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 private-apigw-custom-domain/pattern.json diff --git a/private-apigw-custom-domain/pattern.json b/private-apigw-custom-domain/pattern.json new file mode 100644 index 000000000..3d82ecb86 --- /dev/null +++ b/private-apigw-custom-domain/pattern.json @@ -0,0 +1,95 @@ +{ + "title": "Private Amazon API Gateway with private custom domain name", + "description": "Create a Private API Gateway with a custom domain. Configure access via VPC endpoint and set up DNS routing with Amazon Route 53 private hosted zone.", + "language": "", + "level": "200", + "framework": "SAM", + "introBox": { + "headline": "How it works", + "text": [ + "This AWS SAM template demonstrates how to create a private Amazon API Gateway with a private custom domain mame, configure secure access based on a specific VPC endpoint, and route traffic through Route 53 in a private hosted zone.", + "Private custom domain name is only accessible from a VPC endpoint, which is mapped to a stage in private Amazon API Gateway. A custom domain name is configured with an SSL/TLS certificate to provide secure access, and an associated Route 53 A-Alias record ensures that traffic is routed to the API.", + "As prerequisites for this pattern, you must have:", + "* A DNS name of execute-api VPC endpoint", + "* A custom domain name that you would like to create (e.g. private.mydomain.com)", + "* A valid certificate in ACM (Amazon Certificate Manager) in the same Region as Private Amazon API Gateway, that covers the namespace of the domain you would like to use (i.e. *.mydomain.com).", + "* A Route 53 Private Hosted Zone ID that has the domain name you would like to use (e.g. mydomain.com)." + ] + }, + "gitHub": { + "template": { + "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/private-apigw-custom-domain", + "templateURL": "serverless-patterns/private-apigw-custom-domain", + "projectFolder": "private-apigw-custom-domain", + "templateFile": "template.yaml" + } + }, + "resources": { + "bullets": [ + { + "text": "Custom domain names for private APIs in API Gateway", + "link": "https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-custom-domains.html" + } + ] + }, + "deploy": { + "text": ["Deploy the stack: sam deploy --guided"] + }, + "testing": { + "text": ["See the GitHub repo for detailed testing instructions."] + }, + "cleanup": { + "text": ["Delete the stack: sam delete."] + }, + "authors": [ + { + "name": "Usama Ali Khan", + "image": "https://media.licdn.com/dms/image/v2/D4E03AQHcLMpZ1LV9UQ/profile-displayphoto-shrink_800_800/profile-displayphoto-shrink_800_800/0/1685892371158?e=1737590400&v=beta&t=RaPZkIgm7m3thW4PyKSQNn_w9fMbYBeu5PPrQ6K4vBU", + "bio": "Usama is a Technical Account Manager at Amazon Web Services.", + "linkedin": "usama-ali-khan" + } + ], + "patternArch": { + "icon1": { + "x": 20, + "y": 50, + "service": "route53", + "label": "Amazon Route 53" + }, + "icon2": { + "x": 50, + "y": 50, + "service": "apigw", + "label": "Amazon API Gateway" + }, + "icon3": { + "x": 80, + "y": 50, + "service": "vpc-endpoint", + "label": "VPC Endpoint" + }, + "icon4": { + "x": 20, + "y": 58, + "service": "", + "label": "private hosted zone" + }, + "icon5": { + "x": 50, + "y": 58, + "service": "", + "label": "(private)" + }, + + "line1": { + "from": "icon1", + "to": "icon2", + "label": "" + }, + "line2": { + "from": "icon2", + "to": "icon3", + "label": "" + } + } +}