Courses

Configuring a Custom Domain Name for API Gateway with AWS Certificate Manager and Route 53

SecureCart, an e-commerce platform, is deploying a REST API to support: ✅ Customer ordersProduct catalog accessCheckout processing

The SecureCart engineering team wants to ensure that all API communications are secure and user-friendly, using a custom domain and SSL/TLS encryption.

🔹 SecureCart API Security Requirements

  • HTTPS enforcement → API traffic must be encrypted using an SSL/TLS certificate.

  • Branded API domain → SecureCart wants to use api.securecart.com instead of AWS’s default API Gateway URL.

  • Scalability → The solution must support millions of API requests per day with minimal latency.

  • DNS Management → The API must be discoverable and accessible through Amazon Route 53.

🔹 Step-by-Step SecureCart Implementation

1️⃣ Request a Public SSL/TLS Certificate in AWS Certificate Manager (ACM)

SecureCart requests a public certificate for api.securecart.com to enable HTTPS.

✅ Steps

  1. Navigate to AWS Certificate Manager (ACM).

  2. Click Request a CertificateRequest a Public Certificate.

  3. Enter Domain Nameapi.securecart.com.

  4. Choose DNS Validation (Recommended).

  5. Click Request and validate by adding the CNAME record in Route 53.

  6. Once validated, the certificate status updates to "Issued".

🔹 Why is ACM used?

Free certificate management – No manual renewal required. ✔ Seamless integration – Works natively with API Gateway.

2️⃣ Associate SSL Certificate with API Gateway

SecureCart configures Amazon API Gateway to use api.securecart.com as its custom domain.

✅ Steps

  1. Navigate to API GatewayCustom Domain Names.

  2. Click Create → Enter api.securecart.com.

  3. Select Endpoint Configuration:

    • Regional (used in this case)

    • Edge-Optimized (for better global performance)

  4. Choose ACM Certificate issued for api.securecart.com.

  5. Click Create.

🔹 Why configure API Gateway with a custom domain?

Branding & consistency → Uses api.securecart.com instead of xyz.execute-api.amazonaws.com. ✔ Secure API traffic → Ensures TLS-encrypted communication.

3️⃣ Create Route 53 Alias Record for SecureCart API

SecureCart uses Amazon Route 53 to route traffic to the API Gateway domain.

✅ Steps

  1. Navigate to Amazon Route 53Hosted Zones.

  2. Select securecart.com.

  3. Click Create Record:

    • Record Name: api.securecart.com

    • Type: A (Alias)

    • Alias Target: Select the API Gateway regional domain name.

  4. Click Create Record.

🔹 Why use Route 53 Alias Records?

Eliminates manual IP management – Automatically maps to API Gateway. ✔ Optimized latency – Route 53 efficiently directs users to the nearest endpoint.

🔹 SecureCart Security Enhancements

To further secure API Gateway, SecureCart implements: ✔ AWS WAF (Web Application Firewall) – To prevent SQL injection & DDoS attacks. ✔ IAM Authorization – Restricts API access using IAM roles & policies. ✔ API Gateway Throttling – Protects against abuse & excessive requests. ✔ CloudTrail Logging – Monitors API activity for security auditing.

🚀 Summary

✔ SecureCart configures API Gateway with a custom domain (api.securecart.com). ✔ Uses AWS Certificate Manager (ACM) to enable HTTPS. ✔ Amazon Route 53 routes traffic securely to API Gateway. ✔ Enhances security with AWS WAF, IAM Policies, and API throttling.

PreviousSecuring Multi-Domain SSL with ALB in SecureCart Using SNI-Based SSLNextApplication Load Balancer (ALB) – Redirecting HTTP to HTTPS

Last updated