# Configuring a Custom Domain Name for API Gateway with AWS Certificate Manager and Route 53 SecureCart, an **e-commerce platform**, is deploying a **REST API** to support: ✅ **Customer orders**\ ✅ **Product catalog access**\ ✅ **Checkout processing** The SecureCart engineering team wants to ensure that all **API communications** are **secure and user-friendly**, using a **custom domain** and **SSL/TLS encryption**. *** ### **🔹 SecureCart API Security Requirements** * **HTTPS enforcement** → API traffic must be **encrypted** using an **SSL/TLS certificate**. * **Branded API domain** → SecureCart wants to use `api.securecart.com` instead of AWS’s default API Gateway URL. * **Scalability** → The solution must support **millions of API requests per day** with **minimal latency**. * **DNS Management** → The API must be **discoverable and accessible** through **Amazon Route 53**. *** ### **🔹 Step-by-Step SecureCart Implementation** #### **1️⃣ Request a Public SSL/TLS Certificate in AWS Certificate Manager (ACM)** SecureCart requests a **public certificate** for `api.securecart.com` to **enable HTTPS**. **✅ Steps** 1. Navigate to **AWS Certificate Manager (ACM)**. 2. Click **Request a Certificate** → **Request a Public Certificate**. 3. Enter **Domain Name** → `api.securecart.com`. 4. Choose **DNS Validation** (Recommended). 5. Click **Request** and validate by adding the **CNAME record** in **Route 53**. 6. Once validated, the certificate status updates to **"Issued"**. **🔹 Why is ACM used?** ✔ **Free certificate management** – No manual renewal required.\ ✔ **Seamless integration** – Works natively with API Gateway. *** #### **2️⃣ Associate SSL Certificate with API Gateway** SecureCart configures **Amazon API Gateway** to use `api.securecart.com` as its **custom domain**. **✅ Steps** 1. Navigate to **API Gateway** → **Custom Domain Names**. 2. Click **Create** → Enter **`api.securecart.com`**. 3. Select **Endpoint Configuration**: * **Regional** (used in this case) * **Edge-Optimized** (for better global performance) 4. Choose **ACM Certificate** issued for `api.securecart.com`. 5. Click **Create**. **🔹 Why configure API Gateway with a custom domain?** ✔ **Branding & consistency** → Uses `api.securecart.com` instead of `xyz.execute-api.amazonaws.com`.\ ✔ **Secure API traffic** → Ensures **TLS-encrypted communication**. *** #### **3️⃣ Create Route 53 Alias Record for SecureCart API** SecureCart uses **Amazon Route 53** to route traffic to the **API Gateway domain**. **✅ Steps** 1. Navigate to **Amazon Route 53** → **Hosted Zones**. 2. Select `securecart.com`. 3. Click **Create Record**: * **Record Name:** `api.securecart.com` * **Type:** A (Alias) * **Alias Target:** Select the **API Gateway regional domain name**. 4. Click **Create Record**. **🔹 Why use Route 53 Alias Records?** ✔ **Eliminates manual IP management** – Automatically maps to API Gateway.\ ✔ **Optimized latency** – Route 53 efficiently directs users to the nearest endpoint. *** ### **🔹 SecureCart Security Enhancements** To further **secure API Gateway**, SecureCart implements: ✔ **AWS WAF (Web Application Firewall)** – To **prevent SQL injection & DDoS attacks**.\ ✔ **IAM Authorization** – Restricts API access using **IAM roles & policies**.\ ✔ **API Gateway Throttling** – Protects against **abuse & excessive requests**.\ ✔ **CloudTrail Logging** – Monitors API activity for **security auditing**. *** ### **🚀 Summary** ✔ SecureCart configures **API Gateway with a custom domain** (`api.securecart.com`).\ ✔ Uses **AWS Certificate Manager (ACM)** to **enable HTTPS**.\ ✔ **Amazon Route 53** routes traffic securely to **API Gateway**.\ ✔ Enhances security with **AWS WAF, IAM Policies, and API throttling**.