Create Amazon API Gateway private REST API with private custom domain name configured with private SSL certificate.
1. Private Certificate Authority and API Gateway Setup:
1.1 Create an PCA
1.2 Issue a root certificate through the PCA
1.3 Create a certificate in ACM using PCA's root certificate
1.4 Create a private REST API in API gateway
1.5 Create API Gateway's private custom domain configured with ACM certificate created in step 3
1.6 Configure a Lambda function as the API Gateway backend processor
1.7 Deploy the private REST API through API Gateway
1.8 Associate the custom domain with the API Gateway stage
2. VPC Endpoints configurations for private communication:
2.1 'acm-pca' VPC Endpoint - Facilitates communication with PCA
2.2 'execute-api' VPC Endpoint - Provides private access to the REST API
3. DNS Configuration:
3.1 Establish a private hosted zone for the domain name
3.2 Create a CNAME record within the hosted zone for custom domain name
3.3 Point API Gateway's private custom domain name to the 'execute-api' VPC Endpoint DNS name
< Back to all patterns
Clone repo
git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/apigw-private-cdn-private-ca-samDeploy
See the GitHub repo for detailed deployment instructions.Testing
See the GitHub repo for detailed testing instructions.
Cleanup
Delete the stack:
sam delete --stack-name apigw-private-cdn-private-ca-sam.Created by:
