This AWS SAM template demonstrates how to create a private Amazon API Gateway with a private custom domain mame, configure secure access based on a specific VPC endpoint, and route traffic through Route 53 in a private hosted zone.

Private custom domain name is only accessible from a VPC endpoint, which is mapped to a stage in private Amazon API Gateway. A custom domain name is configured with an SSL/TLS certificate to provide secure access, and an associated Route 53 A-Alias record ensures that traffic is routed to the API.

As prerequisites for this pattern, you must have:

* A DNS name of execute-api VPC endpoint

* A custom domain name that you would like to create (e.g. private.mydomain.com)

* A valid certificate in ACM (Amazon Certificate Manager) in the same Region as Private Amazon API Gateway, that covers the namespace of the domain you would like to use (i.e. *.mydomain.com).

* A Route 53 Private Hosted Zone ID that has the domain name you would like to use (e.g. mydomain.com).