How to Set Up AWS API Gateway with a Custom Domain and Use Cloudflare DNS to Proxy to the Custom Domain
In this tutorial, I’ll guide you through the process of setting up AWS API Gateway with a custom domain and using Cloudflare DNS to proxy traffic through your custom domain. This setup ensures secure and efficient routing of traffic, leveraging the scalability of AWS and the protective features of Cloudflare.
Prerequisites
Before you start, make sure you have:
- An AWS account with access to API Gateway.
- A registered domain, configured in Cloudflare.
- Basic knowledge of DNS management.
Step 1: Set Up Your Custom Domain in AWS API Gateway
- Navigate to API Gateway in the AWS Console:
- Go to the API Gateway service and select or create the API you want to expose via your custom domain.
- Create a Custom Domain Name:
- In the API Gateway dashboard, find Custom Domain Names under the APIs section.
- Click on Create and enter your custom domain name (e.g.,
api.mydomain.com). - Choose an ACM (AWS Certificate Manager) certificate for the domain. If you don’t have one, you can request a public certificate via ACM.
- Configure Domain Name Settings:
- Once your custom domain is set up, AWS will provide an API Gateway domain name that looks like
{id}.execute-api.{region}.amazonaws.com. Note this down for the next steps.
- Once your custom domain is set up, AWS will provide an API Gateway domain name that looks like
Step 2: Add a CNAME Record in Cloudflare
- Log in to Cloudflare:
- Access your account and go to the DNS settings of your domain.
- Add a CNAME Record:
- Click on Add Record and choose CNAME.
- Enter the subdomain (e.g.,
api) as the Name and paste the API Gateway domain name ({id}.execute-api.{region}.amazonaws.com) in the Target field. - Ensure that Proxy status is set to Proxied (orange cloud icon).
Step 3: Create a Page Rule in Cloudflare
Page Rules in Cloudflare help optimize and manage the behavior of your domain. To ensure SSL and secure traffic, follow these steps:
- Navigate to Page Rules:
- In your Cloudflare dashboard, select Page Rules.
- Create a New Page Rule:
- Set the URL pattern to match your domain and its path, e.g.,
https://api.mydomain.com/*. - Add a setting to enforce SSL with “Strict” mode:
- Click Add a Setting and select “SSL/TLS”.
- Set the value to Strict.
- Save the Page Rule and ensure it is activated.
- Set the URL pattern to match your domain and its path, e.g.,
Step 4: Verify Your Setup
- Check DNS Propagation:
- DNS changes can take a few minutes to propagate. Use tools like
digor online checkers to confirm that the CNAME record points to the API Gateway domain.
- DNS changes can take a few minutes to propagate. Use tools like
- Test Your Custom Domain:
- Open a browser and visit
https://api.mydomain.com. You should see a response from your API, secured and routed through Cloudflare’s network.
- Open a browser and visit
- Troubleshoot if Necessary:
- If you face SSL issues, verify that the SSL certificate in ACM covers your domain and that Cloudflare’s SSL setting is applied correctly.
- Ensure the API Gateway deployment stage is correctly mapped to your custom domain.
Conclusion
With these steps, you have successfully set up an AWS API Gateway with a custom domain, managed through Cloudflare for enhanced security and traffic management. This setup optimizes SSL handling, secures API traffic, and leverages Cloudflare’s performance benefits.