The Lambda Blog

Serverless Cloud Guide

Menu
  • Home
  • Categories
  • Projects
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact
Menu
Creating a custom domain name for an AWS AppSync API endpoint using Cloudformation

Creating a custom domain name for an AWS AppSync API endpoint using Cloudformation

Posted on December 19, 2021August 14, 2022 by user
Navigation » Home » AppSync

AWS recently updated the support for creating a custom domain name for an AWS AppSync API.

This means you can replace your AWS AppSync Endpoint which is of the form:

{generated-string}.appsync-api.{aws-region}.amazonaws.com/graphql

to something like

{your-api-subdomain}.{your-own-domain-name}.com/graphql

{your-api-subdomain}.{your-own-domain-name}/graphql/realtime (for the websocket endpoint)

Note: This does require you to have an AWS managed certificate for your domain through Amazon Certificate Manager. If you use Route 53 as the registrar for your domains, you should already have one.

This can be done via the AppSync console easily of course – but this post will demonstrate how this can be done just as easily with cloudformation, and save you the bother of redoing this manually if you are replicating your stack.

Explaining the process of creating a custom AppSync domain name

When you initiate a request to create an AppSync custom domain, you will need to provide an AWS Certificate associated with that domain – AppSync will use this to go ahead and create a CloudFront distribution.

CloudFront being global – this created domain name cannot be reused in other regions or accounts.

At this point, there will simply be a CloudFront distribution – with a {generated-name}.cloudfront.net url, but it is not associated with any AppSync API yet.

To associate an API, provide the API ID you want associated with the domain – and AppSync will create an association.

At this point, you will now have your custom domain name configured against the AppSync endpoint, however before you can use it, you will need to add a DNS CNAME record for {your-api-subdomain}.{your-own-domain-name} to route traffic to {generated-name}.cloudfront.net – the CloudFront distro that was created in the first step.

Then we are all set to begin using {your-api-subdomain}.{your-own-domain-name}.com/graphql

Creating an AppSync DomainName and DomainNameApiAssociation in Cloudformation

This is done like below – pass the appropriate values for your own account into the template as parameters.

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: appsync custom domain setup template

Parameters:
  AWSCertificateARN:
    Type: String
  CustomDomainName:
    Type: String
  YourAppSyncApiId:
    Type: String

Resources:

  AppSyncDomain:
    Type: AWS::AppSync::DomainName
    Properties:
      CertificateArn:
        Ref: AWSCertificateARN
      Description: Custom domain name using AWS Cert. Example api.your-domain.com
      DomainName:
        Ref: CustomDomainName

  AppSyncDomainAssociation:
    Type: AWS::AppSync::DomainNameApiAssociation
    DependsOn:
      - AppSyncDomain
    Properties:
      ApiId:
        Ref: YourAppSyncApiId
      DomainName:
        Ref: CustomDomainName

Updating the DNS records to route traffic to the Cloudfront distribution url

Apologies if you were expecting to see a Cloudformation Template for Route 53 at this step – perhaps at some other point – that deserves an article on its own.

However, the header here is to simply remind the final step which is to add a new CNAME record to the {subdomain}.{your-domain-name}.com that points to {generated-name}.cloudfront.net.

And you should be good to start using the new URL in your applications.

Recent Posts

  • Coding a JSON format logger in Python for use as a Lambda Layer package
  • Configuring an S3 Bucket to send events to a Lambda destination for processing
  • How to request a public SSL certificate for a domain name from the AWS Certificate Manager Console
  • Creating automated CloudFormation Stack Build and Deployments with AWS CodePipeline and CodeBuild
  • A concise guide to setting up the AWS command-line libraries on your local development environment
  • How to implement a Lambda Authorizer for an AWS AppSync API and invoke the API with the required Authorization Token
  • Filtering CloudWatch Logs by LogGroups and LogStreams and reading them using Python and the Boto3 SDK
  • Azure AD Multi Tenancy issue in AWS Cognito
  • Setting up Enterprise Federation from Azure Active Directory to Amazon Cognito using Open ID Connect
  • How to Setup IAM Multifactor Authentication (MFA) for the AWS CLI

Categories

  • Amplify
  • API Gateway
  • AppSync
  • AWS CLI
  • CloudFormation
  • CloudWatch
  • Cognito
  • DynamoDB
  • EventBridge
  • KMS
  • Lambda
  • Projects
  • Route 53
  • SES
  • SNS

Post Tags

ACM Amplify API Gateway AppSync AWS CLI Azure Boto3 CloudFormation CloudWatch CodeBuild CodePipeline Cognito DynamoDB EventBridge Firebase IAM KMS Lambda OIDC Project Python Rekognition Route53 S3 SAM SES SNS VPC

©2022 The Lambda Blog