AWS: Deploying a Private API Gateway with a Custom Domain Name

By /

Listen to this Post

2025-02-15

AWS API Gateway is a powerful service that allows developers to create, publish, and manage APIs at scale. One of its standout features is the ability to deploy private APIs that are not exposed to the internet. Recently, AWS added support for custom DNS hostnames for private APIs, making it easier to manage and access these endpoints.

In this article, we’ll walk through the steps to deploy a private API Gateway with a custom domain name using Route53. Below are the verified commands and configurations to achieve this:

1. Create a Private Hosted Zone in Route53:

aws route53 create-hosted-zone --name example.com --caller-reference my-private-zone --hosted-zone-config PrivateZone=true

2. Create a Private API Gateway:

aws apigateway create-rest-api --name 'MyPrivateAPI' --endpoint-configuration types=PRIVATE

3. Associate the Custom Domain with API Gateway:

aws apigateway create-domain-name --domain-name api.example.com --regional-certificate-arn arn:aws:acm:us-east-1:123456789012:certificate/xxxxxx --endpoint-configuration types=REGIONAL

4. Update Route53 Record Sets:

aws route53 change-resource-record-sets --hosted-zone-id Z1234567890ABCD --change-batch file://change-record.json

Example `change-record.json`:

{ 
"Changes": [{ 
"Action": "CREATE", 
"ResourceRecordSet": { 
"Name": "api.example.com", 
"Type": "A", 
"AliasTarget": { 
"HostedZoneId": "Z2FDTNDATAQYW2", 
"DNSName": "d-xxxxxx.execute-api.us-east-1.amazonaws.com", 
"EvaluateTargetHealth": false 
} 
} 
}] 
}

5. Deploy the API:

aws apigateway create-deployment --rest-api-id xxxxxx --stage-name prod

By following these steps, you can securely deploy a private API Gateway with a custom domain name, ensuring your API is accessible only within your VPC or connected networks.

What Undercode Say

Deploying a private API Gateway with a custom domain name is a game-changer for organizations prioritizing security and scalability. AWS API Gateway’s integration with Route53 simplifies DNS management, while its private endpoint feature ensures your APIs remain inaccessible to the public internet.

To further enhance your setup, consider using AWS Lambda for serverless backend processing. For example, you can create a Lambda function to handle API requests:

aws lambda create-function --function-name MyLambdaFunction --runtime python3.8 --handler lambda_function.lambda_handler --role arn:aws:iam::123456789012:role/lambda-execution-role --zip-file fileb://lambda_function.zip

For monitoring and logging, integrate Amazon CloudWatch:

aws logs create-log-group --log-group-name /aws/lambda/MyLambdaFunction

If you’re working with Windows-based systems, PowerShell commands can be used to manage AWS resources:

New-EC2Instance -ImageId ami-0abcdef1234567890 -InstanceType t2.micro -KeyName MyKeyPair

For Linux users, ensure your CLI is up-to-date:

sudo apt-get update && sudo apt-get install -y awscli

To explore more about AWS API Gateway and its features, visit the official documentation: AWS API Gateway Docs.

By combining these tools and commands, you can build a robust, secure, and scalable API infrastructure tailored to your organization’s needs. Whether you’re a cloud architect or a developer, mastering these techniques will significantly enhance your cloud deployment capabilities.

References:

Hackers Feeds, Undercode AIFeatured Image

Related Posts: