Issue connecting custom domain name using AWS SAM

Question

I am having trouble getting my custom domain name to work with api gateway using AWS SAM to deploy to cloud formation and create the resources needed. This is the relevant part of my template

  PrivateApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: !Sub "${Env}"
      Cors: "'*'"
      EndpointConfiguration:
        Type: REGIONAL
      Domain:
        DomainName: api.vrsb.tibblist.com
        CertificateArn: (censored)
        EndpointConfiguration: REGIONAL
        Route53:
          HostedZoneId: Z02959893T52LBTIBENSX
      Auth:
        DefaultAuthorizer: MyCognitoAuthorizer
        Authorizers:
          MyCognitoAuthorizer:
            UserPoolArn: !GetAtt UserPool.Arn

This creates a domain name configuration that points to d-62jom4rgdd.execute-api.us-east-2.amazonaws.com and it does set a mapping on the domain name to my backend api dev stage but doesn't work. https://i.sstatic.net/Untc2.png Route 53 has records created pointing to d-62jom4rgdd.execute-api.us-east-2.amazonaws.com as well but the actual execute api url is https://i.sstatic.net/VBG4k.png.

Answer 1

You need to make sure that the certificate you are using is deploying in us-east-1 if you want to access it from an API.

Whether you recreate your entire API in us-east-1 or just move the certificate, you will still need to create and validate your certificate in us-east-1. Fortunately, if you are using DNS validation, the same records will work for both regions.