AWS API Gateway custom domain in Cloudflare

Hacker hands using laptop computer to code
Reading Time: 3 minutes

Cloudflare is basically one of the largest networks of edge servers and millions of websites use Cloudflare DNS to host their website. It is very easy to use and get started. Cloudflare is a large network of servers that can improve the security, performance, and reliability of anything connected to the Internet.

In this blog, we will dive deep into how we can provide a custom domain name endpoint as a CNAME in Cloudflare to the AWS API-Gateway. This will help us to access the API gateway using the custom domain name. So there will be no need to migrate the website to Route 53 which is a service of AWS.

Getting Started

Let me first break down the whole series of actions into smaller chunks so that it will be easier to follow. so following are the steps that we are going to follow in this tutorial.

  • Login to Cloudflare Dashboard and Create Certificate.
  • Import Certificate to AWS using AWS Certificate Manager (ACM)
  • Create your Custom Domain for your AWS API Gateway.
  • Create or Update the CNAME of the Cloudflare dashboard of your website.

Login to Cloudflare Dashboard and Create Certificate.

  • In your Cloudflare Dashboard, firstly go to the website on which you want to create or access the certificate.
  • Under SSL/TLS section click on the Origin Server.
  • Then click on Create Certificate. (If you have already created a certificate then you can use that also)
  • You can leave everything as default after that or if you want to change something you can change it according to requirements and need.
  • Click the Create button.
  • After that, you will get an Origin Certificate and a private key which will be in pem format. Make sure to copy and save those files’ content somewhere else, because you will not be able to access the content of the private key after that on the Cloudflare dashboard.
  • Go to this Cloudflare public document and move directly to Step 4, download Cloudflare Origin RSA PEM from there. This will be used as the Cloudflare Origin CA root certificate. You need to import the same to AWS Certificate Manager along with the other 2 certificates that have been created already.

Now you will have 3 certificates with you.

  1. OriginCertificate
  2. PrivateKey 
  3. Origin CA Root Certificate 

Now You will need to create a page rule inside Cloudflare Dashboard.

Go to page rules and add a rule for the domain that you would like to integrate with API Gateway by selecting the SSL setting as FULL. Then Click on Save and Deploy.

Import Certificate to AWS using AWS Certificate Manager (ACM)

  • Login to your AWS Account and go to the ACM Certificate creation page in AWS Console. Make sure you are in your desired region.
  • Click on IMPORT
  • In the Certificate body paste the content of Origin Certificate
  • In the Certificate Private Key paste the content of the private key.
  • In the Certificate chain which is an optional section, we have to paste the content from the origin CA Root Certificate.
  • click on the Next button and if you want to add tags you can add them accordingly.
  • Verify everything and click Import.
  • Your certificate will be imported successfully

Create a Custom Domain for AWS API Gateway.

  • Go To the custom domain creation page in AWS Console.
  • Provide your domain name
  • You can leave the rest of the settings as default and select the ACM certificate created for this domain in Step 1
  • Now you can Click on Create domain name
  • Using the API Mapping section you can map the required API Gateway with this custom domain name.
  • Now you need to copy the API Gateway domain name under the Configurations tab.

Create or Update the CNAME of the Cloudflare dashboard of your website.

  • Go back to the Dashboard of Cloudflare and inside DNS click on Add Record.
  • Choose the type as CNAME
  • provide the required name and paste the content from the Configuration tab in STEP 3 inside the target(required) section.
  • Then save it

That is all now you can hit the new subdomain you have created and see that it works. That’s it for this blog. For more such blogs subscribe to Knoldus Blogs.

Written by 

Saumya is a Software Consultant at Knoldus Software LLP. She has done B.Tech from Quantum School of Technology, Roorkee. She has good knowledge of Devops technologies like Ansible, Terraform, Docker, Concourse, Jenkins, Kubernetes. She is very enthusiastic and energetic. Apart from technology, she is interested in various sports.

1 thought on “AWS API Gateway custom domain in Cloudflare4 min read

  1. Hi Saumaya,
    Thanks for this great article* I followed each step and everything is working as expected.
    but there is one thing which I have observed and it is that we are getting cloudflare IP in the logs instead of actual client IP. is there a way to correct this? is it possible to add these details in the article ?

Leave a Reply