2

I have a API hosted using AWS Gateway API in combination with a custom domain. Its been in production for at least a year. However, when I go to Cloudfront resource page from AWS web console, I don't see any distribution entries under my same account which is used for Gateway API.

AWS Documentation states below:

The CloudFront distribution created by API Gateway is owned by a region-specific account affiliated with API Gateway. When tracing operations to create and update such a CloudFront distribution in CloudWatch logs, you must use the API Gateway account Id. For more information, see Log Custom Domain Name Creation in CloudTrail.

I am using the same account for both Gateway and Cloudfront. But I don't see the distribution entry in Cloudfront.

What am I missing?

suman j
  • 6,710
  • 11
  • 58
  • 109

1 Answers1

7

It's created behind the scenes. You can't see it in your CloudWatch dashboard. That's what they mean when they say:

"is owned by a region-specific account"

Which means the CloudFront distribution is not owned by your AWS account, so you won't see it in the list of CloudFront distributions that you own.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • Thanks @Mark B . How would I update such a distribution settings to limit to TLS v1.1 and v1.2 only. My main problem is https://stackoverflow.com/questions/46551473/aws-api-gateway-should-prevent-use-of-tls-v1 which lead me to cloudfront distribution settings update – suman j Oct 04 '17 at 15:22
  • Did you see the comment on the answer to that question? "This requires provisioning a second CloudFront distribution in front of the one owned and controlled by API Gateway." – Mark B Oct 04 '17 at 15:33