7

I have created one API using API Gateway. The API is working fine if I call it from localhost or any server outside AWS network(Server is not instantiated from AWS) but when I am trying to call the same API from any server which is within AWS network, it does not work. I have created custom domain.

When we are calling the API using custom domain name, below error is thrown: SSL: certificate subject name (*.execute-api.ap-south-1.amazonaws.com) does not match target host name 'custom-domain-name'

but if I use the API 's origin url(getting from the stage), then it throw: {"message":"Forbidden"}

Here is the code I am using:

curl --header "Content-Type: application/json" --header "x-api-key: ViR6gYpw046xxxxxyyyyyyzzzzzzzzzzzzzzzzzzzzzz" --request POST --data '{"username":"xyz","password":"xyz"}' https://post-data.xyz.com/post-userdata-v1/user-data

Below are few details:

API type: Post

Lambda function is integrated

Any advice would be greatly appreciated.

Thanks Biswajit

bisw
  • 827
  • 9
  • 13
  • 1
    https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html explains how to attach an SSL certificate to a custom domain, but you haven't mentioned anything about this process. Have you followed it? – Michael - sqlbot Jul 09 '18 at 07:52
  • I have created SSL certificate and enable it on the server from where I am calling the API and I have checked the ssl and its working fine. I am not confirm about the ssl for custom api domain, do I need to enable the ssl for custom api domain? – bisw Jul 09 '18 at 10:26
  • 1
    Yes, you do... that appears to be why you are getting an error. – Michael - sqlbot Jul 09 '18 at 10:42
  • Okay. I will check it. – bisw Jul 09 '18 at 11:21
  • But one thing, when I am using direct api url(not the custom one) and I am not using any sort of authentication, still I am getting Forbidden issue. where as if I am calling this API using Postman its working fine. – bisw Jul 09 '18 at 11:29
  • @bisw Was the issue resolved in any way? Please explain - I'm facing the exact same issue. Thanks! – Vishwas M.R Sep 21 '21 at 09:41
  • 1
    @VishwasM.R I dont remember now but you can check this one https://stackoverflow.com/questions/39061041/using-an-api-key-in-amazon-api-gateway/51100302#51100302 and also check vpc are same or not for all domain – bisw Sep 22 '21 at 10:49

1 Answers1

0

Since the API is accessible from localhost and servers outside AWS, the setup seems to be fine. The calls from AWS servers would be failing due to the DNS settings in the VPC from which these AWS servers are launched.

Check the following two settings in your VPC and enable them if not done.

enter image description here

You can enable them by following this path: VPCs >> Select Your-VPC >> Actions

Vishwas M.R
  • 1,341
  • 16
  • 23