10

I have created an SSL certificate with ACM. I would like to use this certificate to serve both my static content from an S3 bucket and my lambdas. At this time, I want to avoid using CloudFront and proxy both S3 and Lambda with API Gateway so that everything is served from a single SSL domain (no CORS issues).

Ideally, I will call:

https://my.customdomain.com/ (lambda redirects to /web/index.html)
https://my.customdomain.com/api/* (lambdas)
https://my.customdomain.com/web/* (static content - s3)

Is the above architecture reasonable/possible?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
KevinB
  • 1,102
  • 2
  • 8
  • 19
  • 6
    Be aware that exactly the same objective can be accomplished with better performance and significantly lower cost by using a single CloudFront distribution to front-end both your API and bucket. (API Gateway $3.50/MM req to S3 vs CF $1.00/MM req to S3.) – Michael - sqlbot Sep 18 '18 at 09:40
  • That's a great tip @Michael-sqlbot. That definitely helps in my decision. Thanks! – KevinB Sep 18 '18 at 12:44
  • 1
    And to future devs, also be aware that a single AWS account has a soft limit of 200 CloudFront distributions and 100 S3 buckets! While CloudFront is certainly the answer for a handful of sites, the requested strategy fits more neatly for running many different sites & subdomains – ohsully Apr 15 '19 at 04:31

1 Answers1

11

Yes, the architecture is possible.

API Gateway has this objective. To serve as a Gateway for backend services that are not exposed to your customer. One of the options to integrate with API Gateway is with Amazon S3.

Basically you will foward the object key to S3 and request this object using S3 API Calls (executed by API Gateway). You'll just need to give API Gateway the correct permissions to make this call with the proper credentials.

You can find the information needed to make this work here.

Gustavo Tavares
  • 2,579
  • 15
  • 29