Excerpt
In this article we will see how we can define a CNAME on Cloudflare to connect our domain to our AWS API Gateway. Client Certificate On Cloudflare First of all we need a TLS certificate to be able to verify Cloudflare as a trusted party on AWS. To generate the certificate:Press enter or click to view image in full sizeAfter clicking on “Create Certificate” you need to fill in some information, You need to define which subdomain of you main domain can be used for this certificate, I used “*.mydomain.net” which mean this certificate can be used for all sub domains associated with this domain. Keep the default value for other parameters as they are and click on create.Press enter or click to view image in full sizeAfter clicking on create it shows you the values for the Origin Certificate and the Private Key, Make sure to save both somewhere secure, Since you need the values of them in our further step when you wanna import it in your “AWS Certificate Manager”. Import Cloudflare Certific
In this article we will see how we can define a CNAME on Cloudflare to connect our domain to our AWS API Gateway. Client Certificate On Cloudflare First of all we need a TLS certificate to be able to verify Cloudflare as a trusted party on AWS. To generate the certificate:Press enter or click to view image in full sizeAfter clicking on “Create Certificate” you need to fill in some information, You need to define which subdomain of you main domain can be used for this certificate, I used “*.mydomain.net” which mean this certificate can be used for all sub domains associated with this domain. Keep the default value for other parameters as they are and click on create.Press enter or click to view image in full sizeAfter clicking on create it shows you the values for the Origin Certificate and the Private Key, Make sure to save both somewhere secure, Since you need the values of them in our further step when you wanna import it in your “AWS Certificate Manager”. Import Cloudflare Certificate In AWS Certificate Manager In order to let the Cloudflare and AWS interact with each other in a secure way you need to import the certificate generated by Cloudflare in our previous step in AWS Certificate Manager. To do so; First search for “Certificate in your AWS Console” and choose the Certificate Manager.Press enter or click to view image in full sizeNow click on “Import a certificate”. Now fill in the fields with the values obtained from CloudFlare. The value for the Certificate chain can be obtained using this link. For more information you can visit this Cloudflare support page. Press enter or click to view image in full sizeAfter the import if you have entered correct values you should be able to see your certificate with the specified sub domain in your “AWS Certificate Manager” console with the status of “Issued”.Press enter or click to view image in full size Create The Custom Domain Name In AWS API Gateway Now go to the AWS Api Gateway console, Click on “Custom domain names” And click on “Create”.Press enter or click to view image in full sizeNow you should set your sub domain of your choice, Here I set it as “test.mydomain.net”.Press enter or click to view image in full sizeAfter that you need to choose your certificate we imported before in AWS Certificate Manager under the Endpoint Configuration Section.Press enter or click to view image in full sizeAnd keep the other settings as they are and click on “create domain name”. Add API Gateway To Custom Domain Name Now we need to add our API Gateway to our created Custom Domain Name. To do so, Go to API mappings section and Click on Configure API mappings.Press enter or click to view image in full sizeNow click on “Add new mapping” and select your desired API Gateway and stage, Then click on save.Press enter or click to view image in full size Create CNAME Record On Cloudflare Now the last step!😮💨 Go to your Cloudflare dashboard under the DNS section, choose Records, Then click on Add record. Set the Type as CNAME, The value for the Name should be your sub domain which in our case is “test”. Now the value for the Target, You should get this from your Custom Domain Name in AWS Console, Under the Endpoint configuration section there is a field called “API Gateway domain name” copy the value of it and set it for the Target in Cloudflare.Press enter or click to view image in full sizeAPI Gateway domain nameNow hit the save button and your are good to go!!!🍾🍾🍾Press enter or click to view image in full sizeCongratulations!!! Now your Domain is connected to your API Gateway. You can test it out by calling one of your API Gateway’s apis using your subdomain, Which in our case is “test.mydomain.net/hello”. 🎉🎉🎉 Troubleshooting If you encountered 521 error on CloudFlare, make sure to set the SSL setting in Cloudflare to “Full”. If you have this problem you should see something like below.Press enter or click to view image in full sizeCloudflare 521 ErrorTo fix it; Go to Cloudflare dashboard -> SSL/TLS -> overview and set your SSL/TLS encryption mode to Full.Press enter or click to view image in full size