Does basepath mapping create a CloudFront Distribution

Question

Does basepath mapping on an API in API gateway use a 'hidden' cloudfront distribution?

I have an API on API Gateway, with base path mappings on a domain. However, this doesn't go through cloudfront--and thus no https, only http.

When I try to create a cloudfront distribution for the same domain, it says something to the effect that "CNAME already in use", and can't create the a cloudfront distribution for it, even though I don't have any cloudfront distributions associated with the domain, and nothing on route53 for it either.

If base path mappings on API Gateway creates a 'hidden' cloudfront distribution, one I can't see on the CloudFront distibution console page -- then this makes sense. I can only associate one distribution to one CNAME at a time.

But this makes base-path mappings in API Gateway pretty useless -- they don't allow me to distribute via cloudfront, and hence can't use https to protect a custom domain either. It seems a lot more straightforward to create an origin for cloudfront (one for API) and then assign it that way.

But wanted to confirm if indeed this was the case -- does base path mappings on an API in API Gateway create a 'hidden' cloudfront distribution and lock the CNAME domain from being used by another cloudfront distribution.

@Michael-sqlbot don't know man :(, was hoping someone here could help. — keithRozario, Apr 11 '18 at 02:05
it's a muliple-choice question, with the answer in your console. Did you deploy the API as (a) Edge-Optimized or (b) Regional? — Michael - sqlbot, Apr 11 '18 at 11:48
I see what you mean, Edge Optimize creates a CloudFront distribution, while regional does not. Thanks. — keithRozario, Apr 14 '18 at 01:56
Correct. Where does this leave your question? If you want to point your own CloudFront distribution at an API Gateway, create a regional endpoint. You can also use the "Origin Path" setting in CloudFront to prepend a string to the path of every request, allowing you to do your own "base path" configurarion on the CloudFront side. — Michael - sqlbot, Apr 14 '18 at 02:17

score 0 · Answer 1 · answered Apr 14 '18 at 05:39

I’ve learnt a lot about this, thought be good to share.

API Gateway allows you to create an edge optimised distribution that will even let you use a certificate from ACM to implement it. Once you tie a CNAME to an edge optimised domain, it’s not possible to create a cloudfront distribution for it — you don’t need it as your APi is already on CloudFront.

My preferred way would be to not use base-path mapping’s at All. But use make the API an origin for your Cloudfront distribution, and then use a behaviour (e.g /api/v1/*) for diverting traffic from your distribution to the API.

very important note : if your behaviour is set to /api/v1 make sure that your API gateway resources also start with /api/v1 otherwise you’ll get the dreaded missing authentication token error, the most cryptic and frustrating error message known to man.

This separate CloudFront distribution allows you to then modify other behaviours (like static sites and files) through conventional means. The BasePath mapping method is only good if your API is on its own domain (e.g api.example.com) and it’s a whole lot easier to manage api versions/stages through console for that use case if you use base path mapping’s.

CloudFront deploys take nearly 40 minutes to fully deploy are usually a pain in the you know where. No option is perfect, but good to know the intricacies.

Does basepath mapping create a CloudFront Distribution

1 Answers1