AWS Lambda, AWS API Gateway, AWS Cloudfront gives 403 error

Question

I run a Django project deployed on AWS lambda using serverless Zappa framework. This can be accessed by a randomly generated link from AWS API Gateway lets say:-

randomly-generated-link.aws.amazon.com/production

I have also created an SSL certificate from ACM and verified it with my domain lets say

example.com

Now when i run zappa certify, this command certifies my domain successfully and creates a custom domain under API gateway console with the following configurations:-

Endpoint Configuration Edge optimized

Target Domain Name d25ihv8a5022zi.cloudfront.net

Hosted Zone ID A2FDTNGATAQYW6

ACM Certificate example.com (c504428e)

Now, I need to point my domain name example.com to randomly-generated-link.aws.amazon.com/production, so I updated my records on Godaddy with CNAME as follows:-

TYPE - CNAME NAME - example.com VALUE - d25ihv8a5022zi.cloudfront.net TTL - 1 HOUR

EXPECTED RESULT - My application thats running on randomly-generated-link.aws.amazon.com show be accessable from example.com.

WHAT I GET - 403 ERROR The request could not be satisfied. Bad request. Generated by cloudfront (CloudFront)

Are you using `https://...` when accessing the API you created? API Gateway does not support unencrypted HTTP and on an Edge Optimized deplohment, you'll get an error from CloudFront if you try without. — Michael - sqlbot, May 09 '19 at 01:06
I am able to access my application on https://randomly-generated-link.aws.amazon.com/production but the error comes when I visit example.com — Abishek, May 09 '19 at 14:33
@Krishna Mohan Yes, Create a hosted zone on your AWS Route53 for your domain. Set route53_enabled to True in your zappa_settings.json and then recertify. It may take upto 40 minutes for the dns to propagate. — Abishek, Sep 15 '19 at 06:34

score 2 · Answer 1 · answered May 08 '19 at 19:55

2

Did you set the Alternate Domain Name for the CloudFront distribution to example.com?

Hope that helps :)

answered May 08 '19 at 19:55

MLu

23,798
5
54
81

This is a built-in "hidden" CloudFront distribution associated with an API Gateway Edge Optimized deployment. They aren't visible in the AWS console, and are auto-configured. – Michael - sqlbot May 09 '19 at 01:04
That's right, I don't see a CloudFront distribution on AWS console. – Abishek May 09 '19 at 14:29
As usual, it's in the docs but I didn't find it until I read your answer. Thanks :-) – danielcraigie Jan 04 '20 at 22:39

AWS Lambda, AWS API Gateway, AWS Cloudfront gives 403 error

1 Answers1