How To Connect Cloudflare to AWS API Gateway
The goal of this article is to show how to connect a domain in Cloudflare with an endpoint exposed by AWS API Gateway.
I’ll show how to connect the api.example.com domain to an endpoint exposed by API Gateway.
Here the steps needed to reach the goal:
- Generate a certificate on Cloudflare
- Import the Cloudflare certificate in the AWS Certificate Manager
- Create the custom domain name in AWS API Gateway
- Create a record in Cloudflare to connect it to the custom domain name
Generate a certificate on Cloudflare
Go to the Cloudflare dashboard and select the domain of interest.
Select the SSL/TLS icon in the menu, then the Origin Server menu item and at this point click on Create Certificate.
In the form that will be displayed insert the hostname of interest, in this case, we want that to create a certificate for api.example.com.
Click on Next and copy both the certificate and the private key.
Save the private key in a secret manager like KeePass since it will be available only at this step.
Once the procedure is completed you’ll find the certificate listed.
Import the Cloudflare certificate in the AWS Certificate Manager
Go to the AWS Certificate Manager with a user with the proper privileges.
Click on Import a certificate.
Fill the required data with the ones obtained from Cloudflare.
The Certificate chain can be obtained going to this Cloudflare support page and looking for the Cloudflare Origin CA — RSA Root.
Once the procedure is correctly completed you’ll find the certificate listed.
Create the custom domain name in AWS API Gateway
Go to AWS API Gateway with a user with the proper privileges.
Go to the Custom domain names section and click on the Create button.
Fill the Domain Name with api.example.com and then in the ACM certificate select the newly created certificate.
Click on the Create domain name button.
At this point select the created domain and go to API mappings and click the Configure API mappings.
Add a new mapping selecting the API Gateway route and stage of interest.
Create a record in Cloudflare to connect it to the custom domain name
Go to Cloudflare dashboard and select the domain of interest.
Select the DNS icon in the menu and then click on Add record.
Create the record in this way.
To fill the Target field extract the one from AWS API Gateway > Custom Domain Name > Endpoint configuration > API Gateway domain name.
Thanks for reading and feel free to add comments about your experience :)
