Amazon Api Gateway Multiple Secure Domains | Multiple Certificates
Multi-Tenants SaaS applications require to identify tenants. There are multiple ways to do that such as
- Pass tenant id in request headers.
- Pass tenant id in query string.
- Give separate domain name to each tenant and identify based on that.
Here we are going to explore, how to add multiple secure domain names to AWS Api Gateway and identify based on that.
Following are the AWS services we would be using in this demo
- Amazon API Gateway
- AWS Lambda
- AWS Certificate Manager
- Amazon Route 53
To identify domain name we will be using an AWS Lambda Function with minimal code to return domain name. Create an AWS Lambda Function with following code.
Once Lambda is deployed, create a new API in AWS Api Gateway by proving a name.
After creating API, add a new GET resource at root level with following configurations. Remember to check Use Lambda Proxy integration, which will allow API Gateway to pass raw request to Lambda as-is.
Once API method is created, we need to deploy API to a Stage. Since it is first time we are deploying the API, we need to create new Stage.
Register your domains in AWS Route 53 using instructions available here. You can skip this step, if you already have a domains purchased in your AWS Account. For this demo we will be using one root level domain and two subdomains.
After registering domain, we need SSL certificates to associate with our domains. Go to AWS Certificate Manager (ACM) and create a new Public certificate. Add your first domain that you need to use for this demo.
While creating a certificate, you would also need to choose ownership validation option. Choose DNS validation when prompted. You can validate ownership directly from ACM by choosing Create record in Route 53.
Follow same steps to request SSL certificate for another domain.
Now we need to associate our domains with API Gateway we created in earlier steps. Go to Custom domain names in API Gateway.
Create custom domain for first domain and add the configuration as below. Remember to choose ACM certificate created in previous steps. Make sure you select the ACM certificate create for same domain.
Once custom domain is created, go to API mapping tab to create mapping between domain names and Stages of API.
Configure API mapping like below, to prod stage.
Follow same step for another domain with same configuration like above. Only change would domain name and certificate. Create same mapping like first domain.
Go again to Route 53 and create Alias records in your hosted zone, using instruction mentioned here.
Now you are all set to see the result in your browser. Navigate to each domain look for following results.
Same results can be achieved using just one ACM certificate by adding additional domain names while requesting certificate. But, in this case you clients will be able to see list of all the domain names you adding in a certificate.
