New serverless pattern - apigw-private-cdn-private-ca #2706
Conversation
…CM signed by Amazon Private Certificate Authority pattern
Correct the format for a text within README.md
Updated the text format within the README.md
There was a problem hiding this comment.
change "Creates an PCA: to
"Create an PCA"
Should we change :
"Create a private REST API in API gateway" to
"Create a private REST API in API gateway with custom domain name"
Change "Points API Gateway's private custom domain name to the "execute-api" VPC Endpoint DNS name" to
"Point API Gateway's private custom domain name to the "execute-api" VPC Endpoint DNS name"
Updated the steps on how this pattern works.
Updated the title of the pattern to 75 characters or less.
Updated the title of this pattern to 75 characters or less.
Added AWS Private CA Cost Considerations section
| @@ -0,0 +1,114 @@ | |||
| # Private Custom Domain for API Gateway API Using ACM and Amazon Private CA | |||
There was a problem hiding this comment.
| # Private Custom Domain for API Gateway API Using ACM and Amazon Private CA | |
| # Private Custom Domain for Amazon API Gateway API Using AWS Certificate Manager and Amazon Private Certificate Authority |
There was a problem hiding this comment.
Always use full service names on first mention
|
|
||
| This pattern enables secure access to a private REST API Gateway using a private custom domain name. The solution utilizes SSL certificates managed by AWS Certificate Manager (ACM) and signed by Amazon Private Certificate Authority (PCA), ensuring secure and authenticated communication within the private network. | ||
|
|
||
| Learn more about this pattern at [Serverless Land Patterns](https://serverlessland.com/patterns/apigw-private-cdn-private-ca). |
There was a problem hiding this comment.
Please append the IaC framework to the pattern (and folder) name
| ``` | ||
| 2. Change directory to the pattern directory: | ||
| ```bash | ||
| cd serverless-patterns/apigw-private-cdn-private-ca |
There was a problem hiding this comment.
also append the framework here
| ## Testing | ||
|
|
||
| 1. Sign in to the AWS Management Console. | ||
| 2. Navigate to AWS Lambda by searching 'Lambda' in the services search bar. |
There was a problem hiding this comment.
| 2. Navigate to AWS Lambda by searching 'Lambda' in the services search bar. | |
| 2. Navigate to the AWS Lambda console``` |
|
|
||
| --- | ||
|
|
||
| Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. |
There was a problem hiding this comment.
| Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
| Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. |
| }, | ||
| "deploy": { | ||
| "text": [ | ||
| "aws cloudformation deploy --template-file template.yaml --stack-name apigw-private-cdn-private-ca --parameter-overrides VpcIdParameter=<vpc-id> VpcEndpointSubnetIdsParameter=<subnet-id> ApiVPCESecurityGroup=<security-group-id> --capabilities CAPABILITY_IAM" |
There was a problem hiding this comment.
Replace with "See the GitHub repo for detailed deployment instructions."
| TemplateArn: arn:aws:acm-pca:::template/RootCACertificate/V1 | ||
| Validity: | ||
| Type: YEARS | ||
| Value: 10 |
There was a problem hiding this comment.
Set it to a lower value as this is just a demo
| - Effect: Allow | ||
| Principal: "*" | ||
| Action: execute-api:Invoke | ||
| Resource: execute-api:/* |
There was a problem hiding this comment.
please scope this to at least the current region and account
| Principal: '*' | ||
| Action: execute-api:Invoke | ||
| Resource: | ||
| - execute-api:/* |
There was a problem hiding this comment.
see comment above on least privilege
| "description": "Create Amazon API Gateway private REST API with private custom domain name configured with private SSL certificate managed my ACM signed by Amazon Private Certificate Authority.", | ||
| "language": "Python", | ||
| "level": "200", | ||
| "framework": "AWS CloudFormation", |
There was a problem hiding this comment.
The currently valid frameworks are AWS CDK, AWS SAM, Terraform, Serverless Framework, Terraform (with modules), AWS CDK for Terraform, Pulumi.
There was a problem hiding this comment.
I think it might be easiest to add the Serverless Transform to make it a SAM template
|
Looks good, thanks for your contribution. Your pattern will be merged to Serverlessland.com soon |
Amazon API Gateway private REST API with private custom domain name configured with private SSL certificate managed my ACM signed by Amazon Private Certificate Authority
This pattern enables secure access to a private REST API Gateway using a private custom domain name. The solution utilizes SSL certificates managed by AWS Certificate Manager (ACM) and signed by Amazon Private Certificate Authority (PCA), ensuring secure and authenticated communication within the private network.