DomainConfiguration - Amazon Serverless Application Model
SyntaxPropertiesExamples
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

DomainConfiguration

Configures a custom domain for an API.

Syntax

To declare this entity in your Amazon Serverless Application Model (Amazon SAM) template, use the following syntax.

Properties

AccessAssociation

The configuration required to generate AWS::ApiGateway::DomainNameAccessAssociation resource.

Amazon SAM generates an AWS::ApiGateway::DomainNameAccessAssociation resource when this property is set. For information about generated Amazon CloudFormation resources, see Generated Amazon CloudFormation resources for Amazon SAM.

Type: DomainAccessAssociation

Required: No

Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.

BasePath

A list of the basepaths to configure with the Amazon API Gateway domain name.

Type: List

Required: No

Default: /

Amazon CloudFormation compatibility: This property is similar to the BasePath property of an AWS::ApiGateway::BasePathMapping resource. Amazon SAM creates multiple AWS::ApiGateway::BasePathMapping resources, one per BasePath specified in this property.

CertificateArn

The Amazon Resource Name (ARN) of an Amazon managed certificate this domain name's endpoint. Amazon Certificate Manager is the only supported source.

Type: String

Required: Yes

Amazon CloudFormation compatibility: This property is similar to the CertificateArn property of an AWS::ApiGateway::DomainName resource. If EndpointConfiguration is set to REGIONAL (the default value), CertificateArn maps to RegionalCertificateArn in AWS::ApiGateway::DomainName. If the EndpointConfiguration is set to EDGE, CertificateArn maps to CertificateArn in AWS::ApiGateway::DomainName. If EndpointConfiguration is set to PRIVATE, this property is passed to the AWS::ApiGateway::DomainNameV2 resource.

Additional notes: For an EDGE endpoint, you must create the certificate in the us-east-1 Amazon Region.

DomainName

The custom domain name for your API Gateway API. Uppercase letters are not supported.

Amazon SAM generates an AWS::ApiGateway::DomainName resource when this property is set. For information about this scenario, see DomainName property is specified. For information about generated Amazon CloudFormation resources, see Generated Amazon CloudFormation resources for Amazon SAM.

Type: String

Required: Yes

Amazon CloudFormation compatibility: This property is passed directly to the DomainName property of an AWS::ApiGateway::DomainName resource, or to AWS::ApiGateway::DomainNameV2 when EndpointConfiguration is set to PRIVATE.

EndpointConfiguration

Defines the type of API Gateway endpoint to map to the custom domain. The value of this property determines how the CertificateArn property is mapped in Amazon CloudFormation.

Valid values: EDGE, REGIONAL, or PRIVATE

Type: String

Required: No

Default: REGIONAL

Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.

MutualTlsAuthentication

The mutual Transport Layer Security (TLS) authentication configuration for a custom domain name.

Type: MutualTlsAuthentication

Required: No

Amazon CloudFormation compatibility: This property is passed directly to the MutualTlsAuthentication property of an AWS::ApiGateway::DomainName resource.

NormalizeBasePath

Indicates whether non-alphanumeric characters are allowed in basepaths defined by the BasePath property. When set to True, non-alphanumeric characters are removed from basepaths.

Use NormalizeBasePath with the BasePath property.

Type: Boolean

Required: No

Default: True

Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.

OwnershipVerificationCertificateArn

The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Required only when you configure mutual TLS and you specify an ACM imported or private CA certificate ARN for the CertificateArn.

Type: String

Required: No

Amazon CloudFormation compatibility: This property is passed directly to the OwnershipVerificationCertificateArn property of an AWS::ApiGateway::DomainName resource.

Policy

The IAM policy to attach to the API Gateway domain name. Only applicable when EndpointConfiguration is set to PRIVATE.

Type: Json

Required: No

Amazon CloudFormation compatibility: This property is passed directly to the Policy property of an AWS::ApiGateway::DomainNameV2 resource when EndpointConfiguration is set to PRIVATE. For examples of valid policy documents, see AWS::ApiGateway::DomainNameV2.

Route53

Defines an Amazon Route 53 configuration.

Type: Route53Configuration

Required: No

Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.

SecurityPolicy

The TLS version plus cipher suite for this domain name.

Type: String

Required: No

Amazon CloudFormation compatibility: This property is passed directly to the SecurityPolicy property of an AWS::ApiGateway::DomainName resource, or to AWS::ApiGateway::DomainNameV2 when EndpointConfiguration is set to PRIVATE. For PRIVATE endpoints, only TLS_1_2 is supported.

Examples

DomainName

DomainName example

YAML

Domain:
  DomainName: www.example.com
  CertificateArn: arn-example
  EndpointConfiguration: EDGE
  Route53:
    HostedZoneId: Z1PA6795UKMFR9
  BasePath:
    - foo
    - bar