Add custom domain to API gateway without serverless-domain-manager

Question

I want to add a custom domain to the API Gateway using serverless framework but without "serverless-domain-manager" or any other plugin. I am looking for a more native way, maybe extending a resource in "serverless.yml"

All articles suggest that plugin, but it isn't the best for multi environment pipelines

https://www.serverless.com/blog/serverless-api-gateway-domain/

Answer 1

Doing it manually is not that complicated, here is the full explanation

Add a custom domain to all envs

1. Issue a certificate for the domain in the same region of serverless project, in my case us-east-2
2. Go to API Gateway > Custom domain names > Create, use Regional endpoint type if using HTTP APIs
3. In the created domain there is API Gateway domain name, you'll need to point a CNAME record to it
4. Finally go to API mappings and create the mappings, in my case main and prod with stage $default

Answer 2

API Gateway with a custom domain is configured to use TLS 1.2, and it supports some weak cipher. These weak ciphers are removed in TLS 1.3 which is only supported in CloudFront distributions at the moment. Some security tools like AppScan raised these issues for me during the security testing of these APIs. You can check the details here.

https://security.stackexchange.com/questions/254667/are-weak-cipher-suites-for-tls1-2-a-valid-concern

If security is concerned, I would suggest using a cloud front distribution in front of the API gateway.

https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-cloudfront-distribution/