Mapping Custom Domains in API Gateway with AWS Certificate Manager

Deploying a serverless API using API Gateway generates a long, randomized execute-api URL. For production applications, you must map this endpoint to a branded, human-readable custom domain. This requires securing the domain with an SSL/TLS certificate to enforce HTTPS.

AWS Certificate Manager (ACM) simplifies this by providing free, auto-renewing public certificates. To attach a custom domain to API Gateway, you request a certificate in ACM, validate domain ownership via DNS, and then bind the certificate to an API Gateway Custom Domain Name resource.

Once the custom domain is created, you must establish an API Mapping to route incoming traffic from the domain to a specific API Gateway stage (like v1 or prod). Finally, an Alias record is created in Route 53 to point your domain directly to the API Gateway regional endpoint.

resource "aws_api_gateway_domain_name" "api" {
  domain_name              = "api.naveenteja.cloud"
  regional_certificate_arn = aws_acm_certificate_validation.api.certificate_arn

  endpoint_configuration {
    types = ["REGIONAL"]
  }
}

resource "aws_api_gateway_base_path_mapping" "mapping" {
  api_id      = aws_api_gateway_rest_api.main.id
  stage_name  = aws_api_gateway_stage.prod.stage_name
  domain_name = aws_api_gateway_domain_name.api.domain_name
}