다음은 api gateway의 dns에 제가 직접 구매한 도메인을 연결해보도록 하겠습니다.
먼저 도메인을 설정하기 전에
=> AWS Certificate Manager(ACM)는 AWS 웹 사이트와 애플리케이션을 보호하는 퍼블릭 및 프라이빗 SSL/TLS X.509 인증서와 키를 만들고, 저장하고, 갱신하는 복잡성을 처리합니다.
ACM 와일드카드 인증서는 원하는 만큼의 하위 도메인을 보호할 수 있습니다. 내부 PKI의 모든 위치에서 사용할 수 있도록 AWS Private CA(으)로 서명한 ACM 인증서를 내보낼 수도 있습니다.
이런 인증서를 발급을 받아야 합니다. 고로
resource "aws_acm_certificate" "api" {
domain_name = var.CERTIFICATE_DOMAIN
validation_method = "DNS"
}이런식으로 본인의 도메인을 인증을 받기 위해 aws_acm_certificate 리소스를 생성해줍니다
domain_name - (Required) Domain name for which the certificate should be issued
validation_method - (Optional) Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Terraform.
그런다음 route53 Zone을 만들어줍니다
data "aws_route53_zone" "public" {
name = var.DNS
private_zone = false
}Manages a Route53 Hosted Zone.
name - (Required) This is the name of the hosted zone.
그런다음 route53에 레코드를 추가해준다
resource "aws_route53_record" "api_validation" {
for_each = {
for dvo in aws_acm_certificate.api.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 300
type = each.value.type
zone_id = data.aws_route53_zone.public.zone_id
}successful validation of an ACM certificate in concert with other resources를 위해 아래의 함수를 사용한다
resource "aws_acm_certificate_validation" "api" {
certificate_arn = aws_acm_certificate.api.arn
validation_record_fqdns = [for record in aws_route53_record.api_validation : record.fqdn]
}=> This resource represents a successful validation of an ACM certificate in concert with other resources. (Most commonly, this resource is used together with aws_route53_record and aws_acm_certificate to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.)
- certificate_arn - (Required) ARN of the certificate that is being validated.
- validation_record_fqdns - (Optional) List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation
그 다음은 api gateway도메인을 설정해주기 위해 아래의 리소스를 생성해줍니다
resource "aws_api_gateway_domain_name" "api" {
domain_name = var.GATEWAY_DNS
regional_certificate_arn = aws_acm_certificate_validation.api.certificate_arn
endpoint_configuration {
types = ["REGIONAL"]
}
}=> Registers a custom domain name for use with AWS API Gateway.
=> domain_name - (Required) Fully-qualified domain name to register.
=> endpoint_configuration - (Optional) Configuration block defining API endpoint information including type.
=> regional_certificate_arn - (Optional) ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with certificate_arn, certificate_name, certificate_body, certificate_chain, and certificate_private_key.
그런다음 api gateway domain 에 맞는 route53에 레코드를 만들어준다
resource "aws_route53_record" "meme_route53" {
zone_id = data.aws_route53_zone.public.zone_id
name = var.GATEWAY_DNS
type = "A"
alias {
name = aws_api_gateway_domain_name.api.regional_domain_name
zone_id = aws_api_gateway_domain_name.api.regional_zone_id
evaluate_target_health = true
}
}
그리고 위의 domain name은 just establishes ownership of and the TLS settings for a particular domain name. An API can be attached to a particular path under the registered domain name using the aws_api_gateway_base_path_mapping resource.
고로
resource "aws_api_gateway_base_path_mapping" "example" {
api_id = aws_api_gateway_rest_api.meme_gateway.id
stage_name = aws_api_gateway_deployment.meme_gateway.stage_name
domain_name = aws_api_gateway_domain_name.api.domain_name
}이런식으로 연결을 해준다.
이렇게 하면 api gateway에 도메인이 연결된다
