Introducing Custom Domain Names for AWS AppSync APIs
AWS AppSync is a managed serverless GraphQL service that makes it easy to create GraphQL APIs. You can use AppSync to securely access, manipulate, and combine data from one or more data sources in a single API call. Developers use AppSync to build scalable applications for a wide range of use cases, such as real-time collaboration, real-time chat application, offline application sync, unified data access, and unified microservices access. In this article, we describe a new AppSync feature – custom domain names that let customers use their own domain names with their AppSync APIs.
When you create a GraphQL API using AppSync, two endpoints with different host names are provisioned for your API:
- A GraphQL endpoint –
- A real-time endpoint –
Applications can connect to the AWS AppSync GraphQL endpoint (
https://) using any HTTP client for queries and mutations, and to the AWS AppSync real-time endpoint (
wss://) using any WebSocket client for subscriptions.
With custom domain names, you can now configure a single memorable domain name that works for both the GraphQL endpoint and real-time endpoint of an AppSync API. You can use a domain name that you own and associate it with any AppSync API in your AWS account. Moreover, you can change your API association with a custom domain name at any time. For example, with a custom domain name
api.example.com, the GraphQL endpoint and real-time endpoint can be invoked using these URLs:
- AppSync GraphQL endpoint –
- AppSync real-time endpoint –
Customers can now brand their API endpoints to make it easy for API consumers to discover while leveraging all of the existing AppSync functionalities. Customers can align with any organizational security guidelines using recognizable API endpoints, and they can eliminate the overhead of configuring two different host names for the AppSync API endpoints. In addition, customers can change the AppSync API associated with a custom domain without changing their APIs by simply swapping out the AppSync API associated with the custom domain name.
Setting up the Custom Domain Name on AWS AppSync API
In this section, I will demonstrate how to set up a custom domain name for an AppSync API. I will create a custom domain name, associate it to an AppSync API, and invoke the API endpoints using the custom domain URLs.
Step 1 – Register a domain name
You must have a registered internet domain name to set up custom domain names for your AppSync APIs. If needed, you can register an internet domain by using Amazon Route 53 or a third-party domain registrar of your choice. The custom domain name for an AppSync API can be a subdomain or the root domain (also known as “zone apex”) of a registered internet domain. Here, I will use the domain name
codeforevery.com, which was created using a third-party domain registrar with DNS provided by Amazon Route 53. The following diagram shows the public hosted zone in Route 53 for the domain name.
Step 2 – Create a certificate for the domain name
You can request AWS Certificate Manager (ACM) to generate a new certificate or import one into ACM that was issued by a third-party certificate authority. The import must be done in ACM in the
us-east-1 Region (US East (N. Virginia)) following the instructions here.
codeforevery.com a new wildcard certificate was requested in ACM, as shown in the following diagram.
Step 3 – Create an AppSync custom domain name and associate to an AppSync API
- On the AppSync console, navigate to the left menu and select “Custom Domain Names”. Then, select the button “Create domain name”.
- Provide the custom domain name for the AppSync API and the ACM certificate for the domain name. Then, select the button “Create”.
- AppSync creates the AppSync Domain Name and shows the AppSync GraphQL endpoint and real-time endpoint. At this point, no AppSync API has been associated with the newly created custom domain name. Note: When you create a custom domain name in AppSync, the AppSync service sets up a CloudFront distribution, owned and managed by AWS, and provides the CloudFront distribution domain name as the AppSync Domain Name. You must then set up a DNS record to map your custom domain name to the AppSync Domain Name which I will carry out in a later step.
- Associate the custom domain name with an AppSync API by selecting the button “Associate an API” or “Update” to proceed with the association. Here, we select an API called “My Event App” that was generated from the Event App sample project available on the AppSync console.
- AppSync initiates the association of the AppSync API to the custom domain. This process takes a couple of minutes to complete. When completed, the association connection’s status is marked as “Associated”.
Step 4 – Update your DNS records to route traffic to the AppSync Domain Name
For Route 53, create a new record in the hosted zone to direct API call to the custom domain name (e.g.,
api.codeforevery.com) to the AppSync Domain name (e.g.,
Invoking AppSync API with Custom Domain name
Mutation – createEvent Request
Mutation – createEvent Response
Query – getEvent Request
Query – getEvent Response
Subscription to “commentOnEvent” Mutation
From another terminal, we execute the “commentOnEvent” Mutation.
The subscription is trigged, and the message notification appears in the established websocket.
Building a web or mobile application
You can configure the AWS Amplify library in your application to use custom domain names with the Amplify API client and Amplify DataStore. Simply configure the custom domain name as part of the AppSync configuration parameters as shown in the following. Refer to the documentation here for more details.
Changing the API association
You can change the API association of your custom domain at any time. In this way, you can execute blue/green deployments of your AppSync API without having to update your deployed application. From the command line, using the AWS CLI:
Important things to know
- AppSync API custom domain supports Transport Layer Security (TLS) protocol version 1.2 and above (TLS 1.2 and TLS 1.3).
- The default GraphQL endpoint and real-time endpoint of your AppSync API can still be used to invoke the API after configuring custom domain name.
- To create a wildcard custom domain name, specify (*) as the subdomain of your custom domain name which will represent all possible subdomains of a root domain. For example, using
*.codeforevery.comas the AppSync custom domain results in subdomains, such as
c.codeforevery.com, which all route to the same domain.
- You can find out the exact value of the custom domain used to access your AppSync API in the context variable
- There can be only one instance of an AppSync custom domain name (e.g.,
api.codeforevery.com) on the AWS platform (across regions and across AWS Accounts) at any given time. Setting up AppSync custom domain names maps the domain name to an Amazon Cloudfront distribution.
- To set up the custom domain name or to update its certificate, you must have a permission to update CloudFront distributions and describe the ACM certificate that you plan to use. Refer to the documentation here for the IAM policy.
Get started today!
Support for custom domain on AWS AppSync is generally available in all AWS regions where AWS AppSync is available today. Learn more about this new capability by reading the documentation here.