Amazon API Gateway now supports disabling the default REST API endpoint

Posted on: Oct 29, 2020

Amazon API Gateway now supports disabling the default, auto-generated REST API endpoint. The default REST API endpoint in API Gateway looks like https://{restapi_id}.execute-api.{region}.amazonaws.com. This feature is intended for customers who use custom domain names for REST APIs and want to ensure that all traffic to their API only goes through the custom domain name and not the default endpoint. This feature was already available for HTTP APIs. Now, it is available for REST APIs too. 

Customers can configure a custom domain name endpoint to require different security than the default endpoint generated by API Gateway. For example, you can choose to configure a custom domain name with mutual TLS authentication, or require that traffic to a custom domain name use TLS 1.2. By disabling the default API endpoint, customers can require that clients access an API through only the custom domain name. Using this strategy, customers can ensure that clients are only accessing backend systems through approved security controls configured on the custom domain name. 

This feature is generally available in all regions where Amazon API Gateway is available. It is supported via the AWS Console, SDK, and CLI. CloudFormation support will be available soon. To learn more about this feature, refer to our developer guide. For more information about Amazon API Gateway, visit our product page.