This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::ApiGateway::DomainName The `AWS::ApiGateway::DomainName` resource specifies a public custom domain name for your API in API Gateway. To create a custom domain name for private APIs, use [AWS::ApiGateway::DomainNameV2](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnamev2.html). You can use a custom domain name to provide a URL that's more intuitive and easier to recall. For more information about using custom domain names, see [Set up Custom Domain Name for an API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) in the *API Gateway Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::ApiGateway::DomainName", "Properties" : { "[CertificateArn](#cfn-apigateway-domainname-certificatearn)" : String, "[DomainName](#cfn-apigateway-domainname-domainname)" : String, "[EndpointAccessMode](#cfn-apigateway-domainname-endpointaccessmode)" : String, "[EndpointConfiguration](#cfn-apigateway-domainname-endpointconfiguration)" : EndpointConfiguration, "[MutualTlsAuthentication](#cfn-apigateway-domainname-mutualtlsauthentication)" : MutualTlsAuthentication, "[OwnershipVerificationCertificateArn](#cfn-apigateway-domainname-ownershipverificationcertificatearn)" : String, "[RegionalCertificateArn](#cfn-apigateway-domainname-regionalcertificatearn)" : String, "[RoutingMode](#cfn-apigateway-domainname-routingmode)" : String, "[SecurityPolicy](#cfn-apigateway-domainname-securitypolicy)" : String, "[Tags](#cfn-apigateway-domainname-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::ApiGateway::DomainName Properties: [CertificateArn](#cfn-apigateway-domainname-certificatearn): String [DomainName](#cfn-apigateway-domainname-domainname): String [EndpointAccessMode](#cfn-apigateway-domainname-endpointaccessmode): String [EndpointConfiguration](#cfn-apigateway-domainname-endpointconfiguration): EndpointConfiguration [MutualTlsAuthentication](#cfn-apigateway-domainname-mutualtlsauthentication): MutualTlsAuthentication [OwnershipVerificationCertificateArn](#cfn-apigateway-domainname-ownershipverificationcertificatearn): String [RegionalCertificateArn](#cfn-apigateway-domainname-regionalcertificatearn): String [RoutingMode](#cfn-apigateway-domainname-routingmode): String [SecurityPolicy](#cfn-apigateway-domainname-securitypolicy): String [Tags](#cfn-apigateway-domainname-tags): - Tag ``` ## Properties `CertificateArn` The reference to an AWS-managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. AWS Certificate Manager is the only supported source. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DomainName` The custom domain name as an API host name, for example, `my-api.example.com`. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `EndpointAccessMode` The endpoint access mode for your DomainName. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EndpointConfiguration` The endpoint configuration of this DomainName showing the endpoint types and IP address types of the domain name. *Required*: No *Type*: [EndpointConfiguration](aws-properties-apigateway-domainname-endpointconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MutualTlsAuthentication` The mutual TLS authentication configuration for a custom domain name. If specified, API Gateway performs two-way authentication between the client and the server. Clients must present a trusted certificate to access your API. *Required*: No *Type*: [MutualTlsAuthentication](aws-properties-apigateway-domainname-mutualtlsauthentication.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `OwnershipVerificationCertificateArn` The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Only required when configuring mutual TLS and using an ACM imported or private CA certificate ARN as the RegionalCertificateArn. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RegionalCertificateArn` The reference to an AWS-managed certificate that will be used for validating the regional domain name. AWS Certificate Manager is the only supported source. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoutingMode` The routing mode for this domain name. The routing mode determines how API Gateway sends traffic from your custom domain name to your public APIs. *Required*: No *Type*: String *Allowed values*: `BASE_PATH_MAPPING_ONLY | ROUTING_RULE_THEN_BASE_PATH_MAPPING | ROUTING_RULE_ONLY` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SecurityPolicy` The Transport Layer Security (TLS) version \$1 cipher suite for this DomainName. *Required*: No *Type*: String *Allowed values*: `TLS_1_0 | TLS_1_2 | SecurityPolicy_TLS13_1_3_2025_09 | SecurityPolicy_TLS13_1_3_FIPS_2025_09 | SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09 | SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09 | SecurityPolicy_TLS13_1_2_PQ_2025_09 | SecurityPolicy_TLS13_1_2_2021_06 | SecurityPolicy_TLS13_2025_EDGE | SecurityPolicy_TLS12_PFS_2025_EDGE | SecurityPolicy_TLS12_2018_EDGE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` The collection of tags. Each tag element is associated with a given resource. *Required*: No *Type*: Array of [Tag](aws-properties-apigateway-domainname-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the domain name. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `DistributionDomainName` The Amazon CloudFront distribution domain name that's mapped to the custom domain name. This is only applicable for endpoints whose type is `EDGE`. Example: `d111111abcdef8.cloudfront.net` `DistributionHostedZoneId` The region-agnostic Amazon Route 53 Hosted Zone ID of the edge-optimized endpoint. The only valid value is `Z2FDTNDATAQYW2` for all regions. `DomainNameArn` The ARN of the domain name. `RegionalDomainName` The domain name associated with the regional endpoint for this custom domain name. You set up this association by adding a DNS record that points the custom domain name to this regional domain name. `RegionalHostedZoneId` The region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint. ## Examples **Topics** + [Create Custom Domain](#aws-resource-apigateway-domainname--examples--Create_Custom_Domain) + [Create Custom Domain from Parameters](#aws-resource-apigateway-domainname--examples--Create_Custom_Domain_from_Parameters) + [Create domain name with EndpointConfiguration](#aws-resource-apigateway-domainname--examples--Create_domain_name_with_EndpointConfiguration) + [Create Domain Names and Zone IDs as Outputs](#aws-resource-apigateway-domainname--examples--Create_Domain_Names_and_Zone_IDs_as_Outputs) + [Create Domain Name with routing mode ROUTING\$1RULE\$1ONLY](#aws-resource-apigateway-domainname--examples--Create_Domain_Name_with_routing_mode_ROUTING_RULE_ONLY) ### Create Custom Domain The following example creates a custom domain name of `api.mydomain.com`. #### JSON ``` { "MyDomainName": { "Type": "AWS::ApiGateway::DomainName", "Properties": { "DomainName": "api.mydomain.com", "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3" } } } ``` #### YAML ``` MyDomainName: Type: 'AWS::ApiGateway::DomainName' Properties: DomainName: api.mydomain.com CertificateArn: >- arn:aws:acm:us-east-1:111122223333:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3 ``` ### Create Custom Domain from Parameters The following example creates a custom domain name of `example.mydomain.com`. #### JSON ``` { "Parameters": { "basePath": { "Type": "String", "Default": "examplepath" }, "domainName": { "Type": "String", "Default": "example.mydomain.com" }, "restApiName": { "Type": "String", "Default": "exampleapi" } }, "Resources": { "myCertificate": { "Type": "AWS::CertificateManager::Certificate", "Properties": { "DomainName": { "Ref": "domainName" } } }, "myDomainName": { "Type": "AWS::ApiGateway::DomainName", "Properties": { "CertificateArn": { "Ref": "myCertificate" }, "DomainName": { "Ref": "domainName" } } }, "myMapping": { "Type": "AWS::ApiGateway::BasePathMapping", "Properties": { "BasePath": { "Ref": "basePath" }, "DomainName": { "Ref": "myDomainName" }, "RestApiId": { "Ref": "myRestApi" } } }, "myRestApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Name": { "Ref": "restApiName" } } } }, "Outputs": { "domainName": { "Value": { "Fn::GetAtt": [ "myDomainName", "DistributionDomainName" ] } } } } ``` #### YAML ``` Parameters: basePath: Type: String Default: examplepath domainName: Type: String Default: example.mydomain.com restApiName: Type: String Default: exampleapi Resources: myCertificate: Type: 'AWS::CertificateManager::Certificate' Properties: DomainName: !Ref domainName myDomainName: Type: 'AWS::ApiGateway::DomainName' Properties: CertificateArn: !Ref myCertificate DomainName: !Ref domainName myMapping: Type: 'AWS::ApiGateway::BasePathMapping' Properties: BasePath: !Ref basePath DomainName: !Ref myDomainName RestApiId: !Ref myRestApi myRestApi: Type: 'AWS::ApiGateway::RestApi' Properties: Name: !Ref restApiName Outputs: domainName: Value: !GetAtt - myDomainName - DistributionDomainName ``` ### Create domain name with EndpointConfiguration The following example creates a custom domain name that specifies a regional certificate ARN and an endpoint type. #### JSON ``` { "Parameters": { "cfnDomainName": { "Type": "String" }, "certificateArn": { "Type": "String" }, "type": { "Type": "String" } }, "Resources": { "myDomainName": { "Type": "AWS::ApiGateway::DomainName", "Properties": { "CertificateArn": { "Ref": "certificateArn" }, "DomainName": { "Ref": "cfnDomainName" }, "EndpointConfiguration": { "Types": [ { "Ref": "type" } ] }, "RegionalCertificateArn": { "Ref": "certificateArn" } } } }, "Outputs": { "DomainName": { "Value": { "Ref": "myDomainName" } } } } ``` #### YAML ``` Parameters: cfnDomainName: Type: String certificateArn: Type: String type: Type: String Resources: myDomainName: Type: AWS::ApiGateway::DomainName Properties: CertificateArn: !Ref certificateArn DomainName: !Ref cfnDomainName EndpointConfiguration: Types: - !Ref type RegionalCertificateArn: !Ref certificateArn Outputs: DomainName: Value: !Ref myDomainName ``` ### Create Domain Names and Zone IDs as Outputs The following example defines the distribution and regional domain names, as well as the distribution and regional hosted zone IDs, as outputs from the stack. #### JSON ``` { "Resources": { "myDomainName": { "Type": "AWS::ApiGateway::DomainName", "Properties": { "CertificateArn": { "Ref": "certificateArn" }, "DomainName": { "Ref": "cfnDomainName" }, "EndpointConfiguration": { "Types": [ { "Ref": "type" } ] }, "RegionalCertificateArn": { "Ref": "certificateArn" } } } }, "Outputs": { "DistributionDomainName": { "Value": { "Fn::GetAtt": [ "myDomainName", "DistributionDomainName" ] } }, "DistributionHostedZoneId": { "Value": { "Fn::GetAtt": [ "myDomainName", "DistributionHostedZoneId" ] } }, "RegionalDomainName": { "Value": { "Fn::GetAtt": [ "myDomainName", "RegionalDomainName" ] } }, "RegionalHostedZoneId": { "Value": { "Fn::GetAtt": [ "myDomainName", "RegionalHostedZoneId" ] } } } } ``` #### YAML ``` Resources: myDomainName: Type: 'AWS::ApiGateway::DomainName' Properties: CertificateArn: !Ref certificateArn DomainName: !Ref cfnDomainName EndpointConfiguration: Types: - !Ref type RegionalCertificateArn: !Ref certificateArn Outputs: DistributionDomainName: Value: !GetAtt - myDomainName - DistributionDomainName DistributionHostedZoneId: Value: !GetAtt - myDomainName - DistributionHostedZoneId RegionalDomainName: Value: !GetAtt - myDomainName - RegionalDomainName RegionalHostedZoneId: Value: !GetAtt - myDomainName - RegionalHostedZoneId ``` ### Create Domain Name with routing mode ROUTING\$1RULE\$1ONLY The following example creates a domain name with a routing mode of `ROUTING_RULE_ONLY`. #### JSON ``` { "MyDomainName": { "Type": "AWS::ApiGateway::DomainName", "Properties": { "DomainName": "api.mydomain.com", "EndpointConfiguration": { "Types": [ "REGIONAL" ] }, "SecurityPolicy": "TLS_1_2", "RegionalCertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3", "RoutingMode": "ROUTING_RULE_ONLY" } } } ``` #### YAML ``` MyDomainName: Type: AWS::ApiGateway::DomainName Properties: DomainName: api.mydomain.com EndpointConfiguration: Types: - REGIONAL SecurityPolicy: TLS_1_2 RegionalCertificateArn: arn:aws:acm:us-east-1:111122223333:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3 RoutingMode: ROUTING_RULE_ONLY ``` ## See also + [domainname:create](https://docs.aws.amazon.com/apigateway/latest/api/API_CreateDomainName.html) in the *Amazon API Gateway REST API Reference* # AWS::ApiGateway::DomainName EndpointConfiguration The `EndpointConfiguration` property type specifies the endpoint types and IP address types of an Amazon API Gateway domain name. `EndpointConfiguration` is a property of the [AWS::ApiGateway::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html) resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[IpAddressType](#cfn-apigateway-domainname-endpointconfiguration-ipaddresstype)" : String, "[Types](#cfn-apigateway-domainname-endpointconfiguration-types)" : [ String, ... ] } ``` ### YAML ``` [IpAddressType](#cfn-apigateway-domainname-endpointconfiguration-ipaddresstype): String [Types](#cfn-apigateway-domainname-endpointconfiguration-types): - String ``` ## Properties `IpAddressType` The IP address types that can invoke this DomainName. Use `ipv4` to allow only IPv4 addresses to invoke this DomainName, or use `dualstack` to allow both IPv4 and IPv6 addresses to invoke this DomainName. For the `PRIVATE` endpoint type, only `dualstack` is supported. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Types` A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is `"EDGE"`. For a regional API and its custom domain name, the endpoint type is `REGIONAL`. For a private API, the endpoint type is `PRIVATE`. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## See also + [DomainName](https://docs.aws.amazon.com/apigateway/latest/api/API_DomainName.html) in the *Amazon API Gateway REST API Reference* # AWS::ApiGateway::DomainName MutualTlsAuthentication The mutual TLS authentication configuration for a custom domain name. If specified, API Gateway performs two-way authentication between the client and the server. Clients must present a trusted certificate to access your API. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[TruststoreUri](#cfn-apigateway-domainname-mutualtlsauthentication-truststoreuri)" : String, "[TruststoreVersion](#cfn-apigateway-domainname-mutualtlsauthentication-truststoreversion)" : String } ``` ### YAML ``` [TruststoreUri](#cfn-apigateway-domainname-mutualtlsauthentication-truststoreuri): String [TruststoreVersion](#cfn-apigateway-domainname-mutualtlsauthentication-truststoreversion): String ``` ## Properties `TruststoreUri` An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example `s3://bucket-name/key-name`. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. To update the truststore, you must have permissions to access the S3 object. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TruststoreVersion` The version of the S3 object that contains your truststore. To specify a version, you must have versioning enabled for the S3 bucket. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ApiGateway::DomainName Tag An array of key-value pairs to apply to this resource. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-apigateway-domainname-tag-key)" : String, "[Value](#cfn-apigateway-domainname-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-apigateway-domainname-tag-key): String [Value](#cfn-apigateway-domainname-tag-value): String ``` ## Properties `Key` A string you can use to assign a value. The combination of tag keys and values can help you organize and categorize your resources. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value for the specified tag key. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)