This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::ApiGateway::DomainNameV2
The AWS::ApiGateway::DomainNameV2 resource specifies a custom domain name for your private APIs
in API Gateway. You can use a private custom domain name to provide a URL for your private API that's more
intuitive and easier to recall.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::ApiGateway::DomainNameV2", "Properties" : { "CertificateArn" :String, "DomainName" :String, "EndpointConfiguration" :EndpointConfiguration, "Policy" :Json, "RoutingMode" :String, "SecurityPolicy" :String, "Tags" :[ Tag, ... ]} }
YAML
Type: AWS::ApiGateway::DomainNameV2 Properties: CertificateArn:StringDomainName:StringEndpointConfiguration:EndpointConfigurationPolicy:JsonRoutingMode:StringSecurityPolicy:StringTags:- Tag
Properties
CertificateArn-
The reference to an AWS-managed certificate that will be used by the private endpoint for this domain name. AWS Certificate Manager is the only supported source.
Required: No
Type: String
Update requires: No interruption
DomainName-
Represents a custom domain name as a user-friendly host name of an API (RestApi).
Required: No
Type: String
Update requires: Replacement
EndpointConfiguration-
The endpoint configuration to indicate the types of endpoints an API (RestApi) or its custom domain name (DomainName) has and the IP address types that can invoke it.
Required: No
Type: EndpointConfiguration
Update requires: Replacement
Policy-
A stringified JSON policy document that applies to the
execute-apiservice for this DomainName regardless of the caller and Method configuration. You can useFn::ToJsonStringto enter yourpolicy. For more information, see Fn::ToJsonString.Required: No
Type: Json
Update requires: No interruption
RoutingMode-
The routing mode for this domain name. The routing mode determines how API Gateway sends traffic from your custom domain name to your private APIs.
Required: No
Type: String
Allowed values:
BASE_PATH_MAPPING_ONLY | ROUTING_RULE_THEN_BASE_PATH_MAPPING | ROUTING_RULE_ONLYUpdate requires: No interruption
SecurityPolicy-
The Transport Layer Security (TLS) version + cipher suite for this DomainName. Only
TLS_1_2is supported.Required: No
Type: String
Update requires: Replacement
-
The collection of tags. Each tag element is associated with a given resource.
Required: No
Type: Array of Tag
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the domain name ARN.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
DomainNameArn-
The ARN of the domain name.
DomainNameId-
The domain name ID.
Examples
Private custom domain name example
The following example creates a DomainNameV2 resource named MyDomainName.
JSON
{ "MyDomainName": { "Type": "AWS::ApiGateway::DomainNameV2", "Properties": { "DomainName": "private.example.com", "CertificateArn": "arn:aws:acm:us-west-2:123456789:certificate/abcd-000-1234-0000-000000abcd", "EndpointConfiguration": { "Types": [ "PRIVATE" ] }, "SecurityPolicy": "TLS_1_2", "Policy": "{\n\"Version\": \"2012-10-17\",\n\"Statement\": [\n{\n\"Effect\": \"Allow\",\n\"Principal\": \"*\",\n\"Action\": \"execute-api:Invoke\",\n\"Resource\": [\n\"execute-api:/*\"\n]\n},\n {\n\"Effect\": \"Deny\",\n\"Principal\": \"*\",\n\"Action\": \"execute-api:Invoke\",\n\"Resource\": [\n\"execute-api:/*\"\n],\n\"Condition\" : {\n\"StringNotEquals\": {\n\"aws:SourceVpce\": \"vpce-abcd1234efg\"\n}\n}\n}\n]\n}" } } }
YAML
MyDomainName: Type: AWS::ApiGateway::DomainNameV2 Properties: DomainName: private.example.com CertificateArn: arn:aws:acm:us-west-2:123456789:certificate/abcd-000-1234-0000-000000abcd EndpointConfiguration: Types: - PRIVATE SecurityPolicy: TLS_1_2 Policy: Statement: - Action: 'execute-api:Invoke' Effect: Allow Principal: '*' Resource: 'execute-api:/*' - Action: 'execute-api:Invoke' Condition: StringNotEquals: 'aws:SourceVpce': !Ref EndpointID Effect: Deny Principal: '*' Resource: 'execute-api:/*' Version: 2012-10-17
Private custom domain name example with routing mode
The following example creates a DomainNameV2 resource named MyDomainName with a RoutingMode of ROUTING_RULE_ONLY.
JSON
{ "MyDomainName": { "Type": "AWS::ApiGateway::DomainNameV2", "Properties": { "DomainName": "private.example.com", "CertificateArn": "arn:aws:acm:us-west-2:123456789:certificate/abcd-000-1234-0000-000000abcd", "EndpointConfiguration": { "Types": [ "PRIVATE" ] }, "SecurityPolicy": "TLS_1_2", "Policy": "{\n\"Version\": \"2012-10-17\",\n\"Statement\": [\n{\n\"Effect\": \"Allow\",\n\"Principal\": \"*\",\n\"Action\": \"execute-api:Invoke\",\n\"Resource\": [\n\"execute-api:/*\"\n]\n},\n {\n\"Effect\": \"Deny\",\n\"Principal\": \"*\",\n\"Action\": \"execute-api:Invoke\",\n\"Resource\": [\n\"execute-api:/*\"\n],\n\"Condition\" : {\n\"StringNotEquals\": {\n\"aws:SourceVpce\": \"vpce-abcd1234efg\"\n}\n}\n}\n]\n}", "RoutingMode": "ROUTING_RULE_ONLY" } } }
YAML
MyDomainName: Type: AWS::ApiGateway::DomainNameV2 Properties: DomainName: private.example.com CertificateArn: arn:aws:acm:us-west-2:123456789:certificate/abcd-000-1234-0000-000000abcd EndpointConfiguration: Types: - PRIVATE SecurityPolicy: "TLS_1_2" Policy: Statement: - Action: 'execute-api:Invoke' Effect: Allow Principal: '*' Resource: 'execute-api:/*' - Action: 'execute-api:Invoke' Condition: StringNotEquals: 'aws:SourceVpce': !Ref EndpointID Effect: Deny Principal: '*' Resource: 'execute-api:/*' Version: 2012-10-17 RoutingMode: ROUTING_RULE_ONLY
