Syntax Properties Return values Examples

AWS::ApiGateway::DomainNameV2

The AWS::ApiGateway::DomainNameV2 resource specifies a custom domain name for your private APIs in API Gateway. You can use a private custom domain name to provide a URL for your private API that's more intuitive and easier to recall.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::ApiGateway::DomainNameV2",
  "Properties" : {
      "CertificateArn" : String,
      "DomainName" : String,
      "EndpointConfiguration" : EndpointConfiguration,
      "ManagementPolicy" : Json,
      "Policy" : Json,
      "SecurityPolicy" : String,
      "Tags" : [ Tag, ... ]
    }
}

YAML


Type: AWS::ApiGateway::DomainNameV2
Properties:
  CertificateArn: String
  DomainName: String
  EndpointConfiguration: 
    EndpointConfiguration
  ManagementPolicy: Json
  Policy: Json
  SecurityPolicy: String
  Tags: 
    - Tag

Properties

CertificateArn

The reference to an AWS-managed certificate that will be used by the private endpoint for this domain name. AWS Certificate Manager is the only supported source.

Required: No

Type: String

Update requires: No interruption

DomainName

Represents a custom domain name as a user-friendly host name of an API (RestApi).

Required: No

Type: String

Update requires: Replacement

EndpointConfiguration

The endpoint configuration to indicate the types of endpoints an API (RestApi) or its custom domain name (DomainName) has.

Required: No

Type: EndpointConfiguration

Update requires: Replacement

ManagementPolicy

A stringified JSON policy document that applies to the API Gateway Management service for this DomainName. This policy document controls access for access association sources to create domain name access associations with this DomainName. You can use Fn::ToJsonString to enter your managementPolicy. For more information, see Fn::ToJsonString.

Required: No

Type: Json

Update requires: No interruption

Policy

A stringified JSON policy document that applies to the execute-api service for this DomainName regardless of the caller and Method configuration. You can use Fn::ToJsonString to enter your policy. For more information, see Fn::ToJsonString.

Required: No

Type: Json

Update requires: No interruption

SecurityPolicy

The Transport Layer Security (TLS) version + cipher suite for this DomainName. Only TLS_1_2 is supported.

Required: No

Type: String

Update requires: Replacement

Tags

The collection of tags. Each tag element is associated with a given resource.

Required: No

Type: Array of Tag

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the domain name ARN.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

DomainNameArn: The ARN of the domain name.
DomainNameId: The domain name ID.

Examples

Private custom domain name example

The following example creates a DomainNameV2 resource named MyDomainName.

JSON


{
    "MyDomainName": {
        "Type": "AWS::ApiGateway::DomainNameV2",
        "Properties": {
            "DomainName": "private.example.com",
            "CertificateArn": "arn:aws:acm:us-west-2:123456789:certificate/abcd-000-1234-0000-000000abcd",
            "EndpointConfiguration": {
                "Types": [
                    "PRIVATE"
                ]
            },
            "SecurityPolicy": "TLS_1_2",
            "Policy": "{\n\"Version\": \"2012-10-17\",\n\"Statement\": [\n{\n\"Effect\": \"Allow\",\n\"Principal\": \"*\",\n\"Action\": \"execute-api:Invoke\",\n\"Resource\": [\n\"execute-api:/*\"\n]\n},\n {\n\"Effect\": \"Deny\",\n\"Principal\": \"*\",\n\"Action\": \"execute-api:Invoke\",\n\"Resource\": [\n\"execute-api:/*\"\n],\n\"Condition\" : {\n\"StringNotEquals\": {\n\"aws:SourceVpce\": \"vpce-abcd1234efg\"\n}\n}\n}\n]\n}"
        }
    }
}

YAML


MyDomainName:
  Type: AWS::ApiGateway::DomainNameV2
  Properties:
    DomainName: private.example.com
    CertificateArn: arn:aws:acm:us-west-2:123456789:certificate/abcd-000-1234-0000-000000abcd
    EndpointConfiguration:
      Types:
        - PRIVATE
    SecurityPolicy: TLS_1_2
    Policy:
        Statement:
            - Action: 'execute-api:Invoke'
              Effect: Allow
              Principal: '*'
              Resource: 'execute-api:/*'
            - Action: 'execute-api:Invoke'
              Condition:
                StringNotEquals:
                  'aws:SourceVpce': !Ref EndpointID
              Effect: Deny
              Principal: '*'
              Resource: 'execute-api:/*'
        Version: 2012-10-17

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Tag

EndpointConfiguration