route53 | Provides resources for adding and removing records | AWS library

I am deploying a API gateway to AWS which gives me a random URL and I'd like to configure custom domain. Based on my understanding, I just need to create a CNAME in route53 for the custom domain point to the api gateway random URL but after some reading, it says I also need to create a custom domain in API gateway. I can make it work but I don't understand why I need that in API gateway. Isn't it just a CNAME which can make it work?

I have created CloudFront distribution and trying to attach that record to the route53 hosted zone. when I'm trying it is giving below error.

An error occurred: myDNSRecord - Invalid request: Expected exactly one of [AliasTarget, all of [TTL, and ResourceRecords], or TrafficPolicyInstanceId], but found none in Change with [Action=CREATE, Name=abc.yz.com., Type=A, SetIdentifier=null] (Service: AmazonRoute53; Status Code: 400; Error Code: InvalidInput; Request ID: 81fd7f48-3ffb-4fa1-b1ba-cef599834a07; Proxy: null)

I want to have a subdomain (api.mysite.com) which makes calls to an EC2 classic load balancer (load-balancer-123456789.us-east-2.elb.amazonaws.com). Everything is hosted on AWS, to (theoretically) make it as straightforward as possible.

I created a domain and subdomain in AWS Route 53, as per the instructions here, and created an "A" record in the subdomain that links to my load balancer as an alias. That works fine, I can make calls to the load balancer through api.mysite.com, as long as I use HTTP.

But when I try to use HTTPS, I get ERR_SSL_PROTOCOL_ERROR. If I try to open the API in a browser, the security icon says that it's "not secure". I think the problem might be that the certificate is connected to the main domain (mysite.com) instead of the subdomain (api.mysite.com), but I can't figure out how to get it to resolve properly.

This SSL checking site shows the EC2 server itself (the one that the load balancer points to) and reports "Certificate not valid for domain name". It's an Ubuntu server, though I'm not sure if that should matter.

I have deployed a django based website on my AWS lightsail instance. the web address has a port 8000 (:8000). I own a domain on (host =fatcow.com). I have created a hosted zone on AWS and pasted the ns values to my provider(factor)'s Nameservers values. In the amazon route53, I have created a new record with a simple redirect A ipv4 and entered the resolver IP address value - my web address with port value. it doesn't work.

Also, I have read that the redirect will not work for its with port numbers. I have tried redirecting my domain to the static ip, then created another hosted zone record trying to redirect the static ip to the ip+port value - error pops up saying it is not a valid address.

I currently use the development server provided by django as it is a personal website and currently it will not have a lot of traffic - portfolio website.

Also, on my fatcow.com domain settings, the Nameservers are updated and in the whois values, new Nameservers are seen. I have only added the 4 NS values. AWS also created SOA ip values but I was not able to add them to the domain (Inputs were not taken by fatcow ).

In the NSLookup website, I can see NS values and SOA values which are on the AWS hosted zone but A records show none.

Edit: sorry for the confusion. my domain is www.chandradhar.com. I'm not a web dev but I'm trying to deploy a django based portfolio website. I have added Amazon Lightsail DNS nameservers to my domain (host=fatcow.com). the web address is :8000 port. Without the port number, the website isn't loading at all. Only with the port number along the static IP, the website loads. 'A' record isn't taking the port number. I did add a SRV record with the port number(in AWS route 53) but still doesn't work. when checked from the website nslookup.io, the nameservers are updated correctly

I have a Serverless application using Localstack, I am trying to get fully running via Docker. I have a docker-compose file that starts localstack for me.

I am getting a bug when trying to compose a reverse zone entry dns in Cloudformation.

This is my entry:

I have a problem with my HTTP integration for an AWS API Gateway that uses WEBSOCKET

These are the main characteristics of my configuration (it can be viewed in detail in the cloud formation template at the end of the post):

• Api Gateway Websocket
• Route selection expression $request.body.action
• Disabled execute api endpoint because I'm using a custom domain, although it does not seem to make any difference if I use the Api Gateway direct url instead
• Routes $connect, a send and a $disconnect
• Integration type is HTTP_PROXY
• The integration Uri (and here is the interesting part) is a URL that points to my custom domain, and the DNS resolves as ANOTHER Api Gateway in my AWS account (an HTTP one) that integrates with a private ALB through a VPC_LINK and reaches a web service in an ECS cluster (I guess this is irrelevant now).
• Bot Api Gateway, the http one and the websocket one, use a custom domain api.mycompany.io and ws.mycompany.io with a TLS certificate *.mycompany.io
• The HTTP services run in a private subnet, but they're perfectly reachable from internet. I can send http requests and get back responses.

When I do

I have application which has frontend code in angular. This frontend application calls backend APIs(spring-boot).

I have deployed this in EKS behind Application Load Balancer(ALB)

Request flow: Route53 -> ALB -> Frontend Target Group or Backend Target Group.

I want to setup AWS Cognito at ALB for user authentication. I am going to federate user pool from my active directory. I want to allow only those users to login into website with username/password. I want to make sure backend APIs can only be called with valid login/token.

Questions: What grant type should be used? (Authorization code grant/implicit grant/client credentials)

Where should I have code to get token from cognito? In frontend(angular) or backend?

Do I need to secure backend APIs, like APIs can be called with token only? Or Just securing angular route is enough? (because backend points are not visible from outside of cluster, they can be called only from frontend PODs) For example, We can keep mywebsite/login allowed without token, any other pages (mywebsite/serach, mywebsite/home, mywebsite/product) allowed only if token is presented

I was playing around aws route53. I understand that a private hosted zone will help resolve the domain name in vpc. For example i can create a google.com private hosted zone to resolve google.com to my custom ip in my vpc.

NOW, i was expecting that route53 should not allow me to create google.com public hosted zone as i dont own the domain. BUT it allowed me to create it

So now i am confused, What does the public hosted zone means ? How does it work? Why it allowed me to create such a hosted zone? What mental model am i missing?