I have below setup
Client DNS record xxx.mytest.com has CNAME to our dns record xxx.backend.com. This xxx.backend.com has A record to API Gateway custom domain name. I tried changing this to CNAME as well. Setup as below
xxx.mytest.com **CNAME** xxx.backend.com **A** XXXX.execute-api.eu-west-2.amazonaws.com
XXXX.execute-api.eu-west-2.amazonaws.com has a certificate attached to it which has a domain name as xxx.mytest.com and has xxx.backend.com as additional name
The issue I am facing is that when I access my API via xxx.backend.com it works perfectly but when I try to access it via xxx.mytest.com I get 403 forbidden error.
Any ideas where I can look into to resolve this. I have enabled enhanced Cloudwatch logging as well but these forbidden requests don't reach there.
I was able to solve this peculiar scenario. The issue was happening as I was coming from xxx.mytest.com which was pointing to xxx.backend.com which inturn was pointing to a custom named api-gw, custom name being xxx.backend.com. When my request was reaching api-gw since the original host was xxx.mytest.com and nothing with that name existed in my Custom mapping I was getting 403 error. When I added a host header in my original request with value xxx.backend.com it started to work as now APi-GW knew which API to target to.