AWS Security ChangesHomeSearch

AWS apigateway documentation change

Service: apigateway · 2025-06-04 · Documentation low

File: apigateway/latest/developerguide/apigateway-regional-api-custom-domain-create.md

Summary

Updated documentation to replace 'base path mapping' terminology with 'routing rules', added new routing mode configuration (ROUTING_RULE_ONLY), and revised CLI/console instructions for routing rule creation

Security assessment

The changes focus on routing configuration mechanics rather than addressing vulnerabilities. While TLS version selection remains present (moved to step 6), the primary update introduces routing rules as a new traffic control feature. No evidence of patching security flaws or disclosing vulnerabilities exists in the diff.

Diff

diff --git a/apigateway/latest/developerguide/apigateway-regional-api-custom-domain-create.md b/apigateway/latest/developerguide/apigateway-regional-api-custom-domain-create.md
index b9c07ce38..b50db0d1f 100644
--- a//apigateway/latest/developerguide/apigateway-regional-api-custom-domain-create.md
+++ b//apigateway/latest/developerguide/apigateway-regional-api-custom-domain-create.md
@@ -5 +5 @@
-ConsiderationsCreate a Regional custom domain name Create a base path mapping for your Regional custom domain name Create a DNS record for your Regional custom domain name 
+ConsiderationsCreate a Regional custom domain name Create a routing rule for your Regional custom domain nameCreate a DNS record for your Regional custom domain name 
@@ -28 +28 @@ The DNS record can be the CNAME or an A Alias record. If you use Route 53 as you
-The following procedure shows how to create a Regional custom domain name. After you complete this procedure, you create a base path mapping to map stages of your API to your custom domain name.
+The following procedure shows how to create a Regional custom domain name. After you complete this procedure, you create a routing rule to route stages of your API to your custom domain name.
@@ -41 +41 @@ AWS Management Console
-  5. For **Minimum TLS version** , select a version.
+  5. For **Routing mode** , choose **Routing rules only**.
@@ -43 +43 @@ AWS Management Console
-  6. Under **Endpoint configuration** , for **API endpoint type** , choose **Regional**.
+In this routing mode, you can only send traffic from your custom domain name to your APIs by using routing rules. For more information, see [Send traffic to your APIs through your custom domain name in API Gateway](./rest-api-routing-mode.html).
@@ -45 +45 @@ AWS Management Console
-  7. Choose an ACM certificate. The certificate must be in the same Region as the API.
+  6. For **Minimum TLS version** , select a version.
@@ -47 +47,5 @@ AWS Management Console
-  8. Choose **Create**.
+  7. Under **Endpoint configuration** , for **API endpoint type** , choose **Regional**.
+
+  8. Choose an ACM certificate. The certificate must be in the same Region as the API.
+
+  9. Choose **Create**.
@@ -60 +64,2 @@ The following [create-domain-name](https://docs.aws.amazon.com/cli/latest/refere
-        --domain-name-configurations CertificateArn=arn:aws:acm:us-west-2:123456789012:certificate/123456789012-1234-1234-1234-12345678
+        --domain-name-configurations CertificateArn=arn:aws:acm:us-west-2:123456789012:certificate/123456789012-1234-1234-1234-12345678 \
+          --routing-mode ROUTING_RULE_ONLY
@@ -76,0 +82 @@ The output will look like the following:
+            "RoutingMode": "ROUTING_RULE_ONLY"
@@ -82 +88,3 @@ The `DomainNameConfigurations` property value returns the Regional API's hostnam
-## Create a base path mapping for your Regional custom domain name 
+## Create a routing rule for your Regional custom domain name
+
+After you create your custom domain name, you configure how traffic is routed from your custom domain name to your APIs. Because you set the routing mode to `ROUTING_RULE_ONLY`, you use routing rules to route incoming requests to your custom domain name to your APIs.
@@ -84 +92 @@ The `DomainNameConfigurations` property value returns the Regional API's hostnam
-After you create your custom domain name, you create a base path mapping to map your API to your custom domain name. For example, you can map the stage `test` for the API ID of `abcd1234` to the custom domain name `regional.example.com` using the API mapping key of `myApi`. This maps the API `https://abcd1234.execute-api.us-west-2.amazonaws.com/test` to `https://regional.example.com/myApi`.
+In this example, you create a catch-all rule that routes all incoming requests to your custom domain name to one stage of your API. You can also configure routing rules based on different header and path conditions. For more information, see [Routing rules to connect API stages to a custom domain name for REST APIs](./rest-api-routing-rules.html).
@@ -93 +101,5 @@ AWS Management Console
-  3. Choose **Configure API mappings**.
+  3. On the **Routing details** tab, choose **Add routing rule**.
+
+  4. Choose **Add a new condition** to add a new condition.
+
+  5. Keep this rule without any conditions. This routes all requests to your custom domain name to your target API and target stage.
@@ -95 +107 @@ AWS Management Console
-  4. Choose **Add new mapping**.
+  6. For **Action** , use the dropdown to select your target API and target stage.
@@ -97 +109 @@ AWS Management Console
-  5. Specify the **API** , **Stage** , and **Path** for the mapping.
+  7. Choose **Next**.
@@ -99 +111,5 @@ AWS Management Console
-  6. Choose **Save**.
+  8. In the priority field, enter `100`.
+
+API Gateway evaluates rules in priority order, from the lowest value to the highest value. Because this is a catch-all rule, you use a high priority so API Gateway can match any additional rules you create first.
+
+  9. Choose **Create routing rule**.
@@ -107 +123 @@ AWS CLI
-The following [create-api-mapping](https://docs.aws.amazon.com/cli/latest/reference/apigateway/create-domain-name.html) command creates a base path mapping:
+The following `create-routing-rule` command creates a catch-all routing rule:
@@ -110 +126 @@ The following [create-api-mapping](https://docs.aws.amazon.com/cli/latest/refere
-    aws apigatewayv2 create-api-mapping \
+    aws apigatewayv2 create-routing-rule \
@@ -112,5 +128,8 @@ The following [create-api-mapping](https://docs.aws.amazon.com/cli/latest/refere
-        --api-mapping-key 'myApi' \
-        --api-id abcd1234 \
-        --stage 'test'
-
-As a result, the base URL using the custom domain name for the API that is deployed in the stage becomes `https://regional.example.com/myAPI`.
+      --priority 100 \
+      --conditions  \
+      --actions '[{
+        "InvokeApi": {
+          "ApiId": "a1b2c3",
+          "Stage": "prod"
+        }
+      }]'
@@ -118 +137 @@ As a result, the base URL using the custom domain name for the API that is deplo
-With a Regional custom domain name, you can create an API mapping with multiple levels, such as `https://regional.example.com/orders/v1/items/123`. You can also map HTTP and REST API stages to the same custom domain name. For more information, see [Map API stages to a custom domain name for REST APIs](./rest-api-mappings.html).
+You can change the routing mode and create new rules at any time. For more information, see [Send traffic to your APIs through your custom domain name in API Gateway](./rest-api-routing-mode.html).