Custom domain name which is not controlled by current aws account

I deploy a serverless project in non-prod accounts, which used subdomain in the aws account, such as

api.dev.example.com
api.uat.example.com

now, I’d like to deploy it to a production aws account, with domain name api.example.com

But example.com is not in control of this aws account, what should I do?

Write the AWS domain out to a file during deploy. Then make a script to add a CNAME record at your non-Amazon domain provider which points to the AWS domain name.

I do this for dev too. We have a test domain and then then I make sub-domains off from it with each developer’s name. So www.jim.testme.com CNAME aws.url, www.bill.testme.com CNAME another aws url. Now each developer has an easy to remember URL to work with.

I have split my YAML into static and volatile files. I only run the static stuff about once a month. The static YAML file creates the AWS URLs and adds the CNAME records. There is a shell script that does the deploy, reads the output, and then fixes up the CNAMEs.

2 Likes

hi everyone!

I’m in the same challenge: when I deploy, each environment is in its own AWS account, but there’s only one account which owns the Route53 (DNS) domain. Like @bill , when I deploy my “dev” Serverless Lambdas, I want them to appear in dev.example.com, where example.com is controlled by the Prod AWS account.

Partial solution:

  • deploy Dev like normal, put a CNAME in the Prod account pointing to it (@jonsmirl 's solution)

This solution is simple. As a Dev I do my Serverless deploy, using my Dev account. It spits out a long URL, like https://6dzyltptt3.execute-api.us-east-1.amazonaws.com. If I curl this domain, I get “hello world” like expected.

If I set up a CNAME in the Prod account, pointing to 6dzyltptt etc, it doesn’t work as expected. The certificate isn’t set up correctly:

$ curl https://6dzyltptt3.execute-api.us-east-1.amazonaws.com/development/hello
Hello, world! 23:37:52

$ curl https://beer-dev.example.com/development/hello
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I like the idea of having “static” and “dynamic” files!

Any ideas how we can get cross-account Serverless environments working?