Create custom domain names that your lambda can deploy to with serverless. Allows for base path mapping when deploying and deletion of domain names.
Amplify builds innovative and compelling digital educational products that empower teachers and students across the country. We have a long history as the leading innovator in K-12 education - and have been described as the best tech company in education and the best education company in tech. While others try to shrink the learning experience into the technology, we use technology to expand what is possible in real classrooms with real students and teachers.
Learn more at
Make sure you have the following installed before starting:
The IAM role that is deploying the lambda will need the following permissions:
acm:ListCertificates *
apigateway:GET /domainnames/*
apigateway:DELETE /domainnames/*
apigateway:POST /domainnames
apigateway:POST /domainnames/*/basepathmappings
cloudfront:UpdateDistribution *
route53:ListHostedZones *
route53:ChangeResourceRecordSets hostedzone/{HostedZoneId}
route53:GetHostedZone hostedzone/{HostedZoneId}
route53:ListResourceRecordSets hostedzone/{HostedZoneId}
Alternatively you can generate an least privileged IAM Managed Policy for deployment with this:
deployment policy cloudformation template
# From npm (recommended)
npm install serverless-domain-manager --save-dev
Then make the following edits to your serverless.yaml file:
Add the plugin.
- serverless-domain-manager
Add the plugin configuration (example for
stage: ci
basePath: api
certificateName: *
createRoute53Record: true
Parameter Name | Default Value | Description |
domainName (Required) | The domain name to be created in API Gateway and Route53 (if enabled) for this API. | |
basePath | (none) |
The base path that will prepend all API endpoints. |
stage | Value of --stage , or provider.stage (serverless will default to dev if unset) |
The stage to create the domain name for. This parameter allows you to specify a different stage for the domain name than the stage specified for the serverless deployment. |
certificateName | Closest match | The name of a specific certificate from Certificate Manager to use with this API. If not specified, the closest match will be used (i.e. for a given domain name , a certificate for will take precedence over a * certificate). Note: Edge-optimized endpoints require that the certificate be located in us-east-1 to be used with the CloudFront distribution. |
createRoute53Record | true |
Toggles whether or not the plugin will create a CNAME record in Route53 mapping the domainName to the generated distribution domain name. |
hostedZoneId | If hostedZoneId is set the route53 record set will be created in the matching zone, otherwise the hosted zone will be figured out from the domainName (hosted zone with matching domain). Setting this parameter is specially useful if you have multiple hosted zones with the same domain name (e.g. a public and a private one) |
To create the custom domain:
serverless create_domain
To deploy with the custom domain:
severless deploy
To remove the created custom domain:
serverless delete_domain
Creating the custom domain takes advantage of Amazon's Certificate Manager to assign a certificate to the given domain name. Based on already created certificate names, the plugin will search for the certificate that resembles the custom domain's name the most and assign the ARN to that domain name. The plugin then creates the proper A Alias records for the domain through Route 53. Once the domain name is set it takes up to 40 minutes before it is initialized. After the certificate is initialized, sls deploy
will create the base path mapping and assign the lambda to the custom domain name through CloudFront.
To run the test:
npm test
All tests should pass.
If there is an error update the node_module inside the serverless-vpc-discovery folder:
npm install
- (5/23/2017) CloudFormation does not support changing the base path from empty to something or vice a versa. You must run
sls remove
to remove the base path mapping. - (5/23/2017) Amazon Certificate Manager only allows certificates from the
region certificates for use with CloudFront, and by extension, API Gateway Custom Domains (Results in a BadRequestException: Certificate name must be specified...).
If you have any security issue to report, contact project maintainers privately. You can reach us at [email protected]
We welcome pull requests! For your pull request to be accepted smoothly, we suggest that you:
- For any sizable change, first open a GitHub issue to discuss your idea.
- Create a pull request. Explain why you want to make the change and what it’s for. We’ll try to answer any PR’s promptly.