AWS rest api gateway custom domain name 403 forbidden

February 7, 2023

if you’ve set up a custom domain name for api gateway your integration will give you a domain name like xxx.cloudfront.net

but if you curl that, it won’t work, returning status=403

curl https://xxx.cloudfront.net
> {"message":"Forbidden"}

to make that work:

curl --header "Host: your.custom.domain.name" https://xxx.cloudfront.net/

which should be the default behaviour if you access

curl https://your.custom.domain.name/

but only if you have your CNAME correctly

Type Domain Name Canonical Name
CNAME your.custom.domain.name xxx.cloudfront.net

(might require SNI to be enabled)