- Get a free SSL/TLS certificate from Amazon through the AWS Certificate Manager (ACM)
- Add the certificate ARN to your Zappa settings file and certify.
Unless you're running an application for personal use, you'll probably want to swap out the default API gateway URL with a custom domain.This is easy to do in two steps:
If you've already obtained a certificate from ACM for the domain you want to use with your Zappa application, you can skip this section.
Once you're back on the main ACM page, expand the domain you just provisioned and look for the section that lists the ARN. Copy the ARN, since that's what we'll use in the next section to tell Zappa about the certificate.
Now that you have the ARN of the SSL certificate that you want to use with your Flask site, you'll need to add the ARN and domain name to your Zappa settings file. Here's our example settings file as a reminder:
{
"dev": {
"app_function": "profile-app.app",
"aws_region": "us-east-1",
"profile_name": "default",
"project_name": "zappaapp",
"runtime": "python3.6",
"s3_bucket": "[enter dev bucket name here]"
},
"production": {
"app_function": "profile-app.app",
"aws_region": "us-east-1",
"profile_name": "default",
"project_name": "zappaapp",
"runtime": "python3.6",
"s3_bucket": "[enter prod bucket name here]",
"certificate_arn": "[enter arn here]",
"domain": "[enter custom domain here]"
}
}
Add your ARN to the certificate_arn element, and add the domain that you set up the certificate for to the domain element. In the settings file above we only have a custom domain set up for the production stage, but if you want a separate domain set up for the dev stage then all you have to do is add a new certificate_arn and domain to that section of the file.
After saving your updated settings file, all you need to do is run
zappa certify production
which will point the AWS API gateway at your custom domain instead of the default Zappa URL. When certify is run Zappa will notify you that it can take 40 minutes or so for the domain to be propagated through AWS, but the average time is much less than that. After running certify you can run zappa deploy production and your application will be invoked by requests to the new domain!
If you're finding this guide useful, you may want to sign up to receive more of my writing at cloudconsultant.dev.