将HTTP://请求重定向到AWS API Gateway上的https://(使用自定义域)

API网关不直接支持不带TLS的http，这可能是出于安全性考虑以及出于一些实际考虑.

API Gateway doesn't directly support http without TLS, presumably as a security feature, as well as for some practical considerations.

一般来说，对于API来说，没有一个特别好的方法，因为从HTTP到HTTPS的POST请求重定向实际上是毫无意义的-重定向之前，数据已经被不安全地发送了除非客户端已要求服务器在发送正文之前使用期望:100-继续.

There is not a particularly good way to do this for APIs in general, because redirection of a POST request from HTTP to HTTPS is actually a little bit pointless -- the data is has already been sent insecurely by the time the redirect is generated, unless the client has asked the server to inspect the request headers before the body is sent, with Expect: 100-continue.

您可以创建CloudFront发行版，并将其配置为将 GET 和 HEAD 请求从HTTP重定向到HTTPS ...，但是如果您发送 POST 请求到这样的发行版，CloudFront不会重定向-它只会引发错误，因为(如前所述)这样的重定向有害无益.

You can create a CloudFront distribution, and configure it to redirect GET and HEAD requests from HTTP to HTTPS... but if you send a POST request to such a distribution, CloudFront doesn't redirect -- it just throws an error, since (as noted) such a redirection would be more harmful than helpful.

但是...如果 GET 是您的应用程序，那么它就非常简单:首先，使用具有以下功能的区域性(非边缘优化)API端点来部署您的API:系统分配的主机名，而不是自定义域.

However... if GET is your application, then it's pretty straightforward: first, deploy your API with a Regional (not Edge-Optimized) API endpoint with a system-assigned hostname, not a custom domain.

然后，创建一个使用该区域API端点作为其原始服务器的CloudFront发行版，并配置CloudFront发行版的行为以将HTTP重定向到HTTPS.将您的自定义域名与CloudFront分配关联，而不是直接与API Gateway关联.

Then, create a CloudFront distribution that uses this regional API endpoint as its origin server, and configure the CloudFront distribution's behavior to redirect HTTP to HTTPS. Associate your custom domain name with the CloudFront distribution, rather than with API Gateway directly.