I'm confused about this for a while.
I have an API application hosted on ECS and an ALB with a target of this ECS. I need to setup Cognito for ALB but the ALB needs to be SSL-ed. I also how a primary domain registered on a different DNS (not R53).
The AWS documentation says that there are two ways to route traffic to a LB. With CNAME or Alias record set.
My questions are:
Do I need a primary domain on R53 to create an alias record set for ALB? Do I need a registered domain at all or will alias automatically create a free one (since AWS says that alias is free)?
Can I create a subdomain CNAME on R53 of a primary domain hosted on another DNS?
Will I be able to pass paths from my alias or cname to the ALB, example: If I enter a path in my ALB amazon given DNS name like this: "{DNS-ALB-name}.amazon.com/api/path1 this will GET that from the API application. but if I have an Alias or CNAME how can i pass {CNAME-domain}.com/api/apth1 or {alias-domain}.com/api/path1 to the ALB domain which will in the end pass that path to API. Or do I need some sort of revers proxy server?
Can I SSL an alias record set?
Can I integrated a primary domain from another DNS to AWS R53 ss it is as if R53 has that TLD?
you need to either migrate the domain to Route53 or delegate it
if I understand your questions correctly - yes
assuming that I understand your questions correctly: the path and domain names do are separate things, unless you redirect. in this case CNAME will simply point the request at the load balancer, so domain does not actually matter
SSL is added to a resource such as load balancer ot ec2 server, not DNS entry. Once you create an alias and point it at e.g. application load balancer, you will be able to add certificate to it. it integrates well with AWS Certificate Manager
that's called DNS delegation, and yes it is possible