Using a sub-domain in Laravel Vapor

Using a sub-domain in Laravel vapor is not trivial. Here’s how to do it.

This is is a short article for people using both the Php framework Laravel, and Vapor, a tool to deploy serverless applications on AWS.

The problem

Vapor is an amazing tool, that abstracts for you pretty much all the hard work of dealing of AWS. It setups the Lambdas that run your app, it creates the DNS records needed, it can setup S3 storage, DynamoDB queues, and even databases. This is all great, but there are some cases where all of this abstraction can cause some issues.
I have a domain mydomain.com . I manage the DNS record in a hosted zone via my AWS account A. I want to deploy an application in my AWS account B where I setup a hosted zone for staging.mydomain.com.
To do the deployment, I added the domain to my vapor.yml file:
Domain setting in vapor.yml
Domain setting in vapor.yml
But whenever I try to deploy, I’m getting this message:
notion image
I tried to add the sub-domain to my vapor dashboard but it only accepts root domains. I tried to manually create an ACM certificate in the AWS account B for staging.mydomain.com but unfortunately that did not help.

The solution

This solution was shared by the the Vapor support team, who’s super reactive (3-4 back and forth emails in 2 hours).

Create a dummy hosted zone for the root domain

The problem is that even though I have a certificate in AWS, Vapor isn’t aware of it. So the solution is let Vapor create the certificate. But before Vapor can create the certificate for the subdomain, Vapor needs to know the hosted zone. The hosted zone exists is in the AWS account A but it can’t be reached by Vapor, so you need to create a “dummy” one with: vapor zone mydomain.com.

Creating the certificate for the sub-domain

Now that this is done we can create a certificate for the subdomain by running vapor cert staging.mydomain.com . This will create a new certificate in the us-east-1 region of ACM. You can go to the AWS ACM dashboard to create the records needed in your staging.mydomain.com hosted zone.

Create the DNS records in the right places

For the final step you need to go to your dummy mydomain.com hosted zone. Copy all DNS records for the subdomain (ending with staging.mydomain.com) in the hosted zone for staging.mydomain.com in the AWS account B, and the rest of the records (except of course SOA, NS ect) in the hosted zone for mydomain.com in AWS account A. Vapor should now be aware of the subdomain certificate, and everything should be working fine.

Deploy

You can now run again vapor deploy production. In the deployment console output you should see a CNAME record. Make sure to create this in the hosted zone for staging.mydomain.com in the AWS account B. Note that since you can’t create CNAME records for the root of a hosted zone in route53, so you need to create an A record that’s you’re going to configure to be an alias!
 
notion image