I have created an SSL certificate with ACM. I would like to use this certificate to serve both my static content from an S3 bucket and my lambdas. At this time, I want to avoid using CloudFront and proxy both S3 and Lambda with API Gateway so that everything is served from a single SSL domain (no CORS issues).
Ideally, I will call:
https://my.customdomain.com/ (lambda redirects to /web/index.html)
https://my.customdomain.com/api/* (lambdas)
https://my.customdomain.com/web/* (static content - s3)
Is the above architecture reasonable/possible?
Yes, the architecture is possible.
API Gateway has this objective. To serve as a Gateway for backend services that are not exposed to your customer. One of the options to integrate with API Gateway is with Amazon S3.
Basically you will foward the object key to S3 and request this object using S3 API Calls (executed by API Gateway). You'll just need to give API Gateway the correct permissions to make this call with the proper credentials.
You can find the information needed to make this work here.