mat*_*sev 8 amazon-web-services aws-cloudformation amazon-route53 amazon-elastic-beanstalk
什么是正确的Route 53 CloudFormation配置,以将子域名别名为Elastic Beanstalk环境ELB?
我已将HostedZoneIds从Amazon Route 53 Hosted Zone ID表复制到映射:
"Beanstalk2Route53HostedZoneId" : {
"us-east-1" : { "HostedZoneId": "Z117KPS5GTRQ2G" },
"us-west-1" : { "HostedZoneId": "Z1LQECGX5PH1X" },
"us-west-2" : { "HostedZoneId": "Z38NKT9BP95V3O" },
"eu-west-1" : { "HostedZoneId": "Z2NYPWQ7DFZAZH" },
"eu-central-1" : { "HostedZoneId": "Z1FRNW7UH4DEZJ" },
"ap-northeast-1" : { "HostedZoneId": "Z1R25G3KIG2GBW" },
"ap-northeast-2" : { "HostedZoneId": "Z3JE5OI70TWKCP" },
"ap-southeast-1" : { "HostedZoneId": "Z16FZ9L249IFLT" },
"ap-southeast-2" : { "HostedZoneId": "Z2PCDNR3VC2G1N" },
"sa-east-1" : { "HostedZoneId": "Z10X7K2B4QSOFV" }
}
我的资源有两个Beanstalk环境:
"MyBeanstalkConfig": {
"Type": "AWS::ElasticBeanstalk::ConfigurationTemplate",
"Properties": {
"OptionSettings": {
{ "Namespace": "aws:elb:listener:80", "OptionName": "ListenerEnabled", "Value" : "false" },
{ "Namespace": "aws:elb:listener:443", "OptionName": "ListenerEnabled", "Value" : "true" },
{ "Namespace": "aws:elb:listener:443", "OptionName": "InstancePort", "Value" : "8081" },
{ "Namespace": "aws:elb:listener:443", "OptionName": "ListenerProtocol", "Value" : "HTTPS" },
{ "Namespace": "aws:elb:listener:443", "OptionName": "SSLCertificateId", "Value" : "arn:aws:iam::[accountNbr]:server-certificate/example-cert-name" },
[...]
}
}
},
"MyStageBeanstalkEnv": {
"Type": "AWS::ElasticBeanstalk::Environment",
"Properties": {
"Description": "Stage Environment",
"TemplateName": { "Ref": "MyBeanstalkConfig" },
[...]
}
},
"MyProdBeanstalkEnv": {
"Type": "AWS::ElasticBeanstalk::Environment",
"Properties": {
"Description": "Production Environment",
"TemplateName": { "Ref": "MyBeanstalkConfig" },
[...]
}
},
输出:
"StageEndpoint" : {
"Description" : "endpoint of the stage environment",
"Value" : { "Fn::GetAtt" : [ "MyStageBeanstalkEnv", "EndpointURL" ] }
},
"ProdEndpoint" : {
"Description" : "endpoint of the production environment",
"Value" : { "Fn::GetAtt" : [ "MyProdBeanstalkEnv", "EndpointURL" ] }
}
stage和prod Beanstalk环境都在工作,即它们响应调用MyStageBeanstalkEnv.eu-west-1.elasticbeanstalk.com以及返回的端点{ "Fn::GetAtt" : [ "MyStageBeanstalkEnv", "EndpointURL" ] }(看起来像awseb-[abc-123-xyz].eu-west-1.elb.amazonaws.com).不出所料,证书无效,因为它希望域名是stage.example.com或者prod.example.com.
现在我尝试添加Route 53配置:
"ExampleDomainHostedZone": {
"Type" : "AWS::Route53::HostedZone",
"Properties" : {
"Name" : "example.com"
}
},
"ExampleDomainRecordSetGroup" : {
"Type" : "AWS::Route53::RecordSetGroup",
"Properties" : {
"HostedZoneId" : { "Ref": "ExampleDomainHostedZone" },
"RecordSets" : [{
"AliasTarget" : {
"DNSName" : { "Fn::GetAtt" : ["MyStageBeanstalkEnv", "EndpointURL"] },
"EvaluateTargetHealth" : false,
"HostedZoneId" : { "Fn::FindInMap" : [ "Beanstalk2Route53HostedZoneId", {"Ref" : "AWS::Region"}, "HostedZoneId" ]}
},
"Name" : "stage.example.com",
"Type": "A"
},
{
"AliasTarget" : {
"DNSName" : { "Fn::GetAtt" : ["MyProdBeanstalkEnv", "EndpointURL"] },
"EvaluateTargetHealth" : false,
"HostedZoneId" : { "Fn::FindInMap" : [ "Beanstalk2Route53HostedZoneId", {"Ref" : "AWS::Region"}, "HostedZoneId" ]}
},
"Name" : "prod.example.com",
"Type": "A"
}]
}
},
当我尝试更新CloudFormation堆栈时,我在AWS控制台中收到以下错误:
16点12分○○秒UTC + 0200 CREATE_FAILED AWS :: Route53 :: RecordSetGroup ExampleDomainRecordSetGroup尝试创建在目标awseb- [ABC-123-XYZ] .EU-西1.elb.amazonaws.com.,A型的别名区域Z2NYPWQ7DFZAZH,但别名目标名称不在目标区域内
在此上下文中,awseb-[abc-123-xyz].eu-west-1.elb.amazonaws.com与Beanstalk ELB提供的URL相同.
评论:
eu-west-1.AWS::Route53::RecordSetGroup我没有使用AWS::Route53::RecordSet资源,而是尝试创建两个独立的资源,但堆栈更新失败并出现相同的错误.一些谷歌搜索暗示(1,2)的亚马逊路线53托管区域ID不能被配置别名时使用.据指出,eu-west-1具有托管区域ID Z2NYPWQ7DFZAZH为elasticbeanstalk.eu-west-1.amazonaws.com终点.但是,当使用AWS CLI仔细检查实际生成的Beanstalk的ELB配置时,我发现:
$ aws elb describe-load-balancers --region eu-west-1
{
"LoadBalancerDescriptions": [
{
[...]
"CanonicalHostedZoneNameID": "Z3NF1Z3NOM5OY2",
"CanonicalHostedZoneName": "awseb-[abc-123-xyz].eu-west-1.elb.amazonaws.com",
}
]
}
换句话说,托管区域名称ID是不同的.此外,CanonicalHostedZoneName等于DNSName在AliasTarget,即awseb-[abc-123-xyz].eu-west-1.elb.amazonaws.com,这是不一样的端点elasticbeanstalk.eu-west-1.amazonaws.com中使用亚马逊路线53托管区域ID.因此,我更改了映射以包括CanonicalHostedZoneNameIDCLI输出提供的内容:
"Beanstalk2Route53HostedZoneId" : {
"eu-west-1" : { "HostedZoneId": "Z3NF1Z3NOM5OY2" }
}
现在堆栈可以成功更新.遗憾的是,只有for eu-west-1,但是当我将堆栈部署到其他区域时,可以更新该过程.
更新堆栈后,仍然没有来自DNS名称(stable.example.com和unstable.example.com)的响应.更新注册商的名称服务器解决了这个问题.
我对CloudFront的Route53 Alias也有同样的问题.我构建了HostedZOneId映射,但它从未对我有用,通过搜索AWS文档我发现:
托管区域ID.
对于负载平衡器,请使用负载平衡器的规范托管区域ID.
对于Amazon S3,请使用托管区域网站端点的托管区域ID.
对于CloudFront,请使用Z2FDTNDATAQYW2.
有关其他服务的托管区域ID的列表,请参阅AWS区域和端点中的相关服务.
所以我只是硬编码:
"AliasTarget": {
"HostedZoneId": "Z2FDTNDATAQYW2",
"DNSName": {
"Fn::GetAtt": ["MyCloudFrontDistribution", "DomainName"]
}
}
| 归档时间: |
|
| 查看次数: |
6059 次 |
| 最近记录: |