什麼是正確的Route 53 CloudFormation配置將子域名別名到Elastic Beanstalk環境ELB?如何使用CloudFormation將域名別名到Elastic Beanstalk環境?
我從Amazon Route 53 Hosted Zone ID表複製HostedZoneId
s到映射:
"Beanstalk2Route53HostedZoneId" : {
"us-east-1" : { "HostedZoneId": "Z117KPS5GTRQ2G" },
"us-west-1" : { "HostedZoneId": "Z1LQECGX5PH1X" },
"us-west-2" : { "HostedZoneId": "Z38NKT9BP95V3O" },
"eu-west-1" : { "HostedZoneId": "Z2NYPWQ7DFZAZH" },
"eu-central-1" : { "HostedZoneId": "Z1FRNW7UH4DEZJ" },
"ap-northeast-1" : { "HostedZoneId": "Z1R25G3KIG2GBW" },
"ap-northeast-2" : { "HostedZoneId": "Z3JE5OI70TWKCP" },
"ap-southeast-1" : { "HostedZoneId": "Z16FZ9L249IFLT" },
"ap-southeast-2" : { "HostedZoneId": "Z2PCDNR3VC2G1N" },
"sa-east-1" : { "HostedZoneId": "Z10X7K2B4QSOFV" }
}
我的資源有兩個魔豆環境:
"MyBeanstalkConfig": {
"Type": "AWS::ElasticBeanstalk::ConfigurationTemplate",
"Properties": {
"OptionSettings": {
{ "Namespace": "aws:elb:listener:80", "OptionName": "ListenerEnabled", "Value" : "false" },
{ "Namespace": "aws:elb:listener:443", "OptionName": "ListenerEnabled", "Value" : "true" },
{ "Namespace": "aws:elb:listener:443", "OptionName": "InstancePort", "Value" : "8081" },
{ "Namespace": "aws:elb:listener:443", "OptionName": "ListenerProtocol", "Value" : "HTTPS" },
{ "Namespace": "aws:elb:listener:443", "OptionName": "SSLCertificateId", "Value" : "arn:aws:iam::[accountNbr]:server-certificate/example-cert-name" },
[...]
}
}
},
"MyStageBeanstalkEnv": {
"Type": "AWS::ElasticBeanstalk::Environment",
"Properties": {
"Description": "Stage Environment",
"TemplateName": { "Ref": "MyBeanstalkConfig" },
[...]
}
},
"MyProdBeanstalkEnv": {
"Type": "AWS::ElasticBeanstalk::Environment",
"Properties": {
"Description": "Production Environment",
"TemplateName": { "Ref": "MyBeanstalkConfig" },
[...]
}
},
輸出:
"StageEndpoint" : {
"Description" : "endpoint of the stage environment",
"Value" : { "Fn::GetAtt" : [ "MyStageBeanstalkEnv", "EndpointURL" ] }
},
"ProdEndpoint" : {
"Description" : "endpoint of the production environment",
"Value" : { "Fn::GetAtt" : [ "MyProdBeanstalkEnv", "EndpointURL" ] }
}
兩個階段和產品Beanstalk環境正在工作,即他們響應MyStageBeanstalkEnv.eu-west-1.elasticbeanstalk.com
的呼叫以及{ "Fn::GetAtt" : [ "MyStageBeanstalkEnv", "EndpointURL" ] }
(看起來像awseb-[abc-123-xyz].eu-west-1.elb.amazonaws.com
)返回的端點。 毫不奇怪,該證書無效,因爲它期望域名是stage.example.com
或prod.example.com
。
現在我嘗試添加路由53配置:
"ExampleDomainHostedZone": {
"Type" : "AWS::Route53::HostedZone",
"Properties" : {
"Name" : "example.com"
}
},
"ExampleDomainRecordSetGroup" : {
"Type" : "AWS::Route53::RecordSetGroup",
"Properties" : {
"HostedZoneId" : { "Ref": "ExampleDomainHostedZone" },
"RecordSets" : [{
"AliasTarget" : {
"DNSName" : { "Fn::GetAtt" : ["MyStageBeanstalkEnv", "EndpointURL"] },
"EvaluateTargetHealth" : false,
"HostedZoneId" : { "Fn::FindInMap" : [ "Beanstalk2Route53HostedZoneId", {"Ref" : "AWS::Region"}, "HostedZoneId" ]}
},
"Name" : "stage.example.com",
"Type": "A"
},
{
"AliasTarget" : {
"DNSName" : { "Fn::GetAtt" : ["MyProdBeanstalkEnv", "EndpointURL"] },
"EvaluateTargetHealth" : false,
"HostedZoneId" : { "Fn::FindInMap" : [ "Beanstalk2Route53HostedZoneId", {"Ref" : "AWS::Region"}, "HostedZoneId" ]}
},
"Name" : "prod.example.com",
"Type": "A"
}]
}
},
當我嘗試更新CloudFormation堆棧我得到的AWS控制檯以下錯誤:
16:12 :00 UTC + 0200 CREATE_FAILED AWS :: Route53 :: RecordSetGroup ExampleDomainRecordSetGroup嘗試創建一個目標爲awseb- [abc-123-xyz] .eu-west-1.elb.amazonaws.com。,區域爲Z2NYPWQ7DFZAZH的類型A的別名,但是別名目標名稱不會hin目標區域
在此上下文中,awseb-[abc-123-xyz].eu-west-1.elb.amazonaws.com
與Beanstalk ELB提供的URL相同。
評論:
- 我成功設法安裝程序路徑53別名資源記錄相同的青苗環境在AWS控制檯下面的描述To add an alias resource record set in Amazon Route 53,所以它是「剛」關於轉移問題這些配置步驟轉到CloudFormation模板。
- 堆棧部署在
eu-west-1
。 - 而不是使用
AWS::Route53::RecordSetGroup
資源我也嘗試創建兩個單獨的AWS::Route53::RecordSet
資源,但堆棧更新失敗,出現相同的錯誤。
我碰到了同樣的問題。從我對您的答案的理解中,似乎沒有辦法爲尚不存在的EB環境映射託管區域ID?即我將不得不創建一個指向ELB的CNAME(因爲這是我可以從CFN模板中獲得的唯一輸出?) 或者有沒有辦法讓CononicalHostedZoneNameID創建一個別名記錄和映射它以永久的方式,每個地區的,我的模板? 我問,因爲你用CLI拉的Z3NF1Z3NOM5OY2似乎沒有任何標準的Route3 Endpoint那個亞馬遜文件。 – Marty
有同樣的問題。令人難以置信的是,您無法在CFN模板中獲得CanonicalHostedZoneNameId!如果您發現除了每個環境的硬編碼以外的任何其他解決方案,請更新。 –