个人中心
gpt4 book ai didi

amazon-web-services - Route53、证书管理器和 CloudFront 之间的 CloudFormation 循环依赖关系

转载 作者:行者123 更新时间:2023-12-03 07:14:27 24 4
gpt4 key购买 nike

以下代码是我尝试创建 SPA(单页应用程序)CloudFormation 模板。我知道可能存在很多缺陷,但我无法从概念上理解如何打破我遇到的循环依赖错误。在我看来,Route53 依赖 CloudFront 才有意义,因为它需要知道 AliasTarget,CloudFront 需要依赖证书管理器也有意义,因为它需要 AcmCertificateArn >并且CertificateManager需要依赖于Route53(原因很明显,但我有一种感觉有人会告诉我这是我打破链条的地方)。

AWSTemplateFormatVersion: '2010-09-09'
Description: Creates an S3 bucket configured for hosting a static website, and a Route
  53 DNS record pointing to the bucket
Parameters:
  DomainName:
    Type: String
    Description: The DNS name of an existing Amazon Route 53 hosted zone e.g. jevsejev.io
    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
    ConstraintDescription: must be a valid DNS zone name.
  FullDomainName:
    Type: String
    Description: The full domain name e.g. development.jevsejev.io
    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
    ConstraintDescription: must be a valid DNS zone name.
Resources:
  Route53:
    Type: AWS::Route53::RecordSet
    DependsOn:
      - Cloudfront
    Properties:
      HostedZoneName: !Ref 'DomainName'
      RecordSets:
        Name: !Ref 'FullDomainName'
        Type: A
        AliasTarget: 
          DNSName: !GetAtt [Cloudfront, WebsiteURL]
  CertificateManager:
    Type: AWS::CertificateManager::Certificate
    DependsOn:
      - Route53
    Properties:
      DomainName: !Ref 'FullDomainName'
  Cloudfront:
    Type: AWS::CloudFront::Distribution
    DependsOn:
    - S3
    Properties:
      DistributionConfig:
        Origins:
        - DomainName: !GetAtt [S3, WebsiteURL]
          Id: S3Origin
          CustomOriginConfig:
            HTTPPort: '80'
            HTTPSPort: '443'
            OriginProtocolPolicy: http-only
        Enabled: true
        HttpVersion: 'http2'
        DefaultRootObject: index.html
        Aliases:
        - !Ref 'FullDomainName'
        DefaultCacheBehavior:
          AllowedMethods:
          - GET
          - HEAD
          Compress: true
          TargetOriginId: S3Origin
          ForwardedValues:
            QueryString: true
            Cookies:
              Forward: none
          ViewerProtocolPolicy: redirect-to-https
        PriceClass: PriceClass_All
        ViewerCertificate:
          AcmCertificateArn: !Ref CertificateManager
          SslSupportMethod: sni-only
  S3:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref 'FullDomainName'
      AccessControl: PublicRead
      WebsiteConfiguration:
        IndexDocument: index.html

最佳答案

我也遇到这个问题,刚刚解决了。希望这对人们有帮助

当您拥有此属性 DomainValidationOptions 并使用您自己的 HostedZone Id 作为 HostedZoneId 的值时,Certificate 部分,证书将被创建而不会卡在那里。

下面是我的代码供引用:

CldoudFrontHostedZoneId 是 AWS 文档中的固定值 https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget.html

DefaultHostedZoneId 是我的 HostedZone Id

Parameters:

  DefaultHostedZoneId:
    Description: Default own HostedZone Id
    Type: String
    Default: xxxxxxxxxxxxxx

  CldoudFrontHostedZoneId:
    Description: AWS only use this hosted zone Id for cloudfront
    Type: String
    Default: Z2FDTNDATAQYW2
Resources:
  StagingCloudFrontCertificate:
    Type: AWS::CertificateManager::Certificate
    Properties:
      DomainName: yyyyy.xxxxxxxx.company.com
      ValidationMethod: DNS
      DomainValidationOptions:
        - DomainName: yyyyy.xxxxxxxx.company.com
          HostedZoneId: !Ref DefaultHostedZoneId

StagingCloudFrontDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Origins:
        - DomainName: !GetAtt StagingPublishedS3.DomainName
          Id: !Ref StagingPublishedS3
          S3OriginConfig:
            OriginAccessIdentity: !Join ['', ['origin-access-identity/cloudfront/', !Ref StagingCloudFrontOriginAccessIdentity]]
        Enabled: 'true'
        Comment: Staging CloudFront Distribution
        HttpVersion: http2
        IPV6Enabled: true
        PriceClass: PriceClass_100
        Aliases: 
        - yyyyy.xxxxxxxx.company.com
        ViewerCertificate:
          MinimumProtocolVersion: TLSv1.2_2021
          AcmCertificateArn: !Ref StagingCloudFrontCertificate           
          SslSupportMethod: sni-only
        DefaultCacheBehavior:
          AllowedMethods:
            - GET
            - HEAD
            - OPTIONS
          CachePolicyId: !Ref AWSmanagedCachePolicy
          # ForwardedValues:
          #   QueryString: false
          ViewerProtocolPolicy: 'redirect-to-https'
          TargetOriginId: !Ref StagingPublishedS3
          TrustedKeyGroups:
          - !Ref StagingCloudFrontKeyGroup
        CacheBehaviors:
          - AllowedMethods:
            - GET
            - HEAD
            PathPattern: /favicon.ico
            TargetOriginId: !Ref StagingPublishedS3
            ViewerProtocolPolicy: 'redirect-to-https'
            CachePolicyId: !Ref AWSmanagedCachePolicy
        
  StagingCloudfrontDNS:
    Type: AWS::Route53::RecordSetGroup
    Properties:
      HostedZoneName: xxxxxxxx.company.com.
      Comment: Zone apex alias targeted to CloudFront
      RecordSets:
      - Name: yyyyy.xxxxxxxx.company.com.
        Type: A
        AliasTarget:
          HostedZoneId: !Ref CldoudFrontHostedZoneId
          DNSName: !GetAtt StagingCloudFrontDistribution.DomainName
      - Name: yyyyy.xxxxxxxx.company.com.
        Type: AAAA
        AliasTarget:
          HostedZoneId: !Ref CldoudFrontHostedZoneId
          DNSName: !GetAtt StagingCloudFrontDistribution.DomainName

关于amazon-web-services - Route53、证书管理器和 CloudFront 之间的 CloudFormation 循环依赖关系,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58238164/

24 4 0
文章推荐: android-studio - Android Studio 2错误:app:compileDebugJavaWithJack
文章推荐: javascript - 如何使用云存储分段上传音乐/视频(适用于 Laravel)?
文章推荐: Django/Celery - 如何终止 celery 任务?
文章推荐: javascript - 无法在 Angular 完整日历上显示自定义事件
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com