个人中心
gpt4 book ai didi

amazon-web-services - 将 SSL 证书连接到 CloudFormation 中的 CloudFront CDN

转载 作者:行者123 更新时间:2023-12-03 07:32:30 25 4
gpt4 key购买 nike

到目前为止,我已经用它来创建资源了。

"staticFileBucketPolicy": {
  "Type": "AWS::S3::BucketPolicy",
  "DependsOn": "staticFileBucket",
  "Properties": {
    "Bucket": { "Ref": "staticFileBucket" },
    "PolicyDocument": {
      "Version": "2012-10-17",
      "Statement": [{
        "Sid": "AddPerm",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:GetObject",
        "Resource": { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "staticFileBucket" } , "/*" ]]}
      }]
    }
  }
},

"certificate": {
  "Type": "AWS::CertificateManager::Certificate",
  "Properties": {
    "DomainName": { "Ref": "Domain" },
    "SubjectAlternativeNames": [
      { "Fn::Join": ["", [ "*.", { "Ref": "Domain" } ]] }
    ],
    "DomainValidationOptions" : [{
      "DomainName": { "Ref": "Domain" },
      "ValidationDomain" : { "Ref": "Domain" }
    }],
    "Tags": [{
      "Key": "CloudFormationStack",
      "Value": { "Ref": "AWS::StackName" }
    }]
  }
},

"staticCDN": {
  "Type": "AWS::CloudFront::Distribution",
  "DependsOn": "staticFileBucket",
  "Properties": {
    "DistributionConfig": {
      "Comment": "CDN for Sagely static files.",
      "Enabled": true,
      "DefaultRootObject": "index.html",
      "DefaultCacheBehavior": {
        "AllowedMethods": [ "HEAD", "GET", "OPTIONS" ],
        "TargetOriginId": { "Fn::Join": ["", [ { "Ref": "SubDomain" }, "-static.", { "Ref": "Domain" } ]] },
        "ForwardedValues": {
          "QueryString": false,
          "Headers": [ "Access-Control-Request-Headers", "Access-Control-Request-Method", "Origin" ]
        },
        "ViewerProtocolPolicy": "redirect-to-https"
      },
      "Origins": [{
        "DomainName": { "Fn::Join": ["", [ { "Ref": "SubDomain" }, "-static.", { "Ref": "Domain" }, ".s3.amazonaws.com" ]] },
        "Id": { "Fn::Join": ["", [ { "Ref": "SubDomain" }, "-static.", { "Ref": "Domain" } ]] },
        "S3OriginConfig": { }
      }]
    }
  }
},

CDN 通过我的自定义域运行。但是如何将SSL证书连接到CDN呢?

最佳答案

您想要一个 ViewerCertificate您的属性(property) DistributionConfig 。它应该是这样的:

  "ViewerCertificate": {
    "AcmCertificateArn": { "Ref": "certificate" },
    "SslSupportMethod": "sni-only"
  }

根据您的代码,可能需要将您的 staticCDN 更新为:

"staticCDN": {
  "Type": "AWS::CloudFront::Distribution",
  "DependsOn": "staticFileBucket",
  "Properties": {
    "DistributionConfig": {
      "Comment": "CDN for Sagely static files.",
      "Enabled": true,
      "DefaultRootObject": "index.html",
      "DefaultCacheBehavior": {
        "AllowedMethods": [ "HEAD", "GET", "OPTIONS" ],
        "TargetOriginId": { "Fn::Join": ["", [ { "Ref": "SubDomain" }, "-static.", { "Ref": "Domain" } ]] },
        "ForwardedValues": {
          "QueryString": false,
          "Headers": [ "Access-Control-Request-Headers", "Access-Control-Request-Method", "Origin" ]
        },
        "ViewerProtocolPolicy": "redirect-to-https"
      },
      "Origins": [{
        "DomainName": { "Fn::Join": ["", [ { "Ref": "SubDomain" }, "-static.", { "Ref": "Domain" }, ".s3.amazonaws.com" ]] },
        "Id": { "Fn::Join": ["", [ { "Ref": "SubDomain" }, "-static.", { "Ref": "Domain" } ]] },
        "S3OriginConfig": { }
      }],
      "ViewerCertificate": {
        "AcmCertificateArn": { "Ref": "certificate" },
        "SslSupportMethod": "sni-only"
      }
    }
  }
},

关于amazon-web-services - 将 SSL 证书连接到 CloudFormation 中的 CloudFront CDN,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46479369/

25 4 0
文章推荐: amazon-web-services - 通过 ID 查找已弃用 AMI 的类型
文章推荐: aws-cloudformation - Terraform 中的自定义 CloudFormation 资源
文章推荐: amazon-web-services - AWS CloudFormation 模板
文章推荐: amazon-web-services - 云形成 : Create a resource only in specific stage
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com