个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
28
4
我正在尝试部署一个 CloudFormation 模板(通过 AWS CLI),其中包含 DynamoDB 和一些通过 API Gateway 提供服务的 Lambda。模板如下:
Resources:
UTableArticle:
Type: AWS::DynamoDB::Table
Properties:
KeySchema:
- AttributeName: id
KeyType: HASH
AttributeDefinitions:
- AttributeName: id
AttributeType: S
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
TableName: !Sub ${AWS::StackName}-Article
UpdateReplacePolicy: Retain
DeletionPolicy: Retain
UIAMRoleFunctionServiceRoleArticle:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: "2012-10-17"
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
UIAMRoleFunctionServiceRolePolicyArticle:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
- Action:
- dynamodb:BatchGetItem
- dynamodb:GetRecords
- dynamodb:GetShardIterator
- dynamodb:Query
- dynamodb:GetItem
- dynamodb:Scan
- dynamodb:BatchWriteItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Effect: Allow
Resource:
- !GetAtt [ UTableArticle, Arn ]
- !Ref AWS::NoValue
Version: "2012-10-17"
PolicyName: UIAMRoleFunctionServiceRolePolicyArticle
Roles:
- !Ref UIAMRoleFunctionServiceRoleArticle
BFunctionSaveArticle:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: !Ref ArtefactRepositoryBucket
S3Key: !Join [ '', [!Ref ArtefactRepositoryKeyPrefix, '.zip' ] ]
Handler: !Ref 'SaveArticleHandler'
Role: !GetAtt [ UIAMRoleFunctionServiceRoleArticle, Arn ]
Runtime: java11
Environment:
Variables:
TABLE_NAME: !Ref UTableArticle
PRIMARY_KEY: id
DependsOn:
- UIAMRoleFunctionServiceRolePolicyArticle
- UIAMRoleFunctionServiceRoleArticle
BFunctionGetArticle:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: !Ref ArtefactRepositoryBucket
S3Key: !Join [ '', [!Ref ArtefactRepositoryKeyPrefix, '.zip' ] ]
Handler: !Ref 'GetArticleHandler'
Role: !GetAtt [ UIAMRoleFunctionServiceRoleArticle, Arn ]
Runtime: java11
Environment:
Variables:
TABLE_NAME: !Ref UTableArticle
PRIMARY_KEY: id
DependsOn:
- UIAMRoleFunctionServiceRolePolicyArticle
- UIAMRoleFunctionServiceRoleArticle
BFunctionListArticles:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: !Ref ArtefactRepositoryBucket
S3Key: !Join [ '', [!Ref ArtefactRepositoryKeyPrefix, '.zip' ] ]
Handler: !Ref 'ListArticlesHandler'
Role: !GetAtt [ UIAMRoleFunctionServiceRoleArticle, Arn ]
Runtime: java11
Environment:
Variables:
TABLE_NAME: !Ref UTableArticle
PRIMARY_KEY: id
DependsOn:
- UIAMRoleFunctionServiceRolePolicyArticle
- UIAMRoleFunctionServiceRoleArticle
BFunctionGWPermissionGetArticle:
Type: AWS::Lambda::Permission
DependsOn:
- BlogRestApi
- BFunctionListArticles
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt [ BFunctionListArticles, Arn ]
Principal: apigateway.amazonaws.com
SourceArn: !Join ['', ['arn:', !Ref 'AWS::Partition', ':execute-api:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref BlogRestApi, '/*/GET/article'] ]
BFunctionGWPermissionPostArticle:
Type: AWS::Lambda::Permission
DependsOn:
- BlogRestApi
- BFunctionSaveArticle
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt [ BFunctionSaveArticle, Arn ]
Principal: apigateway.amazonaws.com
SourceArn: !Join ['', ['arn:', !Ref 'AWS::Partition', ':execute-api:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref BlogRestApi, '/*/POST/article'] ]
BFunctionGWPermissionGetIdArticle:
Type: AWS::Lambda::Permission
DependsOn:
- BlogRestApi
- BFunctionGetArticle
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt [ BFunctionGetArticle, Arn ]
Principal: apigateway.amazonaws.com
SourceArn: !Join ['', ['arn:', !Ref 'AWS::Partition', ':execute-api:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref BlogRestApi, '/*/GET/article/{id}'] ]
BFunctionGWPermissionPatchIdArticle:
Type: AWS::Lambda::Permission
DependsOn:
- BlogRestApi
- BFunctionSaveArticle
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt [ BFunctionSaveArticle, Arn ]
Principal: apigateway.amazonaws.com
SourceArn: !Join ['', ['arn:', !Ref 'AWS::Partition', ':execute-api:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref BlogRestApi, '/*/PATCH/article/{id}'] ]
BlogRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: Article
UAGDeploymentArticle:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId: !Ref BlogRestApi
Description: Automatically created by the RestApi construct
DependsOn:
- UAGMethodArticleIdGet
- UAGMethodArticleIdPatch
- UAGResourceArticleId
- UAGMethodArticleGet
- UAGMethodArticlePost
- UAGResourceArticle
BAGDeploymentStageProdArticle:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref BlogRestApi
DeploymentId: !Ref UAGDeploymentArticle
StageName: prod
UAIMRoleCWPushArticle:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: !Join ["", ['apigateway.', !Ref "AWS::URLSuffix"] ]
Version: "2012-10-17"
ManagedPolicyArns:
- !Join ['', ['arn:', !Ref 'AWS::Partition', ':iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs'] ]
UAGAccountArticle:
Type: AWS::ApiGateway::Account
Properties:
CloudWatchRoleArn: !GetAtt [ UAIMRoleCWPushArticle, Arn ]
DependsOn:
- BlogRestApi
UAGResourceArticle:
Type: AWS::ApiGateway::Resource
Properties:
ParentId: !GetAtt [ BlogRestApi, RootResourceId ]
PathPart: article
RestApiId: !Ref BlogRestApi
UAGMethodArticleGet:
Type: AWS::ApiGateway::Method
Properties:
HttpMethod: GET
ResourceId: !Ref UAGResourceArticle
RestApiId: !Ref BlogRestApi
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Join [ "", ['arn:', !Ref 'AWS::Partition', ':apigateway:', !Ref 'AWS::Region', ':lambda:path/2015-03-31/functions/', !GetAtt [ BFunctionListArticles, Arn ], '/invocations' ] ]
UAGMethodArticlePost:
Type: AWS::ApiGateway::Method
Properties:
HttpMethod: POST
ResourceId: !Ref UAGResourceArticle
RestApiId: !Ref BlogRestApi
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Join [ "", ['arn:', !Ref 'AWS::Partition', ':apigateway:', !Ref 'AWS::Region', ':lambda:path/2015-03-31/functions/', !GetAtt [ BFunctionSaveArticle, Arn ], '/invocations' ] ]
UAGResourceArticleId:
Type: AWS::ApiGateway::Resource
Properties:
ParentId: !Ref UAGResourceArticle
PathPart: "{id}"
RestApiId: !Ref BlogRestApi
UAGMethodArticleIdGet:
Type: AWS::ApiGateway::Method
Properties:
HttpMethod: GET
ResourceId: !Ref UAGResourceArticleId
RestApiId: !Ref BlogRestApi
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Join [ "", ['arn:', !Ref 'AWS::Partition', ':apigateway:', !Ref 'AWS::Region', ':lambda:path/2015-03-31/functions/', !GetAtt [ BFunctionGetArticle, Arn ], '/invocations' ] ]
UAGMethodArticleIdPatch:
Type: AWS::ApiGateway::Method
Properties:
HttpMethod: PATCH
ResourceId: !Ref UAGResourceArticleId
RestApiId: !Ref BlogRestApi
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Join [ "", ['arn:', !Ref 'AWS::Partition', ':apigateway:', !Ref 'AWS::Region', ':lambda:path/2015-03-31/functions/', !GetAtt [ BFunctionSaveArticle, Arn ], '/invocations' ] ]
# apparently the below already exists??
BlogAPIDomainName:
Type: AWS::ApiGateway::DomainName
Properties:
DomainName: blogapi.zenithwebfoundry.com
EndpointConfiguration:
Types:
- EDGE
CertificateArn: 'arn:aws:acm:us-east-1:499908792600:certificate/2983bc14-28d4-43ab-b1da-fe9618a926d1'
SecurityPolicy: TLS_1_0
BlogAPIHostedZone:
Type: AWS::Route53::HostedZone
Properties:
Name: !Ref BlogAPIDomainName
BlogAPIBasePathMapping:
Type: AWS::ApiGateway::BasePathMapping
Properties:
DomainName: !Ref BlogAPIDomainName
RestApiId: !Ref BlogRestApi
Stage: 'prod'
Route53RecordSetGroup:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: Z18TN67OCTIBE0 # zenithwebfoundry.com. HostedZoneId
RecordSets:
- Name: blog.zenithwebfoundry.com.
Type: A
TTL: '300'
ResourceRecords:
- 52.64.238.177
- Name: blogapi.zenithwebfoundry.com
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !Ref BlogAPIDomainName
AssetsBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Join [ ".", [ !Ref 'AWS::StackName', 'assets' ] ]
CorsConfiguration:
CorsRules:
- AllowedHeaders: ['*']
AllowedMethods: [GET,PUT,POST,DELETE,HEAD]
AllowedOrigins: ['http://localhost*']
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
WebBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Join [ ".", [ !Ref 'AWS::StackName', 'web' ] ]
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
WebsiteConfiguration:
IndexDocument: 'index.html'
ErrorDocument: 'index.html'
Parameters:
ArtefactRepositoryBucket:
Type: String
Description: 'S3 bucket for the blog artefact zip'
ArtefactRepositoryKeyPrefix:
Type: String
Description: 'S3 key prefix for the blog artefact zip'
CodeVersion:
Type: String
Description: 'Asset version (either just major.minor.patch, or major.minor.patch-SNAPSHOT)'
SaveArticleHandler:
Type: String
Default: 'com.zenithwebfoundry.blog.api.SaveArticleHandler'
GetArticleHandler:
Type: String
Default: 'com.zenithwebfoundry.blog.api.GetArticleHandler'
ListArticlesHandler:
Type: String
Default: 'com.zenithwebfoundry.blog.api.ListArticlesHandler'
ParamDnsDomain:
Description: "Public DNS Zone Name"
Type: String
Default: 'zenithwebfoundry.com'
Outputs:
ArticleEndpoint:
Value: !Join ["", ['https://', !Ref BlogRestApi, '.execute-api.ap-southeast-2.', !Ref 'AWS::URLSuffix', '/', !Ref BAGDeploymentStageProdArticle, '/'] ]
我遇到困难的部分是 AWS::Route53::RecordSetGroup,特别是 blogapi.zenithwebfoundry.com 的条目。本质上,RecordSetGroup 上的堆栈创建失败,并出现以下错误:
[RRSet with DNS name blogapi.zenithwebfoundry.com., type A contains an alias target that contains a hosted zone 108086391059049046 that is an invalid alias target., Tried to create an alias that targets z2fdtndataqyw2., type A in zone Z08366712O4E48ODE3XHX, but the alias target name does not lie within the target zone]
我尝试了各种排列,包括尝试使用我在此处设置的 HostedZone:
BlogAPIHostedZone:
Type: AWS::Route53::HostedZone
Properties:
Name: !Ref BlogAPIDomainName
希望这能提供有效的引用,但是,它因不同的错误而失败,本质上是说该记录不存在。
所以我想知道如何使用指向 API Gateway 的别名设置记录集。我见过很多 AWS doco,但它似乎转向区域 API 网关端点(我认为这是一个特殊情况),或者纯粹的控制台风格的指令,它在 RecordSetGroup 之前创建一个 HostedZoneId(允许您对值进行硬编码)。但是如何通过 CloudFormation 模板来做到这一点。
PS:没有 serverless.com 回答 - 这纯粹是关于 AWS CloudFormation 和通过 AWS CLI 部署堆栈。我只对与之相关的答案感兴趣。
编辑根据建议,我改变了:
DNSName: !Ref BlogAPIDomainName
至:
DNSName: !GetAtt [BlogAPIDomainName, DistributionDomainName]
部署实际完成。所以谢谢你。
最佳答案
谢谢迈克尔。这有帮助。以下是 CloudFormation 配置的相关摘录,可帮助我为 REST API 设置自定义域。
(REST API 通过 CloudFront 分发,具有以下两个类型 A 和 AAAA 的 DNS 路由记录,用于将自定义子域连接到 CloudFront 分发。)
DeliveryApi:
Type: AWS::ApiGateway::RestApi
Properties:
EndpointConfiguration:
Types:
- EDGE
DeliveryApiDomainName:
Type: 'AWS::ApiGateway::DomainName'
Properties:
CertificateArn: # Your existing certificate created in the us-east-1 zone, such as arn:aws:acm:us-east-1:829756507488:certificate/23ac8121-f032-4aa7-b013-2d8c7b7c8247
DomainName: api.example.com
EndpointConfiguration:
Types:
- EDGE
DeliveryApiBasePathMapping:
Type: 'AWS::ApiGateway::BasePathMapping'
Properties:
DomainName: !Ref DeliveryApiDomainName
RestApiId: !Ref DeliveryApi
Stage: 'prod'
DeliveryApiRoute53RecordSetGroup:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: # Your existing Route 53 hosted zone, such as ZOLE12725GFJ
RecordSets:
- Name: api.example.com. # Your chosen subdomain
Type: A
AliasTarget:
HostedZoneId: !GetAtt DeliveryApiDomainName.DistributionHostedZoneId
DNSName: !GetAtt DeliveryApiDomainName.DistributionDomainName
- Name: api.example.com.
Type: AAAA
AliasTarget:
HostedZoneId: !GetAtt DeliveryApiDomainName.DistributionHostedZoneId
DNSName: !GetAtt DeliveryApiDomainName.DistributionDomainName
关于amazon-web-services - 将 Route53 记录集正确的 CloudFormation 发送到 API 网关,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61511520/
28
4
0
您好,如果没有身份验证,我尝试保护路由,但它不起作用 警告:您不应在同一个 route 使用路线组件和路线渲染;路线渲染将被忽略 App.js import React, { Fragment,
几乎我见过的每个示例,app.js 都使用 require 和路径 ./。我想知道为什么我们不能只使用 /。例如,为什么我们不能执行以下操作。 var express = require('expre
如果router.all()只匹配所有方法,是否可以用router.use()代替?router.use() 和 router.route() 之间有什么区别? 最佳答案 router.all:这意味
在我的 Symfony应用程序我想根据当前用户的文化选择 routing.yml; 'en' => routing.en.yml 'no' => routing.no.yml 等等。 关于如何做到这一
我正在使用 React Router v6 并为我的应用程序创建私有(private)路由。 在文件 PrivateRoute.js 中,我有代码 import React from 'react';
这个问题在这里已经有了答案: Error "Error: A is only ever to be used as the child of element" (14 个回答) Error: [P
我正在关注 Ember Quick Start guide (ember-cli v 2.11),并按照说明构建玩具应用程序。在“定义路线”部分,说明说要运行命令 ember generate rou
这个问题在这里已经有了答案: ReactJS: [Home] is not a component. All component children of must be a or (5 个答
这个问题在这里已经有了答案: ReactJS: [Home] is not a component. All component children of must be a or (5 个答
单击“开始测验”按钮时,我试图导航到“/quiz”。 但是,当我编译我的代码时,我在网站应用程序上收到以下错误:[Home] is not a component. All component ch
我有一点咸菜。我正在使用路由保护(实现 CanActivate 接口(interface))来检查用户是否被授予访问特定路由的权限: const routes: Routes = [ {
我正在尝试测试我的应用程序正在使用的引擎内部的 Controller 。规范不在引擎中,而是在应用程序本身中(我试图在引擎中进行测试,但也遇到了问题)。 我的引擎有以下 routes.rb: Revi
我是Remix的新手,我正在尝试使用V2路由方法实现特定的路由解决方案。。这是一个人为的例子,不是真实的东西,只是为了说明这一点。。我想要的URL方案是:。我从以下几条路线开始:。App/routes
我正在尝试从 rails 2.3.x(使用 subdomain_routes 插件)转换一些子域路由,如下所示: map.subdomain :biz do |biz| biz.resources
我将 Symfony 的 3.1 路由组件用作独立组件。 我想调试路由。 据此: http://symfony.com/doc/current/routing/debug.html 这是通过运行以下命
我是 Sparkjava 的新手,总体上喜欢它。但是,是否必须在 main 方法中定义新的路由/端点?对于任何重要的 Web 应用程序,这将导致一个非常长的 main 方法,或者我需要有多个 main
我刚刚使用node.js 和express.js 开发了一个原型(prototype)。在这里,我使用了 Express 路由来对后端进行 CRUD。 server.js 文件: app.get('/
我不明白 Angular 4 中路由的一些基本概念。 index.html: 文件结构: - app |- app.routings.ts |- collections |-- collection
我在反应路线和理解合成路线方面遇到了一些困难。我尝试了一些代码,但不幸的是,它不能像预期的那样工作。“/”路径运行得很好,但是,当我尝试访问“/Child”时,它似乎不起作用。我认为包装器路由}/>可
我正在尝试使用 cakephp 3 实现 REST api。 为了给我的问题提供一个易于重现的示例,我从全新安装 cakephp 3.1.11 开始。 在 config/routes.php 中,我添
我是一名优秀的程序员,十分优秀!