为什么在 Terraform aws_route53_record 中出现错误“别名目标名称不在目标区域内”?
[英]Why error, "alias target name does not lie within the target zone" in Terraform aws_route53_record?
问题描述
With Terraform 0.12, I am creating a static web site in an S3 bucket:
使用 Terraform 0.12,我在 S3 存储桶中创建了一个 static web 站点:
...
resource "aws_s3_bucket" "www" {
bucket = "example.com"
acl = "public-read"
policy = <<-POLICY
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource": ["arn:aws:s3:::example.com/*"]
}]
}
POLICY
website {
index_document = "index.html"
error_document = "404.html"
}
tags = {
Environment = var.environment
Terraform = "true"
}
}
resource "aws_route53_zone" "main" {
name = "example.com"
tags = {
Environment = var.environment
Terraform = "true"
}
}
resource "aws_route53_record" "main-ns" {
zone_id = aws_route53_zone.main.zone_id
name = "example.com"
type = "A"
alias {
name = aws_s3_bucket.www.website_endpoint
zone_id = aws_route53_zone.main.zone_id
evaluate_target_health = false
}
}
I get the error:我收到错误:
Error: [ERR]: Error building changeset: InvalidChangeBatch:
[Tried to create an alias that targets example.com.s3-website-us-west-2.amazonaws.com., type A in zone Z1P...9HY, but the alias target name does not lie within the target zone,
Tried to create an alias that targets example.com.s3-website-us-west-2.amazonaws.com., type A in zone Z1P...9HY, but that target was not found]
status code: 400, request id: 35...bc
on main.tf line 132, in resource "aws_route53_record" "main-ns":
132: resource "aws_route53_record" "main-ns" {
What is wrong?怎么了?
2 个解决方案
解决方案1
17 已采纳 2020-01-03 19:44:22
The zone_id within alias is the S3 bucket zone ID, not the Route 53 zone ID. alias的zone_id是 S3 存储桶区域 ID,而不是 Route 53 区域 ID。 The correct aws_route53_record resource is:正确的aws_route53_record资源是:
resource "aws_route53_record" "main-ns" {
zone_id = aws_route53_zone.main.zone_id
name = "example.com"
type = "A"
alias {
name = aws_s3_bucket.www.website_endpoint
zone_id = aws_s3_bucket.www.hosted_zone_id # Corrected
evaluate_target_health = false
}
}
Here is an example for CloudFront.这是 CloudFront 的示例。 The variables are:变量是:
base_url = example.com
cloudfront_distribution = "EXXREDACTEDXXX"
domain_names = ["example.com", "www.example.com"]
The Terraform code is: Terraform 代码是:
data "aws_route53_zone" "this" {
name = var.base_url
}
data "aws_cloudfront_distribution" "this" {
id = var.cloudfront_distribution
}
resource "aws_route53_record" "this" {
for_each = toset(var.domain_names)
zone_id = data.aws_route53_zone.this.zone_id
name = each.value
type = "A"
alias {
name = data.aws_cloudfront_distribution.this.domain_name
zone_id = data.aws_cloudfront_distribution.this.hosted_zone_id
evaluate_target_health = false
}
}
Many users specify CloudFront zone_id = "Z2FDTNDATAQYW2" because it's always Z2FDTNDATAQYW2 ...until some day maybe it isn't.许多用户指定 CloudFront zone_id = "Z2FDTNDATAQYW2"因为它总是Z2FDTNDATAQYW2 ...直到有一天可能不是。 I like to avoid the literal string by computing it using data source aws_cloudfront_distribution .我喜欢通过使用数据源aws_cloudfront_distribution计算它来避免文字字符串。
解决方案2
0 2022-03-30 04:46:32
For anyone like me that came here from Google in hope to find the syntax for the CloudFormation and YML, Here is how you can achieve it for your sub-domains.对于像我这样从谷歌来到这里希望找到 CloudFormation 和 YML 语法的人,这里是你如何为你的子域实现它。
Here we add a DNS record into the Route53 and redirect all the su.nets of example.com to this ALB:这里我们在 Route53 中添加一条 DNS 记录,并将 example.com 的所有 su.net 重定向到这个 ALB:
AlbDnsRecord:
Type: "AWS::Route53::RecordSet"
DependsOn: [ALB_LOGICAL_ID]
Properties:
HostedZoneName: "example.com."
Type: "A"
Name: "*.example.com."
AliasTarget:
DNSName: !GetAtt [ALB_LOGICAL_ID].DNSName
EvaluateTargetHealth: False
HostedZoneId: !GetAtt [ALB_LOGICAL_ID].CanonicalHostedZoneID
Comment: "A record for Stages ALB"
My mistakes was:我的错误是:
- not adding
.不添加.at the end of myHostedZoneName在我的HostedZoneName - under
AliasTarget.HostedZoneIdID is al uppercase in the end ofCanonicalHostedZoneIDAliasTarget.HostedZoneId下的 ID 是CanonicalHostedZoneID末尾的 al 大写 - replace the
[ALB_LOGICAL_ID]with the actual name of your ALB, for me it was like:ALBStages.DNSName将[ALB_LOGICAL_ID]替换为您的 ALB 的实际名称,对我来说就像:ALBStages.DNSName - You should have the zone in your Route53.您的 Route53 中应该有该区域。
So for us all the below addresses will come to this ALB:因此,对于我们来说,以下所有地址都将进入此 ALB:
- dev01.example.com dev01.example.com
- dev01api.example.com dev01api.example.com
- dev02.example.com dev02.example.com
- dev02api.example.com dev02api.example.com
- qa01.example.com qa01.example.com
- qa01api.example.com qa01api.example.com
- qa02.example.com qa02.example.com
- qa02api.example.com qa02api.example.com
- uat.example.com uat.example.com
- uatapi.example.com uatapi.example.com
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.