[英]AWS CDK route 53 + certificate configuration not working for www subdomain
[英]AWS CDK - Logical ID keeps changing for HttpsRedirect (aws-route53-patterns)
我遇到了一个问题,我有一个堆栈使用来自aws-route53-patterns
HttpsRedirect
它是我的 Codepipeline 的一部分,每次我发布更改(即使没有更改任何代码)时,都会重新创建逻辑 ID,并且不同(我认为这不应该发生)。
我的所有其他堆栈都正常运行,但似乎 HttpsRedirect 构造每次都获得一个新的逻辑 ID,然后失败,因为 Route53 记录它试图创建一个已经存在的资源。
这是我的堆栈:
export class CdnStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const domainName = ssm.StringParameter.valueForStringParameter(
this,
`/env/domainName`,
1
);
const hostedZoneId = ssm.StringParameter.valueForStringParameter(
this,
`/env/hostedZoneId`,
1
);
const wwwDomainName = `www.${domainName}`;
const redirect = new HttpsRedirect(this, "HttpsRedirectToWww", {
recordNames: [domainName],
targetDomain: wwwDomainName,
zone: route53.HostedZone.fromHostedZoneAttributes(this, "HostedZone", {
hostedZoneId,
zoneName: domainName,
}),
});
}
}
如果有帮助, 这里是上下文中的代码。
任何帮助表示赞赏!
我试图手动更新逻辑 ID,但无法弄清楚 HttpsRedirect 构造的接口。
看起来它正在为每个域创建一个 hash,因为我使用令牌,所以它会在每次更新/部署时发生变化。 由于我使用valueForStringParameter
,它每次都有一个不同的标记,它也被散列为一个新值。
这是导致问题的 package 的源代码:
domainNames.forEach((domainName) => {
const hash = md5hash(domainName).slice(0, 6);
const aliasProps = {
recordName: domainName,
zone: props.zone,
target: RecordTarget.fromAlias(new CloudFrontTarget(redirectDist)),
};
new ARecord(this, `RedirectAliasRecord${hash}`, aliasProps);
new AaaaRecord(this, `RedirectAliasRecordSix${hash}`, aliasProps);
});
这是 cdk 中 package 的链接,以防它发生变化。
所以我的解决方法是在本地手动创建模式,它看起来像这样以防万一有人需要它:
export class CdnStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const domainName = ssm.StringParameter.valueForStringParameter(
this,
`/env/domainName`,
1
);
const hostedZoneId = ssm.StringParameter.valueForStringParameter(
this,
`/env/hostedZoneId`,
1
);
const wwwDomainName = `www.${domainName}`;
const zone = route53.HostedZone.fromHostedZoneAttributes(this, "MyZone", {
hostedZoneId,
zoneName: domainName,
});
const certificate = new acm.DnsValidatedCertificate(this, "Certificate", {
domainName,
subjectAlternativeNames: [`*.${domainName}`],
hostedZone: zone,
region: "us-east-1",
});
const redirectBucket = new s3.Bucket(this, "RedirectBucket", {
websiteRedirect: {
hostName: wwwDomainName,
protocol: s3.RedirectProtocol.HTTPS,
},
removalPolicy: cdk.RemovalPolicy.DESTROY,
blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
});
const redirectDist = new cloudfront.CloudFrontWebDistribution(
this,
"RedirectDistribution",
{
defaultRootObject: "",
originConfigs: [
{
behaviors: [{ isDefaultBehavior: true }],
customOriginSource: {
domainName: redirectBucket.bucketWebsiteDomainName,
originProtocolPolicy: cloudfront.OriginProtocolPolicy.HTTP_ONLY,
},
},
],
viewerCertificate: cloudfront.ViewerCertificate.fromAcmCertificate(
certificate,
{
aliases: [domainName],
}
),
comment: `Redirect to ${wwwDomainName} from ${domainName}`,
priceClass: cloudfront.PriceClass.PRICE_CLASS_ALL,
viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
}
);
const redirectRecordProps = {
zone,
recordName: domainName,
target: route53.RecordTarget.fromAlias(
new targets.CloudFrontTarget(redirectDist)
),
};
new route53.ARecord(this, "ARedirectAliasRecord", redirectRecordProps);
new route53.AaaaRecord(
this,
"AaaaRedirectAliasRecord",
redirectRecordProps
);
}
希望它能帮助其他陷入类似模式的人。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.