通过 CloudFormation 创建 HostedZone 和证书

Creating HostedZone and Certificate though CloudFormation

提问人:Androme 提问时间:5/25/2023 最后编辑:Androme 更新时间:5/25/2023 访问量:53

问:

我正在尝试通过 CloudFormation 创建我的 HostedZone 和证书,我在其他地方有域,但名称服务器指向 AWS 名称服务器。

它创建 HostedZone 和证书,但在验证时停止。使用下面的配置,它会在创建验证 DNS 时停滞不前,我可以看到它们从未创建过 CNAME。通过此状态消息Content of DNS Record is: {Name: _13ad388109470e17c9190af7767d2c30.example.com.,Type: CNAME,Value: _86b5f3453e00b7b75888d286f7420a02.dnzkjbsjxj.acm-validations.aws.}

我还尝试使用“HostedZoneID:!Ref HostedZone“,但随后失败并出现错误:[The request contains an invalid set of changes for a resource record set 'CNAME _13ad388109470e17c9190af7767d2c30.example.com.'] (Service: AmazonRoute53; Status Code: 400; Error Code: InvalidChangeBatch; Request ID: eed1102a-c1a3-4dbd-b69b-20dc4ebf838a; Proxy: null)

Parameters:
  TopLevelDomain:
    Type: String
    Description: The top-level domain to use

Resources:

  HostedZone:
    Type: 'AWS::Route53::HostedZone'
    Properties:
      Name: !Sub '${TopLevelDomain}.'

  Certificate:
    Type: 'AWS::CertificateManager::Certificate'
    DependsOn: HostedZone
    Properties:
      DomainName: !Ref TopLevelDomain
      ValidationMethod: DNS
      SubjectAlternativeNames:
        - !Sub '*.${TopLevelDomain}'
        - !Sub '*.portal.${TopLevelDomain}'
        - !Sub '*.tenant.${TopLevelDomain}'
        - !Sub '*.owner.${TopLevelDomain}'
        - !Sub '*.vendor.${TopLevelDomain}'
      DomainValidationOptions:
        - DomainName: !Ref TopLevelDomain
          ValidationDomain: !Ref TopLevelDomain
        - DomainName: !Sub '*.${TopLevelDomain}'
          ValidationDomain: !Ref TopLevelDomain
        - DomainName: !Sub '*.portal.${TopLevelDomain}'
          ValidationDomain: !Ref TopLevelDomain
        - DomainName: !Sub '*.tenant.${TopLevelDomain}'
          ValidationDomain: !Ref TopLevelDomain
        - DomainName: !Sub '*.owner.${TopLevelDomain}'
          ValidationDomain: !Ref TopLevelDomain
        - DomainName: !Sub '*.vendor.${TopLevelDomain}'
          ValidationDomain: !Ref TopLevelDomain

  MxRecordSet:
    Type: 'AWS::Route53::RecordSet'
    DependsOn: HostedZone
    Properties:
      HostedZoneId: !Ref HostedZone
      Name: !Sub '${TopLevelDomain}.'
      Type: MX
      TTL: '300'
      ResourceRecords:
        - '1 aspmx.l.google.com'
        - '10 aspmx2.googlemail.com'
        - '10 aspmx3.googlemail.com'
        - '5 alt1.aspmx.l.google.com'
        - '5 alt2.aspmx.l.google.com'

Outputs:
  CertificateArn:
    Description: 'The ARN of the certificate'
    Value: !Ref Certificate
    Export:
      Name: CertificateArn

  HostedZoneId:
    Description: 'The ID of the Hosted Zone'
    Value: !Ref HostedZone
    Export:
      Name: HostedZoneId

改用 HostedZoneId:

Parameters:
  TopLevelDomain:
    Type: String
    Description: The top-level domain to use

Resources:

  HostedZone:
    Type: 'AWS::Route53::HostedZone'
    Properties:
      Name: !Sub '${TopLevelDomain}.'

  Certificate:
    Type: 'AWS::CertificateManager::Certificate'
    DependsOn: HostedZone
    Properties:
      DomainName: !Ref TopLevelDomain
      ValidationMethod: DNS
      SubjectAlternativeNames:
        - !Sub '*.${TopLevelDomain}'
        - !Sub '*.portal.${TopLevelDomain}'
        - !Sub '*.tenant.${TopLevelDomain}'
        - !Sub '*.owner.${TopLevelDomain}'
        - !Sub '*.vendor.${TopLevelDomain}'
      DomainValidationOptions:
        - DomainName: !Ref TopLevelDomain
          HostedZoneId: !Ref HostedZone
        - DomainName: !Sub '*.${TopLevelDomain}'
          HostedZoneId: !Ref HostedZone
        - DomainName: !Sub '*.portal.${TopLevelDomain}'
          HostedZoneId: !Ref HostedZone
        - DomainName: !Sub '*.tenant.${TopLevelDomain}'
          HostedZoneId: !Ref HostedZone
        - DomainName: !Sub '*.owner.${TopLevelDomain}'
          HostedZoneId: !Ref HostedZone
        - DomainName: !Sub '*.vendor.${TopLevelDomain}'
          HostedZoneId: !Ref HostedZone

  MxRecordSet:
    Type: 'AWS::Route53::RecordSet'
    DependsOn: HostedZone
    Properties:
      HostedZoneId: !Ref HostedZone
      Name: !Sub '${TopLevelDomain}.'
      Type: MX
      TTL: '300'
      ResourceRecords:
        - '1 aspmx.l.google.com'
        - '10 aspmx2.googlemail.com'
        - '10 aspmx3.googlemail.com'
        - '5 alt1.aspmx.l.google.com'
        - '5 alt2.aspmx.l.google.com'

Outputs:
  CertificateArn:
    Description: 'The ARN of the certificate'
    Value: !Ref Certificate
    Export:
      Name: CertificateArn

  HostedZoneId:
    Description: 'The ID of the Hosted Zone'
    Value: !Ref HostedZone
    Export:
      Name: HostedZoneId

我尝试删除大多数子域,只有 example.com 和 *.example.com,这会导致同样的问题。但是,如果我没有替代域并且只有 exmaple.com 它就可以工作。

  Certificate:
    Type: 'AWS::CertificateManager::Certificate'
    DependsOn: HostedZone
    Properties:
      DomainName: !Ref TopLevelDomain
      ValidationMethod: DNS
      DomainValidationOptions:
        - DomainName: !Ref TopLevelDomain
          HostedZoneId: !Ref HostedZone
aws-cloudformation aws-证书管理器

评论

答: 暂无答案

上一个:如何让 AWS CloudFront 站点公开解析?

下一个:将 WSO2 Api Manager 与证书管理器集成