【问题标题】:Why error, "alias target name does not lie within the target zone" in Terraform aws_route53_record?为什么在 Terraform aws_route53_record 中出现错误,“别名目标名称不在目标区域内”?
【发布时间】:2020-04-22 08:44:27
【问题描述】:

使用 Terraform 0.12,我正在 S3 存储桶中创建一个静态网站:

...

resource "aws_s3_bucket" "www" {
  bucket = "example.com"
  acl    = "public-read"
  policy = <<-POLICY
    {
      "Version": "2012-10-17",
      "Statement": [{
        "Sid": "AddPerm",
        "Effect": "Allow",
        "Principal": "*",
        "Action": ["s3:GetObject"],
        "Resource": ["arn:aws:s3:::example.com/*"]
      }]
    }
    POLICY
  website {
    index_document = "index.html"
    error_document = "404.html"
  }

  tags = {
    Environment = var.environment
    Terraform = "true"
  }
}

resource "aws_route53_zone" "main" {
  name = "example.com"

  tags = {
    Environment = var.environment
    Terraform = "true"
  }
}

resource "aws_route53_record" "main-ns" {
  zone_id = aws_route53_zone.main.zone_id
  name    = "example.com"
  type    = "A"
  alias {
    name                   = aws_s3_bucket.www.website_endpoint
    zone_id                = aws_route53_zone.main.zone_id
    evaluate_target_health = false
  }
}

我得到错误:

Error: [ERR]: Error building changeset: InvalidChangeBatch:
[Tried to create an alias that targets example.com.s3-website-us-west-2.amazonaws.com., type A in zone Z1P...9HY, but the alias target name does not lie within the target zone, 
 Tried to create an alias that targets example.com.s3-website-us-west-2.amazonaws.com., type A in zone Z1P...9HY, but that target was not found]
    status code: 400, request id: 35...bc

  on main.tf line 132, in resource "aws_route53_record" "main-ns":
 132: resource "aws_route53_record" "main-ns" {

怎么了?

【问题讨论】:

    标签: amazon-route53 terraform-provider-aws


    【解决方案1】:

    alias 中的 zone_id 是 S3 存储桶区域 ID,而不是 Route 53 区域 ID。正确的aws_route53_record 资源是:

    resource "aws_route53_record" "main-ns" {
      zone_id = aws_route53_zone.main.zone_id
      name    = "example.com"
      type    = "A"
      alias {
        name                   = aws_s3_bucket.www.website_endpoint
        zone_id                = aws_s3_bucket.www.hosted_zone_id    # Corrected
        evaluate_target_health = false
      }
    }
    

    这是 CloudFront 的示例。变量是:

    base_url = example.com
    cloudfront_distribution = "EXXREDACTEDXXX"
    domain_names = ["example.com", "www.example.com"]
    

    Terraform 代码是:

    data "aws_route53_zone" "this" {
      name = var.base_url
    }
    
    data "aws_cloudfront_distribution" "this" {
      id = var.cloudfront_distribution
    }
    
    resource "aws_route53_record" "this" {
      for_each = toset(var.domain_names)
      zone_id = data.aws_route53_zone.this.zone_id
      name = each.value
      type = "A"
      alias {
        name    = data.aws_cloudfront_distribution.this.domain_name
        zone_id = data.aws_cloudfront_distribution.this.hosted_zone_id
        evaluate_target_health = false
      }
    }
    

    许多用户指定 CloudFront zone_id = "Z2FDTNDATAQYW2",因为它始终是 Z2FDTNDATAQYW2...直到有一天它可能不是。我喜欢通过使用数据源aws_cloudfront_distribution 计算来避免文字字符串。

    【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2018-01-29
    • 1970-01-01
    • 2021-01-14
    • 1970-01-01
    相关资源
    最近更新 更多