如何将策略记录替换为指向 CloudFront 分配的简单 A 记录而不会中断流量?

【问题标题】:How do I replace a Policy Record with a simple A record that points to a CloudFront Distribution without traffic interruption?如何将策略记录替换为指向 CloudFront 分配的简单 A 记录而不会中断流量?
【发布时间】:2021-01-03 11:00:47
【问题描述】:

我的第一个问题是,最好的方法是什么?在我看来,不中断流量的唯一方法是通过 AWS CLI,但如果有更简单的方法,我会全力以赴!如果 CLI 是执行此操作的方法,我会遇到以下命令的问题:

aws route53 change-resource-record-sets --hosted-zone-id XXXXXXXXXXXX --change-batch file://update-record.json

update-record.json 包含以下内容:

{
  "Comment": "Swaps the Policy Record for a simple routing policy",
  "Changes": [
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "www.example.com",
        "Type": "A",
        "AliasTarget": {
          "HostedZoneId": "XXXXXXXXXXXX",
          "DNSName": "xxxxxxxxxxxxx.cloudfront.net",
          "EvaluateTargetHealth": false
        }
      }
    }
  ]
}

我得到的错误是:

An error occurred (InvalidChangeBatch) when calling the ChangeResourceRecordSets operation: [Tried to create an alias that targets xxxxxxxxxxxxx.cloudfront.net., type A in zone XXXXXXXXXXXX, but the alias target name does not lie within the target zone, Tried to create an alias that targets xxxxxxxxxxxxx.cloudfront.net., type A in zone XXXXXXXXXXXX, but that target was not found]

帐户中记录的托管区域 ID 是准确的,分配 DNS 名称也是如此。记录名称www.example.com 也存在于帐户中。该分发的备用域名 (CNAME) 为 www.example.com

我也尝试将更改作为删除和创建,而不是upsert

{
  "Comment": "Swaps the Policy Record for a simple routing policy",
  "Changes": [
    {
      "Action": "DELETE",
      "ResourceRecordSet": {
        "Name": "www.example.com.",
        "Type": "A",
        "TrafficPolicyInstanceId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
      }
    },
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "www.example.com.",
        "Type": "A",
        "AliasTarget": {
          "HostedZoneId": "XXXXXXXXXXXX",
          "DNSName": "xxxxxxxxxxxxx.cloudfront.net",
          "EvaluateTargetHealth": false
        }
      }
    }
  ]
}

分两步执行此操作会产生相同的错误消息。

【问题讨论】:

    标签: amazon-cloudfront aws-cli amazon-route53


    【解决方案1】:

    Route 53 中的每个域和子域都被视为“托管区域”,因此具有“托管区域 ID”。但是,虽然change-resource-record-sets documentation 很广泛,但指向 CloudFront 分配的别名记录并不是很清楚。我必须深入挖掘,并专门查看 AliasTarget 周围的文档。在那里,文档指出:

    Specify Z2FDTNDATAQYW2. This is always the hosted zone ID when you create an alias record that routes traffic to a CloudFront distribution.

    这意味着即使我试图在托管区域中创建一个 ID 为 XXXXXXXXXXXX 的别名记录,用于any的 ID 指向 any CloudFront 分配是Z2FDTNDATAQYW2。将update-record.json 更改为以下作品:

    {
  "Comment": "Swaps the Policy Record for a simple routing policy",
  "Changes": [
    {
      "Action": "DELETE",
      "ResourceRecordSet": {
        "Name": "www.example.com.",
        "Type": "A",
        "TrafficPolicyInstanceId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
      }
    },
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "www.example.com.",
        "Type": "A",
        "AliasTarget": {
          "HostedZoneId": "Z2FDTNDATAQYW2",
          "DNSName": "xxxxxxxxxxxxx.cloudfront.net",
          "EvaluateTargetHealth": false
        }
      }
    }
  ]
}

    change-resource-record-set 的身份执行此操作可防止流量中断,因为:

    Change batches are considered transactional changes. Route 53 validates the changes in the request and then either makes all or none of the changes in the change batch request. This ensures that DNS routing isn't adversely affected by partial changes to the resource record sets in a hosted zone.

    【讨论】:

    • 这节省了我的时间?
    猜你喜欢
    • 2011-02-26
    • 2021-07-05
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2020-03-31
    • 2015-08-19
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode