为什么错误,Terraform aws_route53_record 中的 "alias target name does not lie within the target zone"?
Why error, "alias target name does not lie within the target zone" in Terraform aws_route53_record?
使用 Terraform 0.12,我在 S3 存储桶中创建静态网站:
...
resource "aws_s3_bucket" "www" {
bucket = "example.com"
acl = "public-read"
policy = <<-POLICY
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource": ["arn:aws:s3:::example.com/*"]
}]
}
POLICY
website {
index_document = "index.html"
error_document = "404.html"
}
tags = {
Environment = var.environment
Terraform = "true"
}
}
resource "aws_route53_zone" "main" {
name = "example.com"
tags = {
Environment = var.environment
Terraform = "true"
}
}
resource "aws_route53_record" "main-ns" {
zone_id = aws_route53_zone.main.zone_id
name = "example.com"
type = "A"
alias {
name = aws_s3_bucket.www.website_endpoint
zone_id = aws_route53_zone.main.zone_id
evaluate_target_health = false
}
}
我收到错误:
Error: [ERR]: Error building changeset: InvalidChangeBatch:
[Tried to create an alias that targets example.com.s3-website-us-west-2.amazonaws.com., type A in zone Z1P...9HY, but the alias target name does not lie within the target zone,
Tried to create an alias that targets example.com.s3-website-us-west-2.amazonaws.com., type A in zone Z1P...9HY, but that target was not found]
status code: 400, request id: 35...bc
on main.tf line 132, in resource "aws_route53_record" "main-ns":
132: resource "aws_route53_record" "main-ns" {
怎么了?
alias 中的 zone_id 是 S3 存储桶区域 ID,而不是 Route 53 区域 ID。正确的 aws_route53_record 资源是:
resource "aws_route53_record" "main-ns" {
zone_id = aws_route53_zone.main.zone_id
name = "example.com"
type = "A"
alias {
name = aws_s3_bucket.www.website_endpoint
zone_id = aws_s3_bucket.www.hosted_zone_id # Corrected
evaluate_target_health = false
}
}
这是 CloudFront 的示例。变量是:
base_url = example.com
cloudfront_distribution = "EXXREDACTEDXXX"
domain_names = ["example.com", "www.example.com"]
Terraform 代码是:
data "aws_route53_zone" "this" {
name = var.base_url
}
data "aws_cloudfront_distribution" "this" {
id = var.cloudfront_distribution
}
resource "aws_route53_record" "this" {
for_each = toset(var.domain_names)
zone_id = data.aws_route53_zone.this.zone_id
name = each.value
type = "A"
alias {
name = data.aws_cloudfront_distribution.this.domain_name
zone_id = data.aws_cloudfront_distribution.this.hosted_zone_id
evaluate_target_health = false
}
}
许多用户指定 CloudFront zone_id = "Z2FDTNDATAQYW2" 因为它总是 Z2FDTNDATAQYW2...直到有一天它可能不是。我喜欢通过使用数据源 aws_cloudfront_distribution.
计算它来避免文字字符串
对于像我这样从 Google 来到这里希望找到 CloudFormation 和 YML 语法的人来说,这里是你如何为你的 sub-domains.
实现它
这里我们在 Route53 中添加一条 DNS 记录,并将 example.com 的所有子网重定向到此 ALB:
AlbDnsRecord:
Type: "AWS::Route53::RecordSet"
DependsOn: [ALB_LOGICAL_ID]
Properties:
HostedZoneName: "example.com."
Type: "A"
Name: "*.example.com."
AliasTarget:
DNSName: !GetAtt [ALB_LOGICAL_ID].DNSName
EvaluateTargetHealth: False
HostedZoneId: !GetAtt [ALB_LOGICAL_ID].CanonicalHostedZoneID
Comment: "A record for Stages ALB"
我的错误是:
- 没有在我的
HostedZoneName 末尾添加 .
AliasTarget.HostedZoneId下ID在CanonicalHostedZoneID- 用您的 ALB 的实际名称替换
[ALB_LOGICAL_ID],对我来说就像:ALBStages.DNSName
- 您的 Route53 中应该有区域。
所以对于我们来说,以下所有地址都将进入此 ALB:
- dev01.example.com
- dev01api.example.com
- dev02.example.com
- dev02api.example.com
- qa01.example.com
- qa01api.example.com
- qa02.example.com
- qa02api.example.com
- uat.example.com
- uatapi.example.com
使用 Terraform 0.12,我在 S3 存储桶中创建静态网站:
...
resource "aws_s3_bucket" "www" {
bucket = "example.com"
acl = "public-read"
policy = <<-POLICY
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource": ["arn:aws:s3:::example.com/*"]
}]
}
POLICY
website {
index_document = "index.html"
error_document = "404.html"
}
tags = {
Environment = var.environment
Terraform = "true"
}
}
resource "aws_route53_zone" "main" {
name = "example.com"
tags = {
Environment = var.environment
Terraform = "true"
}
}
resource "aws_route53_record" "main-ns" {
zone_id = aws_route53_zone.main.zone_id
name = "example.com"
type = "A"
alias {
name = aws_s3_bucket.www.website_endpoint
zone_id = aws_route53_zone.main.zone_id
evaluate_target_health = false
}
}
我收到错误:
Error: [ERR]: Error building changeset: InvalidChangeBatch:
[Tried to create an alias that targets example.com.s3-website-us-west-2.amazonaws.com., type A in zone Z1P...9HY, but the alias target name does not lie within the target zone,
Tried to create an alias that targets example.com.s3-website-us-west-2.amazonaws.com., type A in zone Z1P...9HY, but that target was not found]
status code: 400, request id: 35...bc
on main.tf line 132, in resource "aws_route53_record" "main-ns":
132: resource "aws_route53_record" "main-ns" {
怎么了?
alias 中的 zone_id 是 S3 存储桶区域 ID,而不是 Route 53 区域 ID。正确的 aws_route53_record 资源是:
resource "aws_route53_record" "main-ns" {
zone_id = aws_route53_zone.main.zone_id
name = "example.com"
type = "A"
alias {
name = aws_s3_bucket.www.website_endpoint
zone_id = aws_s3_bucket.www.hosted_zone_id # Corrected
evaluate_target_health = false
}
}
这是 CloudFront 的示例。变量是:
base_url = example.com
cloudfront_distribution = "EXXREDACTEDXXX"
domain_names = ["example.com", "www.example.com"]
Terraform 代码是:
data "aws_route53_zone" "this" {
name = var.base_url
}
data "aws_cloudfront_distribution" "this" {
id = var.cloudfront_distribution
}
resource "aws_route53_record" "this" {
for_each = toset(var.domain_names)
zone_id = data.aws_route53_zone.this.zone_id
name = each.value
type = "A"
alias {
name = data.aws_cloudfront_distribution.this.domain_name
zone_id = data.aws_cloudfront_distribution.this.hosted_zone_id
evaluate_target_health = false
}
}
许多用户指定 CloudFront zone_id = "Z2FDTNDATAQYW2" 因为它总是 Z2FDTNDATAQYW2...直到有一天它可能不是。我喜欢通过使用数据源 aws_cloudfront_distribution.
对于像我这样从 Google 来到这里希望找到 CloudFormation 和 YML 语法的人来说,这里是你如何为你的 sub-domains.
实现它这里我们在 Route53 中添加一条 DNS 记录,并将 example.com 的所有子网重定向到此 ALB:
AlbDnsRecord:
Type: "AWS::Route53::RecordSet"
DependsOn: [ALB_LOGICAL_ID]
Properties:
HostedZoneName: "example.com."
Type: "A"
Name: "*.example.com."
AliasTarget:
DNSName: !GetAtt [ALB_LOGICAL_ID].DNSName
EvaluateTargetHealth: False
HostedZoneId: !GetAtt [ALB_LOGICAL_ID].CanonicalHostedZoneID
Comment: "A record for Stages ALB"
我的错误是:
- 没有在我的
HostedZoneName 末尾添加 AliasTarget.HostedZoneId下ID在CanonicalHostedZoneID末尾全部大写
- 用您的 ALB 的实际名称替换
[ALB_LOGICAL_ID],对我来说就像:ALBStages.DNSName - 您的 Route53 中应该有区域。
.
所以对于我们来说,以下所有地址都将进入此 ALB:
- dev01.example.com
- dev01api.example.com
- dev02.example.com
- dev02api.example.com
- qa01.example.com
- qa01api.example.com
- qa02.example.com
- qa02api.example.com
- uat.example.com
- uatapi.example.com