如何在不中断流量的情况下将策略记录替换为指向 CloudFront 分配的简单 A 记录?
How do I replace a Policy Record with a simple A record that points to a CloudFront Distribution without traffic interruption?
我的第一个问题是,最好的方法是什么?在我看来,在不中断流量的情况下执行此操作的唯一方法是通过 AWS CLI,但如果有更简单的方法,我会洗耳恭听!如果 CLI 是执行此操作的方法,我 运行 遇到以下命令的问题:
aws route53 change-resource-record-sets --hosted-zone-id XXXXXXXXXXXX --change-batch file://update-record.json
update-record.json 包含以下内容:
{
"Comment": "Swaps the Policy Record for a simple routing policy",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "www.example.com",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "XXXXXXXXXXXX",
"DNSName": "xxxxxxxxxxxxx.cloudfront.net",
"EvaluateTargetHealth": false
}
}
}
]
}
我得到的错误是:
An error occurred (InvalidChangeBatch) when calling the ChangeResourceRecordSets operation: [Tried to create an alias that targets xxxxxxxxxxxxx.cloudfront.net., type A in zone XXXXXXXXXXXX, but the alias target name does not lie within the target zone, Tried to create an alias that targets xxxxxxxxxxxxx.cloudfront.net., type A in zone XXXXXXXXXXXX, but that target was not found]
帐户中记录的托管区域 ID 是准确的,分发 DNS 名称也是如此。记录名称,www.example.com, also exists in the account. The distribution has an alternate domain name (CNAME) of www.example.com.
我也尝试过以删除和创建的方式进行更改,而不是 upsert:
{
"Comment": "Swaps the Policy Record for a simple routing policy",
"Changes": [
{
"Action": "DELETE",
"ResourceRecordSet": {
"Name": "www.example.com.",
"Type": "A",
"TrafficPolicyInstanceId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
},
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "www.example.com.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "XXXXXXXXXXXX",
"DNSName": "xxxxxxxxxxxxx.cloudfront.net",
"EvaluateTargetHealth": false
}
}
}
]
}
分两步执行此操作会产生相同的错误消息。
Route 53 中的每个域和子域都被视为“托管区域”,因此具有“托管区域 ID”。但是,虽然 change-resource-record-sets documentation is extensive, it's not very clear about Alias records that point to a CloudFront distribution. I had to dig deeper, and look into the documentation around AliasTarget 具体。在那里,文档指出:
Specify Z2FDTNDATAQYW2. This is always the hosted zone ID when you create an alias record that routes traffic to a CloudFront distribution.
这意味着即使我尝试在托管区域中创建 ID 为 XXXXXXXXXXXX 的别名记录,该 ID 也用于 any 别名记录指向 any CloudFront 分配是 Z2FDTNDATAQYW2。将 update-record.json 更改为以下作品:
{
"Comment": "Swaps the Policy Record for a simple routing policy",
"Changes": [
{
"Action": "DELETE",
"ResourceRecordSet": {
"Name": "www.example.com.",
"Type": "A",
"TrafficPolicyInstanceId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
},
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "www.example.com.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z2FDTNDATAQYW2",
"DNSName": "xxxxxxxxxxxxx.cloudfront.net",
"EvaluateTargetHealth": false
}
}
}
]
}
这样做 change-resource-record-set 可以防止交通中断,因为:
Change batches are considered transactional changes. Route 53 validates the changes in the request and then either makes all or none of the changes in the change batch request. This ensures that DNS routing isn't adversely affected by partial changes to the resource record sets in a hosted zone.
我的第一个问题是,最好的方法是什么?在我看来,在不中断流量的情况下执行此操作的唯一方法是通过 AWS CLI,但如果有更简单的方法,我会洗耳恭听!如果 CLI 是执行此操作的方法,我 运行 遇到以下命令的问题:
aws route53 change-resource-record-sets --hosted-zone-id XXXXXXXXXXXX --change-batch file://update-record.json
update-record.json 包含以下内容:
{
"Comment": "Swaps the Policy Record for a simple routing policy",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "www.example.com",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "XXXXXXXXXXXX",
"DNSName": "xxxxxxxxxxxxx.cloudfront.net",
"EvaluateTargetHealth": false
}
}
}
]
}
我得到的错误是:
An error occurred (InvalidChangeBatch) when calling the ChangeResourceRecordSets operation: [Tried to create an alias that targets xxxxxxxxxxxxx.cloudfront.net., type A in zone XXXXXXXXXXXX, but the alias target name does not lie within the target zone, Tried to create an alias that targets xxxxxxxxxxxxx.cloudfront.net., type A in zone XXXXXXXXXXXX, but that target was not found]
帐户中记录的托管区域 ID 是准确的,分发 DNS 名称也是如此。记录名称,www.example.com, also exists in the account. The distribution has an alternate domain name (CNAME) of www.example.com.
我也尝试过以删除和创建的方式进行更改,而不是 upsert:
{
"Comment": "Swaps the Policy Record for a simple routing policy",
"Changes": [
{
"Action": "DELETE",
"ResourceRecordSet": {
"Name": "www.example.com.",
"Type": "A",
"TrafficPolicyInstanceId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
},
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "www.example.com.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "XXXXXXXXXXXX",
"DNSName": "xxxxxxxxxxxxx.cloudfront.net",
"EvaluateTargetHealth": false
}
}
}
]
}
分两步执行此操作会产生相同的错误消息。
Route 53 中的每个域和子域都被视为“托管区域”,因此具有“托管区域 ID”。但是,虽然 change-resource-record-sets documentation is extensive, it's not very clear about Alias records that point to a CloudFront distribution. I had to dig deeper, and look into the documentation around AliasTarget 具体。在那里,文档指出:
Specify Z2FDTNDATAQYW2. This is always the hosted zone ID when you create an alias record that routes traffic to a CloudFront distribution.
这意味着即使我尝试在托管区域中创建 ID 为 XXXXXXXXXXXX 的别名记录,该 ID 也用于 any 别名记录指向 any CloudFront 分配是 Z2FDTNDATAQYW2。将 update-record.json 更改为以下作品:
{
"Comment": "Swaps the Policy Record for a simple routing policy",
"Changes": [
{
"Action": "DELETE",
"ResourceRecordSet": {
"Name": "www.example.com.",
"Type": "A",
"TrafficPolicyInstanceId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
},
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "www.example.com.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z2FDTNDATAQYW2",
"DNSName": "xxxxxxxxxxxxx.cloudfront.net",
"EvaluateTargetHealth": false
}
}
}
]
}
这样做 change-resource-record-set 可以防止交通中断,因为:
Change batches are considered transactional changes. Route 53 validates the changes in the request and then either makes all or none of the changes in the change batch request. This ensures that DNS routing isn't adversely affected by partial changes to the resource record sets in a hosted zone.