Cloudformation構成ファイルを書いて、ウェブサイトをすべて一度に作成します。これには、ラムダ関数の作成、APIゲートウェイの作成、S3バケットの設定、Route 53ゾーンとレコードの作成が含まれます。
これまでのところ:
そう domain.com
は、S3バケット内のファイルを問題なく提供します。 API GatewayにAWS URIを使用すると機能しますhttps://trydsoonjc.execute-api.us-west-2.amazonaws.com/app/path/here
問題なく。
セットアップしたいのはapi.domain.com
は、サーバーのAPIにアクセスするためにAPI Gatewayをポイントします。
Route 53をAPI Gatewayに接続するにはどうすればよいですか?
現在の私のCloudformationは次のとおりです。
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description" : "Website",
"Parameters": {
"DomainName": {
"Type" : "String",
"Description" : "The DNS name of an Amazon Route 53 hosted zone e.g. server.com",
"AllowedPattern" : "(?!-)[a-zA-Z0-9-.]{1,63}(?<!-)",
"ConstraintDescription" : "must be a valid DNS zone name."
}
},
"Mappings" : {
"RegionMap" : {
"us-east-1" : { "S3HostedZoneId" : "Z3AQBSTGFYJSTF", "S3WebsiteEndpoint" : "s3-website-us-east-1.amazonaws.com" },
"us-west-1" : { "S3HostedZoneId" : "Z2F56UZL2M1ACD", "S3WebsiteEndpoint" : "s3-website-us-west-1.amazonaws.com" },
"us-west-2" : { "S3HostedZoneId" : "Z3BJ6K6RIION7M", "S3WebsiteEndpoint" : "s3-website-us-west-2.amazonaws.com" },
"eu-west-1" : { "S3HostedZoneId" : "Z1BKCTXD74EZPE", "S3WebsiteEndpoint" : "s3-website-eu-west-1.amazonaws.com" },
"ap-southeast-1" : { "S3HostedZoneId" : "Z3O0J2DXBE1FTB", "S3WebsiteEndpoint" : "s3-website-ap-southeast-1.amazonaws.com" },
"ap-southeast-2" : { "S3HostedZoneId" : "Z1WCIGYICN2BYD", "S3WebsiteEndpoint" : "s3-website-ap-southeast-2.amazonaws.com" },
"ap-northeast-1" : { "S3HostedZoneId" : "Z2M4EHUR26P7ZW", "S3WebsiteEndpoint" : "s3-website-ap-northeast-1.amazonaws.com" },
"sa-east-1" : { "S3HostedZoneId" : "Z31GFT0UA1I2HV", "S3WebsiteEndpoint" : "s3-website-sa-east-1.amazonaws.com" }
}
},
"Resources": {
"LambdaExecutionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": "execution",
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}, {
"Effect": "Allow",
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:CreateTable",
"dynamodb:DeleteItem",
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:UpdateItem",
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Resource": "*"
}]
}
}]
}
},
"APIGatewayExecutionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": "execution",
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}, {
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction"
],
"Resource": "*"
}]
}
}]
}
},
"LambdaFunctionUpdate": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"ZipFile": "exports.handler = function (event, context) { context.succeed(\"Hello, World!\"); };"
},
"Description": "Update handler.",
"Handler": "index.handler",
"MemorySize": 128,
"Role": { "Fn::GetAtt": ["LambdaExecutionRole", "Arn" ] },
"Runtime": "nodejs4.3",
"Timeout": 30
}
},
"APIGateway": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Body": @@swagger,
"FailOnWarnings": true,
"Name": "smallPictures",
"Description": "Structured wiki"
}
},
"APITDeploymentTest": {
"Type": "AWS::ApiGateway::Deployment",
"Properties": {
"RestApiId": { "Ref": "APIGateway" },
"Description": "Deploy for testing",
"StageName": "smallPicturesTesting"
}
},
"WebsiteBucket" : {
"Type" : "AWS::S3::Bucket",
"Properties" : {
"BucketName": {"Ref":"DomainName"},
"AccessControl" : "PublicRead",
"WebsiteConfiguration" : {
"IndexDocument" : "index.html",
"ErrorDocument" : "404.html"
}
},
"DeletionPolicy" : "Retain"
},
"WebsiteBucketPolicy" : {
"Type" : "AWS::S3::BucketPolicy",
"Properties" : {
"Bucket" : {"Ref" : "WebsiteBucket"},
"PolicyDocument": {
"Statement": [{
"Action": [ "s3:GetObject" ],
"Effect": "Allow",
"Resource": { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "WebsiteBucket" } , "/*" ]]},
"Principal": "*"
}]
}
}
},
"DNS": {
"Type": "AWS::Route53::HostedZone",
"Properties": {
"HostedZoneConfig": {
"Comment": { "Fn::Join" : ["", ["Hosted zone for ", { "Ref" : "DomainName" } ]]}
},
"Name": { "Ref" : "DomainName" },
"HostedZoneTags" : [{
"Key": "Application",
"Value": "Blog"
}]
}
},
"DNSRecord": {
"Type": "AWS::Route53::RecordSetGroup",
"Properties": {
"HostedZoneName": {
"Fn::Join": [ "", [ { "Ref": "DomainName" }, "." ]]
},
"Comment": "Zone records.",
"RecordSets": [
{
"Name": { "Ref": "DomainName" },
"Type": "A",
"AliasTarget": {
"HostedZoneId": { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "S3HostedZoneId" ]},
"DNSName": { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "S3WebsiteEndpoint" ]}
}
}, {
"Name": { "Fn::Join" : ["", ["www.", { "Ref" : "DomainName" }]]},
"Type": "CNAME",
"TTL" : "900",
"ResourceRecords" : [
{"Fn::GetAtt":["WebsiteBucket", "DomainName"]}
]
}
]
}
}
},
"Outputs": {
"WebsiteURL": {
"Value": { "Fn::GetAtt": ["WebsiteBucket", "WebsiteURL" ] },
"Description": "URL for website hosted on S3"
}
}
}
証明書マネージャーを使用してSSL証明書を作成する必要があります。 Edgeエンドポイントの場合はeu-east-1で作成し、リージョンおよびプライベートエンドポイントの場合は、APIゲートウェイをデプロイするリージョン(またはラムダ)で作成します。続きを読む こちら 。 ARNをCertificateArn
と呼びます
AWS::ApiGateway::DomainName
を設定する必要があります:
"MyDomainName": {
"Type": "AWS::ApiGateway::DomainName",
"Properties": {
"DomainName": {"Ref: "DomainName"},
"CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3"
}
}
これにより、API Gatewayのドメインが有効になります。次に、特定のデプロイメントstageでAPI(つまりRestAPI)を公開する必要があります。テンプレートには、展開段階はありません。 AWS::ApiGateway::Stage
を見てください。最小限の例は次のようになります。
"Prod": {
"Type": "AWS::ApiGateway::Stage",
"Properties": {
"StageName": "Prod",
"Description": "Prod Stage",
"RestApiId": {
"Ref": "APIGateway"
},
"DeploymentId": {
"Ref": "APITDeploymentTest"
},
}
ただし、その中でいくつかの追加構成が必要になる可能性があります。 MethodSettings
プロパティをご覧になることをお勧めします。
最後に、ベースパスマッピングリソースをデプロイします: AWS::ApiGateway::BasePathMapping
。このように作成したステージにベースパスをマッピングすることをお勧めします。
"ProdDomainBasePath": {
"Type" : "AWS::ApiGateway::BasePathMapping",
"Properties" : {
"DomainName" : {"Ref: "DomainName"},
"RestApiId" : {"Ref": "APIGateway"},
"Stage" : "Prod"
}
}
AWS::ApiGateway::Stage
リソースを変更した場合、対応するAWS::ApiGateway::Deployment
リソースを強制的に更新する必要があります。これは、通常、AWS::ApiGateway::Deployment
リソースの名前を変更することを意味します。それ以外の場合は、デプロイされません。
それでうまくいくはずです。