Json 使用cloudformation在cloudfront中添加ssl证书时出现错误(需要指定) { “AWSTemplateFormatVersion”:“2010-09-09”, “参数”:{ “备选主要名称”:{ “说明”:“CNAMEs(备用域名),如有,用于分发。Example.test.codavel.com”, “类型”:“字符串”, “默认值”:“test.example.com” } }, “资源”:{ “myDistribution”:{ “类型”:“AWS::CloudFront::Distribution”, “财产”:{ “DistributionConfig”:{ “起源”:[{ “域名”:“ELBfor-1234.region.elb.amazonaws.com”, “Id”:“myCustomOrigin”, “CustomOriginConfig”:{ “HTTPPort”:“80”, “HTTPSPort”:“443”, “原始协议策略”:“匹配查看器”, “原始协议”:[ “TLSv1”, “TLSv1.1”, “TLSv1.2”, “SSLv3” ] } } ], “HttpVersion”:“http2”, “别名”:[ { “Ref”:“AlternativeDomains” } ], “已启用”:“真”, “注释”:“示例cdn”, “DefaultCacheBehavior”:{ “TargetOriginId”:“myCustomOrigin”, “SmoothStreaming”:“false”, “允许的方法”:[ “头”, “得到”, “选项” ], “MaxTTL”:“31536000”, “MinTTL”:“0”, “压缩”:“真”, “ForwardedValues”:{ “查询字符串”:“假”, “Cookies”:{“转发”:“全部”} }, “ViewerProtocolPolicy”:“允许全部” }, “PriceClass”:“PriceClass_All”, “限制”:{ “地理限制”:{ “限制类型”:“无”, “地点”:[] } }, “ViewerCertificate”:{ “SslSupportMethod”:“仅限sni”, “AcmCertificateArn”:{ “Fn::Sub:“arn:aws:acm:us-east-1::证书/2345f-534234” } } } } } } }
嗨,团队 我在cloudfront模板中使用它来添加自定义SSL,它向我显示了一个错误:-Json 使用cloudformation在cloudfront中添加ssl证书时出现错误(需要指定) { “AWSTemplateFormatVersion”:“2010-09-09”, “参数”:{ “备选主要名称”:{ “说明”:“CNAMEs(备用域名),如有,用于分发。Example.test.codavel.com”, “类型”:“字符串”, “默认值”:“test.example.com” } }, “资源”:{ “myDistribution”:{ “类型”:“AWS::CloudFront::Distribution”, “财产”:{ “DistributionConfig”:{ “起源”:[{ “域名”:“ELBfor-1234.region.elb.amazonaws.com”, “Id”:“myCustomOrigin”, “CustomOriginConfig”:{ “HTTPPort”:“80”, “HTTPSPort”:“443”, “原始协议策略”:“匹配查看器”, “原始协议”:[ “TLSv1”, “TLSv1.1”, “TLSv1.2”, “SSLv3” ] } } ], “HttpVersion”:“http2”, “别名”:[ { “Ref”:“AlternativeDomains” } ], “已启用”:“真”, “注释”:“示例cdn”, “DefaultCacheBehavior”:{ “TargetOriginId”:“myCustomOrigin”, “SmoothStreaming”:“false”, “允许的方法”:[ “头”, “得到”, “选项” ], “MaxTTL”:“31536000”, “MinTTL”:“0”, “压缩”:“真”, “ForwardedValues”:{ “查询字符串”:“假”, “Cookies”:{“转发”:“全部”} }, “ViewerProtocolPolicy”:“允许全部” }, “PriceClass”:“PriceClass_All”, “限制”:{ “地理限制”:{ “限制类型”:“无”, “地点”:[] } }, “ViewerCertificate”:{ “SslSupportMethod”:“仅限sni”, “AcmCertificateArn”:{ “Fn::Sub:“arn:aws:acm:us-east-1::证书/2345f-534234” } } } } } } },json,amazon-web-services,cloud,amazon-cloudformation,devops,Json,Amazon Web Services,Cloud,Amazon Cloudformation,Devops,嗨,团队 我在cloudfront模板中使用它来添加自定义SSL,它向我显示了一个错误:-需要指定[AcmCertificateArn、CloudFrontDefaultCertificate、IamCertificateId]中的一个。 所以,请让我知道我将如何添加这个,或者是否有任何选项添加到参数中,以便它将列出该证书。请给我同样的指导。这是我的证书ARN-ARN:aws:acm:us-east-1::certificate/2345f-534234您需要使用的属性是ViewerCertif
需要指定[AcmCertificateArn、CloudFrontDefaultCertificate、IamCertificateId]中的一个。
所以,请让我知道我将如何添加这个,或者是否有任何选项添加到参数中,以便它将列出该证书。请给我同样的指导。这是我的证书ARN-ARN:aws:acm:us-east-1::certificate/2345f-534234您需要使用的属性是
ViewerCertificate
。中的配置应帮助您确定可能要添加的任何选项
如果要指定ACM证书,可以添加参数,类型将为字符串
下面是一个更新的模板。您将需要确保ACM证书包含您的帐户id。我已经运行了这个来验证它是否成功构建
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Parameters": {
"AlternateDomainNames": {
"Description": "CNAMEs (alternate domain names), if any, for the distribution. Example. test.codavel.com",
"Type": "String",
"Default": "test.example.com"
}
},
"Resources" : {
"myDistribution" : {
"Type" : "AWS::CloudFront::Distribution",
"Properties" : {
"DistributionConfig" : {
"Origins" : [ {
"DomainName" : "ELBfor-1234.region.elb.amazonaws.com",
"Id" : "myCustomOrigin",
"CustomOriginConfig" : {
"HTTPPort" : "80",
"HTTPSPort" : "443",
"OriginProtocolPolicy" : "match-viewer",
"OriginSSLProtocols" : [
"TLSv1",
"TLSv1.1",
"TLSv1.2",
"SSLv3"
]
}
} ],
"HttpVersion": "http2",
"Aliases": [
{
"Ref": "AlternateDomainNames"
}
],
"Enabled" : "true",
"Comment" : "example-cdn",
"DefaultCacheBehavior" : {
"TargetOriginId" : "myCustomOrigin",
"SmoothStreaming" : "false",
"AllowedMethods": [
"HEAD",
"GET",
"OPTIONS"
],
"MaxTTL": "31536000",
"MinTTL": "0",
"Compress" : "true",
"ForwardedValues" : {
"QueryString" : "false",
"Cookies" : { "Forward" : "all" }
},
"ViewerProtocolPolicy" : "allow-all"
},
"PriceClass" : "PriceClass_All",
"Restrictions" : {
"GeoRestriction": {
"RestrictionType": "none",
"Locations": []
}
},
"ViewerCertificate": {
"SslSupportMethod": "sni-only",
"AcmCertificateArn" : {
"Fn::Sub": "arn:aws:acm:us-east-1:<ID>:certificate/2345f-534234"
}
}
}
}
}
}
}
您需要使用的属性是
ViewerCertificate
。中的配置应帮助您确定可能要添加的任何选项
如果要指定ACM证书,可以添加参数,类型将为字符串
下面是一个更新的模板。您将需要确保ACM证书包含您的帐户id。我已经运行了这个来验证它是否成功构建
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Parameters": {
"AlternateDomainNames": {
"Description": "CNAMEs (alternate domain names), if any, for the distribution. Example. test.codavel.com",
"Type": "String",
"Default": "test.example.com"
}
},
"Resources" : {
"myDistribution" : {
"Type" : "AWS::CloudFront::Distribution",
"Properties" : {
"DistributionConfig" : {
"Origins" : [ {
"DomainName" : "ELBfor-1234.region.elb.amazonaws.com",
"Id" : "myCustomOrigin",
"CustomOriginConfig" : {
"HTTPPort" : "80",
"HTTPSPort" : "443",
"OriginProtocolPolicy" : "match-viewer",
"OriginSSLProtocols" : [
"TLSv1",
"TLSv1.1",
"TLSv1.2",
"SSLv3"
]
}
} ],
"HttpVersion": "http2",
"Aliases": [
{
"Ref": "AlternateDomainNames"
}
],
"Enabled" : "true",
"Comment" : "example-cdn",
"DefaultCacheBehavior" : {
"TargetOriginId" : "myCustomOrigin",
"SmoothStreaming" : "false",
"AllowedMethods": [
"HEAD",
"GET",
"OPTIONS"
],
"MaxTTL": "31536000",
"MinTTL": "0",
"Compress" : "true",
"ForwardedValues" : {
"QueryString" : "false",
"Cookies" : { "Forward" : "all" }
},
"ViewerProtocolPolicy" : "allow-all"
},
"PriceClass" : "PriceClass_All",
"Restrictions" : {
"GeoRestriction": {
"RestrictionType": "none",
"Locations": []
}
},
"ViewerCertificate": {
"SslSupportMethod": "sni-only",
"AcmCertificateArn" : {
"Fn::Sub": "arn:aws:acm:us-east-1:<ID>:certificate/2345f-534234"
}
}
}
}
}
}
}
ViewerCertificate
块在您的案例中应该是这样的:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"AlternateDomainNames": {
"Description": "CNAMEs (alternate domain names), if any, for the distribution. Example. test.codavel.com",
"Type": "String",
"Default": "test.example.com"
}
},
"Resources": {
"myDistribution": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
"DistributionConfig": {
"Origins": [{
"DomainName": "ELBfor-1234.region.elb.amazonaws.com",
"Id": "myCustomOrigin",
"CustomOriginConfig": {
"HTTPPort": "80",
"HTTPSPort": "443",
"OriginProtocolPolicy": "match-viewer",
"OriginSSLProtocols": [
"TLSv1",
"TLSv1.1",
"TLSv1.2",
"SSLv3"
]
}
}],
"ViewerCertificate": {
"SslSupportMethod": "sni-only",
"AcmCertificateArn": "arn:aws:acm:us-east-1::certificate/2345f-534234"
},
"HttpVersion": "http2",
"Aliases": [{
"Ref": "AlternateDomainNames"
}],
"Enabled": "true",
"Comment": "example-cdn",
"DefaultCacheBehavior": {
"TargetOriginId": "myCustomOrigin",
"SmoothStreaming": "false",
"AllowedMethods": [
"HEAD",
"GET",
"OPTIONS"
],
"MaxTTL": "31536000",
"MinTTL": "0",
"Compress": "true",
"ForwardedValues": {
"QueryString": "false",
"Cookies": {
"Forward": "all"
}
},
"ViewerProtocolPolicy": "allow-all"
},
"PriceClass": "PriceClass_All",
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Locations": []
}
}
}
}
}
}
}
另外,您应该始终注意的是,证书是在
us-east1
地区提供的(您的是,基于ARN:)ViewerCertificate
块在您的情况下应如下所示:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"AlternateDomainNames": {
"Description": "CNAMEs (alternate domain names), if any, for the distribution. Example. test.codavel.com",
"Type": "String",
"Default": "test.example.com"
}
},
"Resources": {
"myDistribution": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
"DistributionConfig": {
"Origins": [{
"DomainName": "ELBfor-1234.region.elb.amazonaws.com",
"Id": "myCustomOrigin",
"CustomOriginConfig": {
"HTTPPort": "80",
"HTTPSPort": "443",
"OriginProtocolPolicy": "match-viewer",
"OriginSSLProtocols": [
"TLSv1",
"TLSv1.1",
"TLSv1.2",
"SSLv3"
]
}
}],
"ViewerCertificate": {
"SslSupportMethod": "sni-only",
"AcmCertificateArn": "arn:aws:acm:us-east-1::certificate/2345f-534234"
},
"HttpVersion": "http2",
"Aliases": [{
"Ref": "AlternateDomainNames"
}],
"Enabled": "true",
"Comment": "example-cdn",
"DefaultCacheBehavior": {
"TargetOriginId": "myCustomOrigin",
"SmoothStreaming": "false",
"AllowedMethods": [
"HEAD",
"GET",
"OPTIONS"
],
"MaxTTL": "31536000",
"MinTTL": "0",
"Compress": "true",
"ForwardedValues": {
"QueryString": "false",
"Cookies": {
"Forward": "all"
}
},
"ViewerProtocolPolicy": "allow-all"
},
"PriceClass": "PriceClass_All",
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Locations": []
}
}
}
}
}
}
}
另外,您应该始终注意的是,证书是在
us-east1
地区提供的(您的是,基于ARN:)是的,它成功了,谢谢Chris和我添加了一个域abc.test.codavel.com,它显示了503错误。您对此有什么想法吗?那么我将如何修复它?它唯一显示的https是您的原始负载平衡器通过其安全组打开了吗?这个错误背后的原因是:是的,它工作了,谢谢Chris和我添加了一个域abc.test.codavel.com,它显示了503错误。你对此有什么想法吗?那么我将如何修复它?它唯一显示的https是你的源负载平衡器通过其安全组打开了吗?这一错误背后的原因是