Json 使用cloudformation在cloudfront中添加ssl证书时出现错误（需要指定） { “AWSTemplateFormatVersion”：“2010-09-09”， “参数”：{ “备选主要名称”：{ “说明”：“CNAMEs（备用域名），如有，用于分发。Example.test.codavel.com”， “类型”：“字符串”， “默认值”：“test.example.com” } }, “资源”：{ “myDistribution”：{ “类型”：“AWS:：CloudFront:：Distribution”， “财产”：{ “DistributionConfig”：{ “起源”：[{ “域名”：“ELBfor-1234.region.elb.amazonaws.com”， “Id”：“myCustomOrigin”， “CustomOriginConfig”：{ “HTTPPort”：“80”， “HTTPSPort”：“443”， “原始协议策略”：“匹配查看器”， “原始协议”：[ “TLSv1”， “TLSv1.1”， “TLSv1.2”， “SSLv3” ] } } ], “HttpVersion”：“http2”， “别名”：[ { “Ref”：“AlternativeDomains” } ], “已启用”：“真”， “注释”：“示例cdn”， “DefaultCacheBehavior”：{ “TargetOriginId”：“myCustomOrigin”， “SmoothStreaming”：“false”， “允许的方法”：[ “头”， “得到”， “选项” ], “MaxTTL”：“31536000”， “MinTTL”：“0”， “压缩”：“真”， “ForwardedValues”：{ “查询字符串”：“假”， “Cookies”：{“转发”：“全部”} }, “ViewerProtocolPolicy”：“允许全部” }, “PriceClass”：“PriceClass_All”， “限制”：{ “地理限制”：{ “限制类型”：“无”， “地点”：[] } }, “ViewerCertificate”：{ “SslSupportMethod”：“仅限sni”， “AcmCertificateArn”：{ “Fn:：Sub:“arn:aws:acm:us-east-1:：证书/2345f-534234” } } } } } } }_Json_Amazon Web Services_Cloud_Amazon Cloudformation_Devops

Json 使用cloudformation在cloudfront中添加ssl证书时出现错误（需要指定） { “AWSTemplateFormatVersion”：“2010-09-09”， “参数”：{ “备选主要名称”：{ “说明”：“CNAMEs（备用域名），如有，用于分发。Example.test.codavel.com”， “类型”：“字符串”， “默认值”：“test.example.com” } }, “资源”：{ “myDistribution”：{ “类型”：“AWS:：CloudFront:：Distribution”， “财产”：{ “DistributionConfig”：{ “起源”：[{ “域名”：“ELBfor-1234.region.elb.amazonaws.com”， “Id”：“myCustomOrigin”， “CustomOriginConfig”：{ “HTTPPort”：“80”， “HTTPSPort”：“443”， “原始协议策略”：“匹配查看器”， “原始协议”：[ “TLSv1”， “TLSv1.1”， “TLSv1.2”， “SSLv3” ] } } ], “HttpVersion”：“http2”， “别名”：[ { “Ref”：“AlternativeDomains” } ], “已启用”：“真”， “注释”：“示例cdn”， “DefaultCacheBehavior”：{ “TargetOriginId”：“myCustomOrigin”， “SmoothStreaming”：“false”， “允许的方法”：[ “头”， “得到”， “选项” ], “MaxTTL”：“31536000”， “MinTTL”：“0”， “压缩”：“真”， “ForwardedValues”：{ “查询字符串”：“假”， “Cookies”：{“转发”：“全部”} }, “ViewerProtocolPolicy”：“允许全部” }, “PriceClass”：“PriceClass_All”， “限制”：{ “地理限制”：{ “限制类型”：“无”， “地点”：[] } }, “ViewerCertificate”：{ “SslSupportMethod”：“仅限sni”， “AcmCertificateArn”：{ “Fn:：Sub:“arn:aws:acm:us-east-1:：证书/2345f-534234” } } } } } } }

json amazon-web-services cloud amazon-cloudformation

Json 使用cloudformation在cloudfront中添加ssl证书时出现错误（需要指定） { “AWSTemplateFormatVersion”：“2010-09-09”， “参数”：{ “备选主要名称”：{ “说明”：“CNAMEs（备用域名），如有，用于分发。Example.test.codavel.com”， “类型”：“字符串”， “默认值”：“test.example.com” } }, “资源”：{ “myDistribution”：{ “类型”：“AWS:：CloudFront:：Distribution”， “财产”：{ “DistributionConfig”：{ “起源”：[{ “域名”：“ELBfor-1234.region.elb.amazonaws.com”， “Id”：“myCustomOrigin”， “CustomOriginConfig”：{ “HTTPPort”：“80”， “HTTPSPort”：“443”， “原始协议策略”：“匹配查看器”， “原始协议”：[ “TLSv1”， “TLSv1.1”， “TLSv1.2”， “SSLv3” ] } } ], “HttpVersion”：“http2”， “别名”：[ { “Ref”：“AlternativeDomains” } ], “已启用”：“真”， “注释”：“示例cdn”， “DefaultCacheBehavior”：{ “TargetOriginId”：“myCustomOrigin”， “SmoothStreaming”：“false”， “允许的方法”：[ “头”， “得到”， “选项” ], “MaxTTL”：“31536000”， “MinTTL”：“0”， “压缩”：“真”， “ForwardedValues”：{ “查询字符串”：“假”， “Cookies”：{“转发”：“全部”} }, “ViewerProtocolPolicy”：“允许全部” }, “PriceClass”：“PriceClass_All”， “限制”：{ “地理限制”：{ “限制类型”：“无”， “地点”：[] } }, “ViewerCertificate”：{ “SslSupportMethod”：“仅限sni”， “AcmCertificateArn”：{ “Fn:：Sub:“arn:aws:acm:us-east-1:：证书/2345f-534234” } } } } } } },json,amazon-web-services,cloud,amazon-cloudformation,devops,Json,Amazon Web Services,Cloud,Amazon Cloudformation,Devops,嗨，团队我在cloudfront模板中使用它来添加自定义SSL，它向我显示了一个错误：-需要指定[AcmCertificateArn、CloudFrontDefaultCertificate、IamCertificateId]中的一个。所以，请让我知道我将如何添加这个，或者是否有任何选项添加到参数中，以便它将列出该证书。请给我同样的指导。这是我的证书ARN-ARN:aws:acm:us-east-1:：certificate/2345f-534234您需要使用的属性是ViewerCertif

嗨，团队

我在cloudfront模板中使用它来添加自定义SSL，它向我显示了一个错误：-

需要指定[AcmCertificateArn、CloudFrontDefaultCertificate、IamCertificateId]中的一个。

所以，请让我知道我将如何添加这个，或者是否有任何选项添加到参数中，以便它将列出该证书。请给我同样的指导。这是我的证书ARN-ARN:aws:acm:us-east-1:：certificate/2345f-534234

您需要使用的属性是

ViewerCertificate

。中的配置应帮助您确定可能要添加的任何选项

如果要指定ACM证书，可以添加参数，类型将为字符串

下面是一个更新的模板。您将需要确保ACM证书包含您的帐户id。我已经运行了这个来验证它是否成功构建

{
    "AWSTemplateFormatVersion" : "2010-09-09",
    "Parameters": {
    "AlternateDomainNames": {
        "Description": "CNAMEs (alternate domain names), if any, for the distribution. Example. test.codavel.com",
        "Type": "String",
        "Default": "test.example.com"
    }
},
    "Resources" : {
        "myDistribution" : {
            "Type" : "AWS::CloudFront::Distribution",
            "Properties" : {
                "DistributionConfig" : {
                    "Origins" : [ {
                            "DomainName" : "ELBfor-1234.region.elb.amazonaws.com",
                            "Id" : "myCustomOrigin",
                            "CustomOriginConfig" : {
                                "HTTPPort" : "80",
                                "HTTPSPort" : "443",
                                "OriginProtocolPolicy" : "match-viewer",
                                "OriginSSLProtocols" : [
                            "TLSv1",
                            "TLSv1.1",
                            "TLSv1.2",
                            "SSLv3"
                        ]
                            }
                    } ],
                    "HttpVersion": "http2",
                 "Aliases": [
                   {
                    "Ref": "AlternateDomainNames"
                   }
                 ],
                    "Enabled" : "true",
                    "Comment" : "example-cdn",
                    "DefaultCacheBehavior" : {
                        "TargetOriginId" : "myCustomOrigin",
                        "SmoothStreaming" : "false",
                        "AllowedMethods": [
                            "HEAD",
                            "GET",
                            "OPTIONS"
                        ],
                         "MaxTTL": "31536000",
                         "MinTTL": "0",
                        "Compress" : "true",
                        "ForwardedValues" : {
                            "QueryString" : "false",
                            "Cookies" : { "Forward" : "all" }
                        },
                        "ViewerProtocolPolicy" : "allow-all"
                    },
                   "PriceClass" : "PriceClass_All",
                   "Restrictions" : {
                       "GeoRestriction": {
                            "RestrictionType": "none",
                            "Locations": []
                        }
                   },
                   "ViewerCertificate": { 
                     "SslSupportMethod": "sni-only",
                     "AcmCertificateArn" : {
            "Fn::Sub": "arn:aws:acm:us-east-1:<ID>:certificate/2345f-534234"
        }
}
                   }
                }
            }
        }
    }

您需要使用的属性是

ViewerCertificate

。中的配置应帮助您确定可能要添加的任何选项

如果要指定ACM证书，可以添加参数，类型将为字符串

下面是一个更新的模板。您将需要确保ACM证书包含您的帐户id。我已经运行了这个来验证它是否成功构建

{
    "AWSTemplateFormatVersion" : "2010-09-09",
    "Parameters": {
    "AlternateDomainNames": {
        "Description": "CNAMEs (alternate domain names), if any, for the distribution. Example. test.codavel.com",
        "Type": "String",
        "Default": "test.example.com"
    }
},
    "Resources" : {
        "myDistribution" : {
            "Type" : "AWS::CloudFront::Distribution",
            "Properties" : {
                "DistributionConfig" : {
                    "Origins" : [ {
                            "DomainName" : "ELBfor-1234.region.elb.amazonaws.com",
                            "Id" : "myCustomOrigin",
                            "CustomOriginConfig" : {
                                "HTTPPort" : "80",
                                "HTTPSPort" : "443",
                                "OriginProtocolPolicy" : "match-viewer",
                                "OriginSSLProtocols" : [
                            "TLSv1",
                            "TLSv1.1",
                            "TLSv1.2",
                            "SSLv3"
                        ]
                            }
                    } ],
                    "HttpVersion": "http2",
                 "Aliases": [
                   {
                    "Ref": "AlternateDomainNames"
                   }
                 ],
                    "Enabled" : "true",
                    "Comment" : "example-cdn",
                    "DefaultCacheBehavior" : {
                        "TargetOriginId" : "myCustomOrigin",
                        "SmoothStreaming" : "false",
                        "AllowedMethods": [
                            "HEAD",
                            "GET",
                            "OPTIONS"
                        ],
                         "MaxTTL": "31536000",
                         "MinTTL": "0",
                        "Compress" : "true",
                        "ForwardedValues" : {
                            "QueryString" : "false",
                            "Cookies" : { "Forward" : "all" }
                        },
                        "ViewerProtocolPolicy" : "allow-all"
                    },
                   "PriceClass" : "PriceClass_All",
                   "Restrictions" : {
                       "GeoRestriction": {
                            "RestrictionType": "none",
                            "Locations": []
                        }
                   },
                   "ViewerCertificate": { 
                     "SslSupportMethod": "sni-only",
                     "AcmCertificateArn" : {
            "Fn::Sub": "arn:aws:acm:us-east-1:<ID>:certificate/2345f-534234"
        }
}
                   }
                }
            }
        }
    }

ViewerCertificate

块在您的案例中应该是这样的：

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Parameters": {
        "AlternateDomainNames": {
            "Description": "CNAMEs (alternate domain names), if any, for the distribution. Example. test.codavel.com",
            "Type": "String",
            "Default": "test.example.com"
        }
    },
    "Resources": {
        "myDistribution": {
            "Type": "AWS::CloudFront::Distribution",
            "Properties": {
                "DistributionConfig": {
                    "Origins": [{
                        "DomainName": "ELBfor-1234.region.elb.amazonaws.com",
                        "Id": "myCustomOrigin",
                        "CustomOriginConfig": {
                            "HTTPPort": "80",
                            "HTTPSPort": "443",
                            "OriginProtocolPolicy": "match-viewer",
                            "OriginSSLProtocols": [
                                "TLSv1",
                                "TLSv1.1",
                                "TLSv1.2",
                                "SSLv3"
                            ]
                        }
                    }],
                    "ViewerCertificate": {
                        "SslSupportMethod": "sni-only",
                        "AcmCertificateArn": "arn:aws:acm:us-east-1::certificate/2345f-534234"
                    },
                    "HttpVersion": "http2",
                    "Aliases": [{
                        "Ref": "AlternateDomainNames"
                    }],
                    "Enabled": "true",
                    "Comment": "example-cdn",
                    "DefaultCacheBehavior": {
                        "TargetOriginId": "myCustomOrigin",
                        "SmoothStreaming": "false",
                        "AllowedMethods": [
                            "HEAD",
                            "GET",
                            "OPTIONS"
                        ],
                        "MaxTTL": "31536000",
                        "MinTTL": "0",
                        "Compress": "true",
                        "ForwardedValues": {
                            "QueryString": "false",
                            "Cookies": {
                                "Forward": "all"
                            }
                        },
                        "ViewerProtocolPolicy": "allow-all"
                    },
                    "PriceClass": "PriceClass_All",
                    "Restrictions": {
                        "GeoRestriction": {
                            "RestrictionType": "none",
                            "Locations": []
                        }
                    }
                }
            }
        }
    }
}

另外，您应该始终注意的是，证书是在

us-east1

地区提供的（您的是，基于ARN:）

ViewerCertificate

块在您的情况下应如下所示：

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Parameters": {
        "AlternateDomainNames": {
            "Description": "CNAMEs (alternate domain names), if any, for the distribution. Example. test.codavel.com",
            "Type": "String",
            "Default": "test.example.com"
        }
    },
    "Resources": {
        "myDistribution": {
            "Type": "AWS::CloudFront::Distribution",
            "Properties": {
                "DistributionConfig": {
                    "Origins": [{
                        "DomainName": "ELBfor-1234.region.elb.amazonaws.com",
                        "Id": "myCustomOrigin",
                        "CustomOriginConfig": {
                            "HTTPPort": "80",
                            "HTTPSPort": "443",
                            "OriginProtocolPolicy": "match-viewer",
                            "OriginSSLProtocols": [
                                "TLSv1",
                                "TLSv1.1",
                                "TLSv1.2",
                                "SSLv3"
                            ]
                        }
                    }],
                    "ViewerCertificate": {
                        "SslSupportMethod": "sni-only",
                        "AcmCertificateArn": "arn:aws:acm:us-east-1::certificate/2345f-534234"
                    },
                    "HttpVersion": "http2",
                    "Aliases": [{
                        "Ref": "AlternateDomainNames"
                    }],
                    "Enabled": "true",
                    "Comment": "example-cdn",
                    "DefaultCacheBehavior": {
                        "TargetOriginId": "myCustomOrigin",
                        "SmoothStreaming": "false",
                        "AllowedMethods": [
                            "HEAD",
                            "GET",
                            "OPTIONS"
                        ],
                        "MaxTTL": "31536000",
                        "MinTTL": "0",
                        "Compress": "true",
                        "ForwardedValues": {
                            "QueryString": "false",
                            "Cookies": {
                                "Forward": "all"
                            }
                        },
                        "ViewerProtocolPolicy": "allow-all"
                    },
                    "PriceClass": "PriceClass_All",
                    "Restrictions": {
                        "GeoRestriction": {
                            "RestrictionType": "none",
                            "Locations": []
                        }
                    }
                }
            }
        }
    }
}

另外，您应该始终注意的是，证书是在

us-east1

地区提供的（您的是，基于ARN:）

是的，它成功了，谢谢Chris和我添加了一个域abc.test.codavel.com，它显示了503错误。您对此有什么想法吗？那么我将如何修复它？它唯一显示的https是您的原始负载平衡器通过其安全组打开了吗？这个错误背后的原因是：是的，它工作了，谢谢Chris和我添加了一个域abc.test.codavel.com，它显示了503错误。你对此有什么想法吗？那么我将如何修复它？它唯一显示的https是你的源负载平衡器通过其安全组打开了吗？这一错误背后的原因是