If you're experiencing issues with your AWS services, then please refer to the AWS Health Dashboard. You can find the overall status of ongoing outages, the health of AWS services, and the latest updates from AWS engineers.
如何使用 SAW 运行手册对 API Gateway 中的自定义域名进行故障排除?
6 分钟阅读
0
我想使用 AWSSupport-TroubleshootAPIGatewayCustomDomainConfig AWS Support 自动化工作流程 (SAW) 运行手册对我在 Amazon API Gateway 中的自定义域名配置进行故障排除。
简短描述
AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 运行手册提供了一个自动解决方案,可用于验证 API Gateway 中的自定义域名配置。本运行手册会验证是否已在 API Gateway 中使用 DNS 记录和 API 映射的正确配置设置自定义域名。
有关 SAW 的更多信息,请参阅 AWS Support 自动化工作流程 (SAW)。
解决方法
AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 运行手册会验证以下特征:
- API Gateway 中是否存在自定义域名。
- 自定义域名和任何 API 之间是否存在映射。
- 之前的映射列表是否包含自定义域名和指定 API 之间的映射。
- 自定义域名是否有 DNS 记录。
- DNS 记录是否指向创建自定义域名期间由 API Gateway 生成的正确目标值。
运行自动化的当前用户或代入的 AWS Identity and Access Management (IAM) 服务角色必须具有以下权限:
- apigateway:GET
- iam:ListRoles
- iam:PassRole
- route53:ListResourceRecordSets
- ssm:DescribeAutomationExecutions
- ssm:GetAutomationExecution
- ssm:DescribeAutomationStepExecutions
- ssm:StartAutomationExecution
- ssm:DescribeDocument
- ssm:GetDocument
- ssm:ListDocuments
先决条件
在运行该运行手册之前,确保您的 IAM 用户或角色具有正确的权限。这些权限包括特定的 AWS Systems Manager 权限,以及本文前面部分中介绍的其他特定于服务的权限。
运行 AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 自动化
-
打开 AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 运行手册。
**注意:**该运行手册位于 us-east-1 AWS 区域。 -
选择执行自动化。
对于输入参数,输入以下内容:
- **AutomationAssumeRole(可选):**这是 IAM 角色的 Amazon 资源名称(ARN),允许 Systems Manager 的自动化功能代表您执行操作。如果未指定角色,则自动化将使用启动运行手册的用户的权限。
- **DomainName(必填):**您的 API 的自定义域名。
- **ApiId(必填):**您的 API 的 ID。
- **DNSServerIp(可选):**用于解析自定义域名的 DNS 服务器。如果未指定该值,则使用 AWS DNS 服务器。
- **HostedZoneId(可选):**包含自定义域名的 DNS 记录的公有托管区的 ID。当 Route 53 不用于 DNS 时,这不是必填项。
-
选择执行。自动化启动。
-
自动化完成后,查看输出部分以获取详细结果。
如果运行手册检查成功运行,则您的输出将显示自定义域名的配置详细信息。
如果自定义域名的配置未通过运行手册中的一项检查,则运行手册会在相应的步骤失败。故障排除建议可在运行手册的输出中找到。
AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 运行手册的输出示例
成功配置检查的输出示例:
{ "Result": "The custom domain name is configured correctly", "DomainDetails": { "DomainName": "<<CUSTOM DOMAIN NAME>>", "APIGatewayDomainName": "d-XXXXXXXX.execute-api.<<REGION>>.amazonaws.com", "Status": "XXXXXX", "EndpointType": "XXXXXX" }, "MappingDetails": [ { "API": "XXXXXX", "MappingId": "XXXXXX", "MappingKey": "XXXXXX", "Stage": "XXXXXX", "Status": "ApiHasMappings" } ], "DNSDetails": { "<<RECORD TYPE>>": [ "XXX.XXX.XXX.XXX", "XXX.XXX.XXX.XXX", "XXX.XXX.XXX.XXX" ] } }
API Gateway 中没有自定义域名时的输出示例:
" Check (1/5): Check custom domain name exists. Status: Failed. Troubleshooting Recommendations: - Custom domain name: <<CUSTOM DOMAIN NAME>> is not configured in API gateway. - Please see the link below for information on how to setup a custom domain for API Gateway: > https://aws.amazon.com/cn/premiumsupport/knowledge-center/custom-domain-name-amazon-api-gateway/ - The remaining checks have not been run at this point hence there may be other errors in the current configuration. - After resolving the error above, please check that your custom domain name has: > A mapping to the API you are trying to reach > A DNS record pointing to the generated API Gateway domain name. - You can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details. Check (2/5): List mappings. Status: Skipped Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Skipped Check (4/5): Check DNS record exists for custom domain name. Status: Skipped Check (5/5): Validate DNS record. Status: Skipped "
自定义域名根本没有映射时的输出示例:
" Check (1/5): Check custom domain name exists. Status: Complete Check (2/5): List mappings. Status: Failed Troubleshooting Recommendations: - <<CUSTOM DOMAIN NAME>> does not contain any mappings. - Please see the documentation to create one here: > https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mappings.html - The remaining checks have not been run at this point hence there may be other errors in the current configuration. - After resolving the error above, please check that your custom domain name has: > A mapping to the API you are trying to reach > A DNS record pointing to the generated API Gateway domain name. - You can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details. Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Skipped Check (4/5): Check DNS record exists for custom domain name. Status: Skipped Check (5/5): Validate DNS record. Status: Skipped "
自定义域名没有映射到指定 API ID 时的输出示例:
" Check (1/5): Check custom domain name exists. Status: Complete Check (2/5): List mappings. Status: Complete Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Failed Troubleshooting Recommendations: - A base path mapping does not exist between API Id: <<API ID>> and custom domain name: <<CUSTOM DOMAIN NAME>>. - Please see the documentation to create one here: > https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mappings.html - The remaining checks have not been run at this point hence there may be other errors in the current configuration. - After resolving the error above, please check that your custom domain name has: > A mapping to the API you are trying to reach > A DNS record pointing to the generated API Gateway domain name. - You can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details. Check (4/5): Check DNS record exists for custom domain name. Status: Not Run Check (5/5): Validate DNS record. Status: Skipped "
自定义域名没有 DNS 记录时的输出示例:
" Check (1/5): Check custom domain name exists. Status: Complete Check (2/5): List mappings. Status: Complete Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Complete Check (4/5): Check DNS record exists for custom domain name. Status: Failed Troubleshooting Recommendations: - There is no DNS record for the custom domain name: <<CUSTOM DOMAIN NAME>> or the domain could not be resolved. - Please check your DNS server for a record for this domain and ensure it can be resolved. - The remaining checks have not been run at this point hence there may be other errors in the current configuration. - After resolving the error above, please check that your custom domain name has: > A DNS record pointing to the generated API Gateway domain name. - You can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details. Check (5/5): Validate DNS record. Status: Skipped "
DNS 记录未指向正确目标时的输出示例:
" Check (1/5): Check custom domain name exists. Status: Complete Check (2/5): List mappings. Status: Complete Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Complete Check (4/5): Check DNS record exists for custom domain name. Status: Complete Check (5/5): Validate DNS record. Status: Failed Troubleshooting Recommendations: - The DNS record for the custom domain name: <<CUSTOM DOMAIN NAME>> may not be pointing to the correct target. - The API Gateway domain name generated for this custom domain name is: <<API GATEWAY DOMAIN NAME>> which should be the target of the DNS record created for the custom domain name. - Please check your DNS record for this domain and ensure it is pointing to the API Gateway domain name: <<API GATEWAY DOMAIN NAME>>. - After resolving the error above, you can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details."
**注意:**为了帮助您排除故障、修复、管理和降低 AWS 资源的成本,AWS Support 会对 AWS 提供的一部分预定义运行手册进行维护。运行手册前缀是 AWSSupport- 和 AWSPremiumSupport-。
相关信息
没有评论
相关内容
- 已提问 6 个月前
