使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

W/ CDK, how to maintain Route53 alias up-to-date when the AWS-managed CloudFront distribution for a Cognito custom domain changes?

0

A few weeks ago, I updated my CDK stack to access Cognito via a custom URL (details in https://repost.aws/questions/QUe6Vdvu1HRtWhPgGwOx69SQ).

Last week, after a deployment, the alias https://auth.develop.mogaland.io stopped responding and it's only after a visit to the AWS console that I noticed the AWS-managed CloudFront distribution changed! I manually updated the Route53 record for the alias to point to the new distribution.

Once the domain is added, I can only get the cloudFrontDomainName from the result of the user.PooladdDomain() function. The cloudFrontDistributionId is not available... And w/o that distribution identifier, I can't expect to create A and AAAA alias later records to adjust the custom domain with the updated distribution...

// Add the custom domain to the user pool
const certificate = Certificate.fromCertificateArn(this, 'domainCert', props.acmCertificateARN);
const userPoolDomain = this.userPool.addDomain('Custom Domain', {
    customDomain: {
        domainName: `auth.${props.stageName}.mogaland.io`,
        certificate,
    },
});

// Get the reference of AWS-managed CloudFront distribution
const awsManagedDistribution = Distribution.fromDistributionAttributes(this, 'AWS Managed Distribution', {
    domainName: userPoolDomain.cloudFrontDomainName,
    // distributionId: ???, // <= w/o the distributionId, I can't later update the alias records
});

// Get the Route53 hosted zone
const hostedZone = HostedZone.fromHostedZoneAttributes(this, 'Hosted Zone', {
    hostedZoneId: props.hostedZoneId, // some value like 'Z' plus 20 characters
    zoneName: `${props.stageName}.mogaland.io`,
});

// Update the A and AAAA records (update b/c of deletion before creation)
new ARecord(this, 'aliasRecord', {
    zone: hostedZone,
    recordName: 'auth',
    deleteExisting: true,
    target: RecordTarget.fromAlias(new CloudFrontTarget(awsManagedDistribution)),
});
new AaaaRecord(this, 'aaaAliasRecord', {
    zone: hostedZone,
    recordName: 'auth',
    deleteExisting: true,
    target: RecordTarget.fromAlias(new CloudFrontTarget(awsManagedDistribution)),
});

Maybe there's another way to get the reference of the AWS-managed CloudFront distribution?

主题
安全、身份和合规性网络和内容交付AWS 云开发工具包 (CDK)
标签
Amazon CognitoAmazon CloudFront亚马逊 53 号线路AWS 云开发工具包 (CDK)
语言
English
Dom_D
已提问 2 个月前358 查看次数
1 回答
2

There is a special class UserPoolDomainTarget[1] for creating Route53 alias records for Cognito User Pool domains. Try updating your targets for the Route53 alias records to use that class rather than CloudFrontTarget. As an example, an updated version of the last two resources could look like the following:

// Update the A and AAAA records (update b/c of deletion before creation)
new ARecord(this, 'aliasRecord', {
    zone: hostedZone,
    recordName: 'auth',
    deleteExisting: true,
    target: RecordTarget.fromAlias(new UserPoolDomainTarget(userPoolDomain)),
});
new AaaaRecord(this, 'aaaAliasRecord', {
    zone: hostedZone,
    recordName: 'auth',
    deleteExisting: true,
    target: RecordTarget.fromAlias(new UserPoolDomainTarget(userPoolDomain)),
});

[1] https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_route53_targets.UserPoolDomainTarget.html

profile pictureAWS
Sean Nixon
已回答 1 个月前
profile picture
专家
Giovanni Lauria
已审核 1 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容