如何使用 SAW 執行手冊對 API Gateway 中的自訂網域名稱進行疑難排解?
6 分的閱讀內容
0
我想使用 AWSSupport-TroubleshootAPIGatewayCustomDomainConfig AWS Support Automation Workflow (SAW) 執行手冊,對 Amazon API Gateway 中的自訂網域名稱組態進行疑難排解。
簡短說明
AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 執行手冊提供自動化解決方案,可驗證您在 API Gateway 中的自訂網域名稱組態。此執行手冊會驗證自訂網域名稱是否已在 API Gateway 中設定,並具有 DNS 記錄和 API 映射的正確組態。
如需 SAW 的相關資訊,請參閱 AWS Support Automation Workflows (SAW)。
解決方法
AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 執行手冊會驗證下列特性:
- 自訂網域名稱是否存在於 API Gateway 中。
- 自訂網域名稱與任何 API 之間是否存在映射。
- 先前的映射清單是否包含自訂網域名稱與指定 API 之間的映射。
- 是否有自訂網域名稱的現有 DNS 記錄。
- 在建立自訂網域名稱期間,DNS 記錄是否指向 API Gateway 所產生的正確目標值。
執行自動化的目前使用者或擔任的 AWS Identity and Access Management (IAM) 服務角色必須擁有下列許可:
- apigateway:GET
- iam:ListRoles
- iam:PassRole
- route53:ListResourceRecordSets
- ssm:DescribeAutomationExecutions
- ssm:GetAutomationExecution
- ssm:DescribeAutomationStepExecutions
- ssm:StartAutomationExecution
- ssm:DescribeDocument
- ssm:GetDocument
- ssm:ListDocuments
先決條件
在執行此執行手冊之前,請確定您的 IAM 使用者或角色擁有正確的許可。這些許可包括特定的 AWS Systems Manager 許可,以及本文前幾節中涵蓋的其他服務特定許可。
執行 AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 自動化
-
開啟 AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 執行手冊。
**注意:**執行手冊位於 us-east-1 AWS 區域中。 -
選取執行自動化。
對於輸入參數,請輸入下列內容:
- **AutomationAssumeRole (選用):**IAM 角色的 Amazon Resource Name (ARN),可讓自動化 (Systems Manager 的一種功能) 代表您執行動作。如果未指定角色,則自動化會使用啟動執行手冊之使用者的許可。
- **DomainName (必要):**API 的自訂網域名稱。
- **ApiId (必要):**API 的 ID。
- **DNSServerIp (選用):**解析自訂網域名稱的 DNS 伺服器。若未指定值,則會使用 AWS DNS 伺服器。
- **HostedZoneId (選用):**公有託管區域的 ID,其中包含自訂網域名稱的 DNS 記錄。當 Route 53 未用於 DNS 時,這不是必要項目。
-
選取執行。自動化啟動。
-
自動化完成後,請檢閱輸出區段以取得詳細結果。
如果執行手冊檢查成功執行,則輸出會顯示自訂網域名稱的組態詳細資料。
如果自訂網域名稱的組態未通過執行手冊的其中一項檢查,則執行手冊會在適當的步驟失敗。您可以在執行手冊的輸出中找到疑難排解建議。
AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 執行手冊的輸出範例
成功組態檢查的輸出範例:
{ "Result": "The custom domain name is configured correctly", "DomainDetails": { "DomainName": "<<CUSTOM DOMAIN NAME>>", "APIGatewayDomainName": "d-XXXXXXXX.execute-api.<<REGION>>.amazonaws.com", "Status": "XXXXXX", "EndpointType": "XXXXXX" }, "MappingDetails": [ { "API": "XXXXXX", "MappingId": "XXXXXX", "MappingKey": "XXXXXX", "Stage": "XXXXXX", "Status": "ApiHasMappings" } ], "DNSDetails": { "<<RECORD TYPE>>": [ "XXX.XXX.XXX.XXX", "XXX.XXX.XXX.XXX", "XXX.XXX.XXX.XXX" ] } }
自訂網域名稱不在 API Gateway 中時的輸出範例:
" Check (1/5): Check custom domain name exists. Status: Failed. Troubleshooting Recommendations: - Custom domain name: <<CUSTOM DOMAIN NAME>> is not configured in API gateway. - Please see the link below for information on how to setup a custom domain for API Gateway: > https://aws.amazon.com/tw/premiumsupport/knowledge-center/custom-domain-name-amazon-api-gateway/ - The remaining checks have not been run at this point hence there may be other errors in the current configuration. - After resolving the error above, please check that your custom domain name has: > A mapping to the API you are trying to reach > A DNS record pointing to the generated API Gateway domain name. - You can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details. Check (2/5): List mappings. Status: Skipped Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Skipped Check (4/5): Check DNS record exists for custom domain name. Status: Skipped Check (5/5): Validate DNS record. Status: Skipped "
自訂網域名稱完全沒有映射時的輸出範例:
" Check (1/5): Check custom domain name exists. Status: Complete Check (2/5): List mappings. Status: Failed Troubleshooting Recommendations: - <<CUSTOM DOMAIN NAME>> does not contain any mappings. - Please see the documentation to create one here: > https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mappings.html - The remaining checks have not been run at this point hence there may be other errors in the current configuration. - After resolving the error above, please check that your custom domain name has: > A mapping to the API you are trying to reach > A DNS record pointing to the generated API Gateway domain name. - You can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details. Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Skipped Check (4/5): Check DNS record exists for custom domain name. Status: Skipped Check (5/5): Validate DNS record. Status: Skipped "
自訂網域名稱沒有映射至指定 API ID 時的輸出範例:
" Check (1/5): Check custom domain name exists. Status: Complete Check (2/5): List mappings. Status: Complete Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Failed Troubleshooting Recommendations: - A base path mapping does not exist between API Id: <<API ID>> and custom domain name: <<CUSTOM DOMAIN NAME>>. - Please see the documentation to create one here: > https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mappings.html - The remaining checks have not been run at this point hence there may be other errors in the current configuration. - After resolving the error above, please check that your custom domain name has: > A mapping to the API you are trying to reach > A DNS record pointing to the generated API Gateway domain name. - You can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details. Check (4/5): Check DNS record exists for custom domain name. Status: Not Run Check (5/5): Validate DNS record. Status: Skipped "
自訂網域名稱沒有 DNS 記錄時的輸出範例:
" Check (1/5): Check custom domain name exists. Status: Complete Check (2/5): List mappings. Status: Complete Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Complete Check (4/5): Check DNS record exists for custom domain name. Status: Failed Troubleshooting Recommendations: - There is no DNS record for the custom domain name: <<CUSTOM DOMAIN NAME>> or the domain could not be resolved. - Please check your DNS server for a record for this domain and ensure it can be resolved. - The remaining checks have not been run at this point hence there may be other errors in the current configuration. - After resolving the error above, please check that your custom domain name has: > A DNS record pointing to the generated API Gateway domain name. - You can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details. Check (5/5): Validate DNS record. Status: Skipped "
DNS 記錄未指向正確目標時的輸出範例:
" Check (1/5): Check custom domain name exists. Status: Complete Check (2/5): List mappings. Status: Complete Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Complete Check (4/5): Check DNS record exists for custom domain name. Status: Complete Check (5/5): Validate DNS record. Status: Failed Troubleshooting Recommendations: - The DNS record for the custom domain name: <<CUSTOM DOMAIN NAME>> may not be pointing to the correct target. - The API Gateway domain name generated for this custom domain name is: <<API GATEWAY DOMAIN NAME>> which should be the target of the DNS record created for the custom domain name. - Please check your DNS record for this domain and ensure it is pointing to the API Gateway domain name: <<API GATEWAY DOMAIN NAME>>. - After resolving the error above, you can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details."
**注意:**為了協助您對 AWS 資源進行疑難排解、修復、管理和降低其成本,AWS Support 維護了 AWS 提供的一部分預先定義執行手冊。執行手冊字首為 AWSSupport- 和 AWSPremiumSupport-。
相關資訊
AWS 官方已更新 10 個月前
沒有評論
相關內容
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 10 個月前