我正在开发一个HTTP API。我需要使用一个自定义域。我已经有了域,并且我也从AWS Certificate manager生成了证书。我的域名DNS位于Amazon Route53。
现在我正在尝试将这个自定义域附加到我的HTTP API。我还需要设置基本路径。我正在使用AWS-SAM模板,下面是我尝试的内容。
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
aws-restapi
Sample SAM Template for aws-restapi
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Timeout: 5
VpcConfig:
SecurityGroupIds:
- sg-041f24sd125s51e8e
SubnetIds:
- subnet-05265b2d
Parameters:
FirebaseProjectId:
Type: String
DomainName:
Type: String
Default: api.example.com
Resources:
AuthGatewayHttpApi:
Type: AWS::Serverless::HttpApi
Properties:
Domain:
DomainName: !Ref DomainName
CertificateArn: arn:aws:acm:us-east-1:xxxx:certificate/xxxxx-xxxx-xxxx-xxxx-xxxxx
Route53:
HostedZoneId: Z096752626aDO8HB8C6
Auth:
Authorizers:
FirebaseAuthorizer:
IdentitySource: $request.header.Authorization
JwtConfiguration:
audience:
- !Ref FirebaseProjectId
issuer: !Sub https://securetoken.google.com/${FirebaseProjectId}
DefaultAuthorizer: FirebaseAuthorizer
AuthFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: aws-restapi/
Handler: source/testfile.lambdaHandler
Runtime: nodejs14.x
Events:
Gateway:
Type: HttpApi
Properties:
ApiId: !Ref AuthGatewayHttpApi
Path: /hello
Method: get
此模板构建良好,但在部署时会引发以下错误。
CREATE_FAILED AWS::Route53::RecordSetGroup RecordSetGroupf015792d8d
[Tried to create resource record set [name='api.example.com.',type='A'] but it already exists]
好吧,这个错误说明了事实,我已经有了域名。我不想再创建域或证书,我只想在这里使用它们。
我该怎么做?此外,我如何设置basePath,以便可以像api.example.com/products一样访问?
如果此DomainName指向服务器或其他AWS服务(如AWS Amplify),则不能重用。只有当API网关已在使用此域(或子域)时,才能重用此域。所以,如果你可以删除DNS注册,我建议你用AWS SAM再次创建它,或者创建一个不同的子域。如果子域已被API网关使用,则可以创建AWS::ApiGatewayV2::ApiMapping资源。
使用AWS SAM创建DNS记录
在这种情况下,您可以简单地定义域的BasePath属性:
AuthGatewayHttpApi:
Type: AWS::Serverless::HttpApi
Properties:
Domain:
BasePath:
- products
DomainName: !Ref DomainName
CertificateArn: arn:aws:acm:us-east-1:xxxx:certificate/xxxxx-xxxx-xxxx-xxxx-xxxxx
Route53:
HostedZoneId: Z096752626aDO8HB8C6
Auth:
Authorizers:
FirebaseAuthorizer:
IdentitySource: $request.header.Authorization
JwtConfiguration:
audience:
- !Ref FirebaseProjectId
issuer: !Sub https://securetoken.google.com/${FirebaseProjectId}
DefaultAuthorizer: FirebaseAuthorizer
为现有域名创建ApiMapping
在这种情况下,您不会定义Domain属性,只需要创建AWS::ApiGatewayV2::ApiMapping资源。
AuthGatewayHttpApi:
Type: AWS::Serverless::HttpApi
Properties:
Auth:
Authorizers:
FirebaseAuthorizer:
IdentitySource: $request.header.Authorization
JwtConfiguration:
audience:
- !Ref FirebaseProjectId
issuer: !Sub https://securetoken.google.com/${FirebaseProjectId}
DefaultAuthorizer: FirebaseAuthorizer
AuthGatewayProductsMapping: # Creates the mapping for Reporting V1
Type: AWS::ApiGatewayV2::ApiMapping
Properties:
ApiId: !Ref AuthGatewayHttpApi
ApiMappingKey: products
DomainName: !Ref DomainName
Stage: Prod