如何使用 SAW 运行手册对 API Gateway 中的自定义域名进行故障排除?
6 分钟阅读
0
我想使用 AWSSupport-TroubleshootAPIGatewayCustomDomainConfig AWS Support 自动化工作流程 (SAW) 运行手册对我在 Amazon API Gateway 中的自定义域名配置进行故障排除。
简短描述
AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 运行手册提供了一个自动解决方案,可用于验证 API Gateway 中的自定义域名配置。本运行手册会验证是否已在 API Gateway 中使用 DNS 记录和 API 映射的正确配置设置自定义域名。
有关 SAW 的更多信息,请参阅 AWS Support 自动化工作流程 (SAW)。
解决方法
AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 运行手册会验证以下特征:
- API Gateway 中是否存在自定义域名。
- 自定义域名和任何 API 之间是否存在映射。
- 之前的映射列表是否包含自定义域名和指定 API 之间的映射。
- 自定义域名是否有 DNS 记录。
- DNS 记录是否指向创建自定义域名期间由 API Gateway 生成的正确目标值。
运行自动化的当前用户或代入的 AWS Identity and Access Management (IAM) 服务角色必须具有以下权限:
- apigateway:GET
- iam:ListRoles
- iam:PassRole
- route53:ListResourceRecordSets
- ssm:DescribeAutomationExecutions
- ssm:GetAutomationExecution
- ssm:DescribeAutomationStepExecutions
- ssm:StartAutomationExecution
- ssm:DescribeDocument
- ssm:GetDocument
- ssm:ListDocuments
先决条件
在运行该运行手册之前,确保您的 IAM 用户或角色具有正确的权限。这些权限包括特定的 AWS Systems Manager 权限,以及本文前面部分中介绍的其他特定于服务的权限。
运行 AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 自动化
-
打开 AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 运行手册。
**注意:**该运行手册位于 us-east-1 AWS 区域。 -
选择执行自动化。
对于输入参数,输入以下内容:
- **AutomationAssumeRole(可选):**这是 IAM 角色的 Amazon 资源名称(ARN),允许 Systems Manager 的自动化功能代表您执行操作。如果未指定角色,则自动化将使用启动运行手册的用户的权限。
- **DomainName(必填):**您的 API 的自定义域名。
- **ApiId(必填):**您的 API 的 ID。
- **DNSServerIp(可选):**用于解析自定义域名的 DNS 服务器。如果未指定该值,则使用 AWS DNS 服务器。
- **HostedZoneId(可选):**包含自定义域名的 DNS 记录的公有托管区的 ID。当 Route 53 不用于 DNS 时,这不是必填项。
-
选择执行。自动化启动。
-
自动化完成后,查看输出部分以获取详细结果。
如果运行手册检查成功运行,则您的输出将显示自定义域名的配置详细信息。
如果自定义域名的配置未通过运行手册中的一项检查,则运行手册会在相应的步骤失败。故障排除建议可在运行手册的输出中找到。
AWSSupport-TroubleshootAPIGatewayCustomDomainConfig 运行手册的输出示例
成功配置检查的输出示例:
{ "Result": "The custom domain name is configured correctly", "DomainDetails": { "DomainName": "<<CUSTOM DOMAIN NAME>>", "APIGatewayDomainName": "d-XXXXXXXX.execute-api.<<REGION>>.amazonaws.com", "Status": "XXXXXX", "EndpointType": "XXXXXX" }, "MappingDetails": [ { "API": "XXXXXX", "MappingId": "XXXXXX", "MappingKey": "XXXXXX", "Stage": "XXXXXX", "Status": "ApiHasMappings" } ], "DNSDetails": { "<<RECORD TYPE>>": [ "XXX.XXX.XXX.XXX", "XXX.XXX.XXX.XXX", "XXX.XXX.XXX.XXX" ] } }
API Gateway 中没有自定义域名时的输出示例:
" Check (1/5): Check custom domain name exists. Status: Failed. Troubleshooting Recommendations: - Custom domain name: <<CUSTOM DOMAIN NAME>> is not configured in API gateway. - Please see the link below for information on how to setup a custom domain for API Gateway: > https://aws.amazon.com/cn/premiumsupport/knowledge-center/custom-domain-name-amazon-api-gateway/ - The remaining checks have not been run at this point hence there may be other errors in the current configuration. - After resolving the error above, please check that your custom domain name has: > A mapping to the API you are trying to reach > A DNS record pointing to the generated API Gateway domain name. - You can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details. Check (2/5): List mappings. Status: Skipped Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Skipped Check (4/5): Check DNS record exists for custom domain name. Status: Skipped Check (5/5): Validate DNS record. Status: Skipped "
自定义域名根本没有映射时的输出示例:
" Check (1/5): Check custom domain name exists. Status: Complete Check (2/5): List mappings. Status: Failed Troubleshooting Recommendations: - <<CUSTOM DOMAIN NAME>> does not contain any mappings. - Please see the documentation to create one here: > https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mappings.html - The remaining checks have not been run at this point hence there may be other errors in the current configuration. - After resolving the error above, please check that your custom domain name has: > A mapping to the API you are trying to reach > A DNS record pointing to the generated API Gateway domain name. - You can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details. Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Skipped Check (4/5): Check DNS record exists for custom domain name. Status: Skipped Check (5/5): Validate DNS record. Status: Skipped "
自定义域名没有映射到指定 API ID 时的输出示例:
" Check (1/5): Check custom domain name exists. Status: Complete Check (2/5): List mappings. Status: Complete Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Failed Troubleshooting Recommendations: - A base path mapping does not exist between API Id: <<API ID>> and custom domain name: <<CUSTOM DOMAIN NAME>>. - Please see the documentation to create one here: > https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mappings.html - The remaining checks have not been run at this point hence there may be other errors in the current configuration. - After resolving the error above, please check that your custom domain name has: > A mapping to the API you are trying to reach > A DNS record pointing to the generated API Gateway domain name. - You can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details. Check (4/5): Check DNS record exists for custom domain name. Status: Not Run Check (5/5): Validate DNS record. Status: Skipped "
自定义域名没有 DNS 记录时的输出示例:
" Check (1/5): Check custom domain name exists. Status: Complete Check (2/5): List mappings. Status: Complete Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Complete Check (4/5): Check DNS record exists for custom domain name. Status: Failed Troubleshooting Recommendations: - There is no DNS record for the custom domain name: <<CUSTOM DOMAIN NAME>> or the domain could not be resolved. - Please check your DNS server for a record for this domain and ensure it can be resolved. - The remaining checks have not been run at this point hence there may be other errors in the current configuration. - After resolving the error above, please check that your custom domain name has: > A DNS record pointing to the generated API Gateway domain name. - You can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details. Check (5/5): Validate DNS record. Status: Skipped "
DNS 记录未指向正确目标时的输出示例:
" Check (1/5): Check custom domain name exists. Status: Complete Check (2/5): List mappings. Status: Complete Check (3/5): Check mapping exists to API Id: <<API ID>>. Status: Complete Check (4/5): Check DNS record exists for custom domain name. Status: Complete Check (5/5): Validate DNS record. Status: Failed Troubleshooting Recommendations: - The DNS record for the custom domain name: <<CUSTOM DOMAIN NAME>> may not be pointing to the correct target. - The API Gateway domain name generated for this custom domain name is: <<API GATEWAY DOMAIN NAME>> which should be the target of the DNS record created for the custom domain name. - Please check your DNS record for this domain and ensure it is pointing to the API Gateway domain name: <<API GATEWAY DOMAIN NAME>>. - After resolving the error above, you can run this automation again to confirm the changes have been made correctly. - More details for this particular error can be found within the individual step details."
**注意:**为了帮助您排除故障、修复、管理和降低 AWS 资源的成本,AWS Support 会对 AWS 提供的一部分预定义运行手册进行维护。运行手册前缀是 AWSSupport- 和 AWSPremiumSupport-。
相关信息
AWS 官方已更新 10 个月前
没有评论
相关内容
- AWS 官方已更新 2 年前
- AWS 官方已更新 10 个月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
