Question

I am deploying a React.js application using the server less framework on cloudfront. The architecture is very simple, I have an S3 bucket and a CloudFront CDN. CloudFormation ends without any error setting up my configuration and I m able to visit my react page using the CloudFront Distribution domain name using https and default certificate.

Now I bought a domain in Route 53 and I would like to link it to my CloudFront. I tried everything but I did not succeed. Can anyone please give me some hint? Action I already tried:

Adding the certificate s are (after creating it) on my resources.CloudFrontDistribution.ViewerCertificate.AcmCertificateArn
Adding manually an A record to point to my CloudFront. This generates the following JSON error on my browser: {"message":"Forbidden"}
Manually adding the certificate through AWS Console on my CloudFront

这些行动都没有给我以如何解决问题或甚至回避问题。

这是我目前的无服务器。

service: my-app-react

provider:
  name: aws
  runtime: nodejs12.x
  region: eu-south-1
  memorySize: 512
  timeout: 6
  logRetentionInDays: 7

plugins:
  - serverless-s3-sync

custom:
  bucketName: my-app-react-33333
  s3Sync:
    - bucketName: ${self:custom.bucketName}
      localDir: build/
  domains:
    dev:
      domainName: <my-domain>
      certificateName: <my-domain>

resources:
  Resources:
    ReactAppBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:custom.bucketName}
        AccessControl: PublicRead
        WebsiteConfiguration:
          IndexDocument: index.html
          ErrorDocument: index.html
    S3AccessPolicy:
      Type: AWS::S3::BucketPolicy
      Properties:
        Bucket:
          Ref: ReactAppBucket
        PolicyDocument:
          Statement:
            - Sid: PublicReadGetObject
              Effect: Allow
              Principal: "*"
              Action:
                - s3:GetObject
              Resource:
                - arn:aws:s3:::${self:custom.bucketName}/*
    CloudFrontDistribution:
      Type: AWS::CloudFront::Distribution
      Properties:
        DistributionConfig:
          Enabled: true
          Origins:
            - DomainName: ${self:custom.bucketName}.s3.eu-south-1.amazonaws.com
              Id: ReactApp
              CustomOriginConfig:
                HTTPPort: 80
                HTTPSPort: 443
                OriginProtocolPolicy: https-only 
          DefaultRootObject: index.html
          CustomErrorResponses:
            - ErrorCode: 404
              ResponseCode: 200
              ResponsePagePath: /index.html
          DefaultCacheBehavior:
            AllowedMethods:
              - HEAD
              - GET
              - DELETE
              - OPTIONS
              - PATCH
              - POST
              - PUT
            TargetOriginId: ReactApp
            ForwardedValues:
              QueryString: false
              Cookies:
                Forward: none
            ViewerProtocolPolicy: redirect-to-https
          ViewerCertificate:
            AcmCertificateArn: <my-certificate-arn>
            SslSupportMethod: sni-only
            MinimumProtocolVersion: TLSv1.2_2021

Answer 1

现在,我想我会知道你的问题。恶性分配只能使用我们在第一年创建的ACMcer。见。使用有云层的SSL/TLS证书的要求

此前,我没有回过头来,但很可能是你的问题。你不必得到你们的分发或任何其他资源,只是证书。

When I create certs using cloudformation, I set up the certificate handler templates in us-east-1 and the rest of the resource templates in my local region. With terraform, as another example, I have a separate provider just for these resources.

Answer 2

很容易将证书和路线53与部署在AWS云层的固定地点连接起来。

它为SWS Console快速启动方案建设者服务。

你们可以很容易地用简单的投入来控制核武器国家的资源。请参阅下列文件:

How to Deploy to AWS S3 +umiFront Construction Easily with SWS Console

• 如何与SWS Console建立证书和连接路线53

感到可以自由使用SWS Console部署到AWS S3+云层结构很容易建立,并创建证书和连接路标53域!

Go to Sws Console Service page

友情链接