我尝试在Alias类型的Route 53中创建一条新记录,告诉Route 53起诉CloudFront为该站点提供服务。我尝试使用以下代码执行此操作:
let options = {
ChangeBatch: {
Changes: [{
Action: "CREATE",
ResourceRecordSet: {
AliasTarget: {
DNSName: '12kjh31k2hj3.cloudfront.net',
EvaluateTargetHealth: false,
HostedZoneId: 'JKEJWQHKJQWKK'
},
Name: 'example.com',
Type: "A"
}
}],
Comment: "S3 Hosted Site"
},
HostedZoneId: 'Z2FDTNDATAQYW2' // Fixed ID CloudFront distribution
};
route53.changeResourceRecordSets(options, function(error, data) {
//
// 1. Check if there was an error
//
if(error)
{
return reject(error);
}
//
// -> Move to the next chain
//
return resolve(container);
});
当我跑步时,我得到:
AccessDenied: User: arn:aws:iam::1234567:user/cli_s3_hosting is not authorized to access this resource
如果我使用IAM策略模拟器,我没有问题,如下面的屏幕截图所示。
我还尝试添加AdminFullAccess
但仍然遇到同样的错误。我错过了什么?
答案 0 :(得分:3)
你必须交换HostedZoneId的值,即首先出现Z2FDTNDATAQYW2,然后出现你的route53托管区域。由于您尝试更改不属于您的帐户的CF分发托管区域(Z2FDTNDATAQYW2)的资源记录集,因此出现错误。
答案 1 :(得分:0)
添加到已接受的答案中,对于任何从CLI收到此错误的人:
aws route53 change-resource-record-sets --hosted-zone-id ABCDEFGHIJKLM --change-batch file://wilcards.json # this zone-id is for YOUR domain (eg my-domain.com.)
此处的HostedZoneId是此页面https://docs.aws.amazon.com/general/latest/gr/rande.html中的一个
{
"Comment": "CREATE *.sub.my-domain.com. ",
"Changes": [{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "\\052.sub.my-domain.com.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z1H1FL5HABSF5",
"DNSName": "dualstack.my-elb-or-other-endpoint.aws-region.elb.amazonaws.com.",
"EvaluateTargetHealth": false
}
}
}]
}