我正在尝试用 aws-cdk (Python) 编写代码来构建基础架构。我需要在一个 AWS 账户中部署 CloudFront Distribution (Stack-A)。然后,我需要在另一个 AWS 账户中为此分配 (Stack-B) 创建一些 DNS 记录。我在同一个 CDK 应用程序中为每个帐户设置了两个堆栈。我收到此错误'“Stack-A”无法使用来自堆栈“Stack-B”的交叉引用。只有部署到相同环境的堆栈或嵌套堆栈与其父堆栈之间的堆栈才支持跨堆栈引用。
有人可以提出解决此问题的解决方案吗?
代码如下所示。
prod = core.Environment(account = "111111111111", region = "us-east-1")
dev = core.Environment(account = "222222222222", region = "us-east-1")
app = core.App()
s3_stack = A (app, "Stack-A", env = dev)
dist = s3_stack.dist_target
dns_lookup_stack = B (app, "Stack-B", env = prod, distribution = dist)
app.synth()
class A(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, env = dev)
# Create Origin Access Identity.
self.cloudfrontOAI = _cf.OriginAccessIdentity(
self,
"cloudfrontOAI",
comment = "cdk-OAI",
)
# Create S3 bucket.
self.bucket = _s3.Bucket(self, id + "_s3-bucket",
bucket_name = ('dev-cdk-website'),
block_public_access = _s3.BlockPublicAccess.BLOCK_ALL,
removal_policy = core.RemovalPolicy.DESTROY)
# Add bucket policy
self.bucket.add_to_resource_policy(
_iam.PolicyStatement(
sid = "Grant Cloudfront Origin Access Identity to list S3 bucket.",
actions = ["s3:ListBucket"],
resources = [self.bucket.bucket_arn],
principals = [self.cloudfrontOAI.grant_principal]
)
)
# Get the hosted zone details. For example, from the production Route-53 service.
self.hosted_zone = _route53.HostedZone.from_hosted_zone_attributes(
self,
"Existing_production_zone",
hosted_zone_id = zone_id,
zone_name = zone_name
)
self.cert = _acm.Certificate(
self,
"cert",
domain_name = website_name,
subject_alternative_names = [],
validation = _acm.CertificateValidation.from_dns(hosted_zone = self.hosted_zone)
)
# CloudFront Source Configuration
source_config = _cf.SourceConfiguration(
s3_origin_source = _cf.S3OriginConfig(
s3_bucket_source = self.bucket,
origin_access_identity = self.cloudfrontOAI,
),
behaviors = [
_cf.Behavior(
is_default_behavior = True,
)
],
)
# CloudFront error configuration settings
error_config = _cf.CfnDistribution.CustomErrorResponseProperty(
error_code = 404,
error_caching_min_ttl=300,
response_code=404,
response_page_path = "/404.html"
)
# Certificate configuration settings for CF Distribution.
cert_config = _cf.ViewerCertificate.from_acm_certificate(self.cert,
aliases = [],
security_policy = _cf.SecurityPolicyProtocol.TLS_V1_2_2019,
ssl_method = _cf.SSLMethod.SNI
)
# Create cloud front distribution.
self.dist = _cf.CloudFrontWebDistribution(
self,
"staticsitedist",
origin_configs = [source_config],
comment = "dev--cdk-website",
price_class = _cf.PriceClass("PRICE_CLASS_ALL"),
error_configurations = [error_config],
viewer_certificate = cert_config
)
self.dist_target = _route53_targets.CloudFrontTarget(self.dist)
B 类(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, env = prod)
self.dist_target = kwargs["distribution"]
self.hosted_zone = _route53.HostedZone.from_lookup(
self,
"Existing_production_zone",
domain_name = domain_name,
)
# Export Zone_ID
self.zone_id = core.CfnOutput(
self,
"zone_id",
value = self.hosted_zone.hosted_zone_id,
description = "Zone Id for the given domain name",
export_name = "zoneId"
)
# Export Zone Name
self.zone_name = core.CfnOutput(
self,
"zone_name",
value = self.hosted_zone.zone_name,
description = "zone name for the given domain name",
export_name = "zoneName"
)
# Add A Records to DNS.
self.ARecord = _route53.ARecord(
self,
"ARecord",
record_name = website_name,
target = _route53.AddressRecordTarget.from_alias(self.dist_target),
zone = self.hosted_zone
)