ShotaKitazawa commented 3 years ago

やること

https://ap-northeast-1.console.aws.amazon.com/amplify/home?region=ap-northeast-1#/d3mqh41raiylz (607167088920) で管理されている release を https://cloudnativedays.jp/ で見れるようにする

ShotaKitazawa commented 3 years ago

以下の手順で https://cloudnativedays.jp/ の切り替えを実施

AWS (アカウント: 607167088920) にログイン
Amplify の archives App にて cloudnativedays.jp のカスタムドメイン設定
- cloudnativedays.jp → release frontend
- stg.cloudnativedays.jp → main frontend
Route53 より cloudnativedays.jp , stg.cloudnativedays.jp の A レコードが更新されていることを確認
- もともとは以下 (https://github.com/cloudnativedaysjp/cloudnativedays.jp の Pages のための設定

cloudnativedays.jp A
  185.199.110.153
  185.199.109.153
  185.199.111.153
  185.199.108.153

名前解決できることを確認

dig +short A cloudnativedays.jp
dig +short A stg.cloudnativedays.jp

Amplify の既存のカスタムドメイン設定を削除
- amplify.cloudnativedays.jp

ShotaKitazawa commented 3 years ago

2021/07/06 01:00 頃に https://cloudnativedays.jp/ の移行作業を実施予定です。

ShotaKitazawa commented 3 years ago

移行作業失敗まとめ

2021/07/06 01:00 に実施した移行作業に失敗した件についてまとめる

概要

Amplify のカスタムドメイン設定が失敗し、 cloudnativedays.jp の A レコードが解決不可能になった

Amplify のスクショ

原因

Amplify のカスタムドメイン設定における Domain activation 処理のエラーにより、cloudnativedays.jp の A レコードが解決不可能になった
- cloudnativedays.jp の A レコードの値は xxxxxx.cloudfront.net. に更新されたが、 dig cloudnativedays.jp @ns-790.awsdns-34.net. したところ A レコードが消失していた
  - おそらく xxxxxx.cloudfront.net. を IP アドレスに解決する A レコードがエラーにより登録されなかった。

Next Actions

Domain activation がコケた原因の調査
- 既に Route53 に cloudnativedays.jp の A レコードが存在するのが悪い？

ShotaKitazawa commented 3 years ago

先に Route53 の cloudnativedays.jp の A レコードを削除した後に、 Amplify のカスタムドメイン設定をします。

メモ: 作業前のゾーン `cloudnativedays.jp` のレコードセット

{
    "ResourceRecordSets": [
        {
            "Name": "cloudnativedays.jp.",
            "Type": "A",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "185.199.110.153"
                },
                {
                    "Value": "185.199.109.153"
                },
                {
                    "Value": "185.199.111.153"
                },
                {
                    "Value": "185.199.108.153"
                }
            ]
        },
        {
            "Name": "cloudnativedays.jp.",
            "Type": "MX",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "10 inbound-smtp.us-east-1.amazonaws.com."
                }
            ]
        },
        {
            "Name": "cloudnativedays.jp.",
            "Type": "NS",
            "TTL": 172800,
            "ResourceRecords": [
                {
                    "Value": "ns-790.awsdns-34.net."
                },
                {
                    "Value": "ns-1430.awsdns-50.org."
                },
                {
                    "Value": "ns-1701.awsdns-20.co.uk."
                },
                {
                    "Value": "ns-36.awsdns-04.com."
                }
            ]
        },
        {
            "Name": "cloudnativedays.jp.",
            "Type": "SOA",
            "TTL": 900,
            "ResourceRecords": [
                {
                    "Value": "ns-790.awsdns-34.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"
                }
            ]
        },
        {
            "Name": "cloudnativedays.jp.",
            "Type": "TXT",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "\"v=spf1 include:amazonses.com ~all\""
                }
            ]
        },
        {
            "Name": "_7d749218cdaa10a3dff6364c165ab6d9.cloudnativedays.jp.",
            "Type": "CNAME",
            "TTL": 500,
            "ResourceRecords": [
                {
                    "Value": "_1b2db75c5ab23e8e6fb2625e9c6d45c4.zjfbrrwmzc.acm-validations.aws."
                }
            ]
        },
        {
            "Name": "_dmarc.cloudnativedays.jp.",
            "Type": "TXT",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "\"v=DMARC1;p=quarantine;pct=100;fo=1\""
                }
            ]
        },
        {
            "Name": "5oeybyduf6evcku7e7566fjrmrgkzn56._domainkey.cloudnativedays.jp.",
            "Type": "CNAME",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "5oeybyduf6evcku7e7566fjrmrgkzn56.dkim.amazonses.com"
                }
            ]
        },
        {
            "Name": "6jsqypzdzjmtzjn3wazgs4mnffsqt46k._domainkey.cloudnativedays.jp.",
            "Type": "CNAME",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "6jsqypzdzjmtzjn3wazgs4mnffsqt46k.dkim.amazonses.com."
                }
            ]
        },
        {
            "Name": "cl43ozckqt4sng7cujovqcwjiayef7dv._domainkey.cloudnativedays.jp.",
            "Type": "CNAME",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "cl43ozckqt4sng7cujovqcwjiayef7dv.dkim.amazonses.com"
                }
            ]
        },
        {
            "Name": "htmbjljthnxz2m73smglqdbsbir36zub._domainkey.cloudnativedays.jp.",
            "Type": "CNAME",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "htmbjljthnxz2m73smglqdbsbir36zub.dkim.amazonses.com."
                }
            ]
        },
        {
            "Name": "itlhhwffkgcdek3wtgso7i3prjdm543b._domainkey.cloudnativedays.jp.",
            "Type": "CNAME",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "itlhhwffkgcdek3wtgso7i3prjdm543b.dkim.amazonses.com."
                }
            ]
        },
        {
            "Name": "uapfsgioxjsvdilccl7mahwx2kvppsys._domainkey.cloudnativedays.jp.",
            "Type": "CNAME",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "uapfsgioxjsvdilccl7mahwx2kvppsys.dkim.amazonses.com"
                }
            ]
        },
        {
            "Name": "amplify.cloudnativedays.jp.",
            "Type": "A",
            "AliasTarget": {
                "HostedZoneId": "Z2FDTNDATAQYW2",
                "DNSName": "d2iuyptn2rpvng.cloudfront.net.",
                "EvaluateTargetHealth": false
            }
        },
        {
            "Name": "main.amplify.cloudnativedays.jp.",
            "Type": "CNAME",
            "TTL": 500,
            "ResourceRecords": [
                {
                    "Value": "d2iuyptn2rpvng.cloudfront.net"
                }
            ]
        },
        {
            "Name": "argocd.cloudnativedays.jp.",
            "Type": "A",
            "AliasTarget": {
                "HostedZoneId": "Z31USIVHYNEOWT",
                "DNSName": "k8s-projectc-envoy-d63cbb4ba4-6092a46f218ed5a4.elb.ap-northeast-1.amazonaws.com.",
                "EvaluateTargetHealth": false
            }
        },
        {
            "Name": "autodiscover.cloudnativedays.jp.",
            "Type": "CNAME",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "autodiscover.mail.us-east-1.awsapps.com."
                }
            ]
        },
        {
            "Name": "cndt2020.cloudnativedays.jp.",
            "Type": "A",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "185.199.110.153"
                },
                {
                    "Value": "185.199.109.153"
                },
                {
                    "Value": "185.199.111.153"
                },
                {
                    "Value": "185.199.108.153"
                }
            ]
        },
        {
            "Name": "\\052.dev.cloudnativedays.jp.",
            "Type": "A",
            "AliasTarget": {
                "HostedZoneId": "Z31USIVHYNEOWT",
                "DNSName": "k8s-projectc-envoy-d63cbb4ba4-6092a46f218ed5a4.elb.ap-northeast-1.amazonaws.com.",
                "EvaluateTargetHealth": false
            }
        },
        {
            "Name": "\\052.dreamkast.cloudnativedays.jp.",
            "Type": "A",
            "AliasTarget": {
                "HostedZoneId": "Z31USIVHYNEOWT",
                "DNSName": "k8s-projectc-envoy-d63cbb4ba4-6092a46f218ed5a4.elb.ap-northeast-1.amazonaws.com.",
                "EvaluateTargetHealth": false
            }
        },
        {
            "Name": "event.cloudnativedays.jp.",
            "Type": "A",
            "AliasTarget": {
                "HostedZoneId": "Z31USIVHYNEOWT",
                "DNSName": "k8s-projectc-envoy-d63cbb4ba4-6092a46f218ed5a4.elb.ap-northeast-1.amazonaws.com.",
                "EvaluateTargetHealth": false
            }
        },
        {
            "Name": "grafana.cloudnativedays.jp.",
            "Type": "A",
            "AliasTarget": {
                "HostedZoneId": "Z31USIVHYNEOWT",
                "DNSName": "k8s-projectc-envoy-d63cbb4ba4-6092a46f218ed5a4.elb.ap-northeast-1.amazonaws.com.",
                "EvaluateTargetHealth": true
            }
        },
        {
            "Name": "mail.cloudnativedays.jp.",
            "Type": "MX",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "10 feedback-smtp.ap-northeast-1.amazonses.com"
                }
            ]
        },
        {
            "Name": "mail.cloudnativedays.jp.",
            "Type": "TXT",
            "TTL": 300,
            "ResourceRecords": [
                {
                    "Value": "\"v=spf1 include:amazonses.com ~all\""
                }
            ]
        },
        {
            "Name": "www.cloudnativedays.jp.",
            "Type": "CNAME",
            "TTL": 500,
            "ResourceRecords": [
                {
                    "Value": "d1a4x6v0xwg3pp.cloudfront.net"
                }
            ]
        }
    ]
}

ShotaKitazawa commented 3 years ago

エラー内容

$ aws --region ap-northeast-1 amplify list-domain-associations --app-id d3mqh41raiylz
{
    "domainAssociations": [
        {
            "domainAssociationArn": "arn:aws:amplify:ap-northeast-1:607167088920:apps/d3mqh41raiylz/domains/cloudnativedays.jp",
            "domainName": "cloudnativedays.jp",
            "enableAutoSubDomain": false,
            "domainStatus": "FAILED",
            "statusReason": "[CNAMEAlreadyExistsException] The following CloudFront distributions are already using one or more of your domains: [Distribution: *******7WB3LA1 in AWS Account: ******338022]. If you own these distributions, please remove the domains from them first and then retry adding your domain. If you don't own them, then you may already have associated this domain to another Amplify App in another account or region. You can also check our troubleshooting guide for more help: https://docs.aws.amazon.com/amplify/latest/userguide/custom-domain-troubleshoot-guide.html",
            "certificateVerificationDNSRecord": "_7d749218cdaa10a3dff6364c165ab6d9.cloudnativedays.jp. CNAME _1b2db75c5ab23e8e6fb2625e9c6d45c4.zjfbrrwmzc.acm-validations.aws.",
            "subDomains": [
                {
                    "subDomainSetting": {
                        "branchName": "main"
                    },
                    "verified": false,
                    "dnsRecord": " CNAME dduhl9wbe290v.cloudfront.net"
                },
                {
                    "subDomainSetting": {
                        "prefix": "www",
                        "branchName": "main"
                    },
                    "verified": false,
                    "dnsRecord": "www CNAME dduhl9wbe290v.cloudfront.net"
                }
            ]
        }
    ]
}

ShotaKitazawa commented 3 years ago

The following CloudFront distributions are already using one or more of your domains より CloudFront が悪い？

CloudFront を見ると、 last modified が 7/5 なリソースが2つ見つかった、どちらも S3 のバケットを見に行く設定がされてるが Route53 の解決先アドレスとは異なるドメインに見えるので ~~今は使われてなさそうに見える~~ disable にしたら amplify.cloudnativedays.jp も繋がらなくなったので使われてはいる

ShotaKitazawa commented 3 years ago

インプレスで管理しているAWSアカウントのCloudFrontに cloudnativedays.jp 用のDistributionが存在していたことが上記エラーの原因
消してもらってから再度 Amplify のカスタムドメイン設定をして、無事完走

cloudnativedaysjp / website

cloudnativedaysjp/website のローンチ #21

やること

移行作業失敗まとめ

概要

原因

Next Actions

メモ: 作業前のゾーン `cloudnativedays.jp` のレコードセット

cloudnativedaysjp / website

cloudnativedaysjp/website のローンチ #21

やること

移行作業失敗まとめ

概要

原因

Next Actions

メモ: 作業前のゾーン cloudnativedays.jp のレコードセット

メモ: 作業前のゾーン `cloudnativedays.jp` のレコードセット