AWS cn-north-1 region的一些问题

4310阅读 0评论2016-05-11 expert1
分类:系统运维

    写到这里真想问候相关政策的制定者,搞得一个全球化的产品到了中国都要带上xxx特色。

    1. 用s3cmd --configure 配置完毕,发现 s3cmd not working with a bucket in the "cn-north-1" region,需要编辑 .s3cfg   
bucket_location = cn-north-1
host_base = s3.cn-north-1.amazonaws.com.cn
host_bucket = %(bucket)s.s3.cn-north-1.amazonaws.com.cn
website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com.cn/
    2. Arn的一个问题:

  1. {
  2.   "Version": "2012-10-17",
  3.   "Statement": [
  4.     {
  5.       "Effect": "Allow",
  6.       "Action": "s3:*",
  7.       "Resource": ["arn:aws:s3:::xx", "arn:aws:s3:::xx/*"] }
  8.  ] }
  唯独在cn-north-1 不可用,而且很诡异,找半天找不到,原来在中国区应该是arn:aws-cn(就是加了个-cn来标记,服了,坑爹啊.

3.  NatGateway不可用,

  1. You can now use Network Address Translation (NAT) Gateway, a highly available AWS managed service that makes it easy to connect to the Internet fro
  2. m instances within a private subnet in an AWS Virtual Private Cloud (VPC). Previously, you needed to launch a NAT instance to enable NAT for insta
  3. nces in a private subnet.
  4. Amazon VPC NAT Gateway is available in the US East (N. Virginia), US West (Oregon), US West (N. California), EU (Ireland), Asia Pacific (Tokyo), As
  5. ia Pacific (Singapore), and Asia Pacific (Sydney) regions.
上述唯独没提到cn-north-1,所以建议的做法是,自己搞。当然你用CloudFormation的话估计得用condition来处理了。

一般做法是: 做好Nat的AMI, 监控Nat instance,发现其不可用,调用aws的API,速度在另外一个AZ上launch一个nat instance, 然后改路由表把内网出去的路由改为新的Instance id即可。

不知道cloudwatch可以不可以做到。改天看下官方文档。
上一篇:ELK故障处理: Output-s3插件造成redis的流量下降
下一篇:bash创建AWS的vpc/ec2等备忘 (**建议用CloudFormation**)