写到这里真想问候相关政策的制定者,搞得一个全球化的产品到了中国都要带上xxx特色。
1. 用s3cmd --configure 配置完毕,发现 s3cmd not working with a bucket in the "cn-north-1" region,需要编辑 .s3cfg
bucket_location = cn-north-1
host_base = s3.cn-north-1.amazonaws.com.cn
host_bucket = %(bucket)s.s3.cn-north-1.amazonaws.com.cn
website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com.cn/
2. Arn的一个问题:
-
{
-
"Version": "2012-10-17",
-
"Statement": [
-
{
-
"Effect": "Allow",
-
"Action": "s3:*",
-
"Resource": ["arn:aws:s3:::xx", "arn:aws:s3:::xx/*"] }
-
] }
唯独在cn-north-1 不可用,而且很诡异,找半天找不到,原来在中国区应该是arn:aws-cn(就是加了个-cn来标记,服了,坑爹啊.
3. NatGateway不可用,
-
You can now use Network Address Translation (NAT) Gateway, a highly available AWS managed service that makes it easy to connect to the Internet fro
-
m instances within a private subnet in an AWS Virtual Private Cloud (VPC). Previously, you needed to launch a NAT instance to enable NAT for insta
-
nces in a private subnet.
-
Amazon VPC NAT Gateway is available in the US East (N. Virginia), US West (Oregon), US West (N. California), EU (Ireland), Asia Pacific (Tokyo), As
-
ia Pacific (Singapore), and Asia Pacific (Sydney) regions.
上述唯独没提到cn-north-1,所以建议的做法是,自己搞。当然你用CloudFormation的话估计得用condition来处理了。
一般做法是: 做好Nat的AMI, 监控Nat instance,发现其不可用,调用aws的API,速度在另外一个AZ上
launch一个nat instance, 然后改路由表把内网出去的路由改为新的Instance id即可。
不知道cloudwatch可以不可以做到。改天看下官方文档。
阅读(4240) | 评论(0) | 转发(0) |