@aws-cdk/aws-route53

Dependencies

Maintainers

Versions

288

Alerts

File Explorer

Advanced tools

License

Install Socket

Detect and block malicious and high-risk dependencies

Install

@aws-cdk/aws-route53

The CDK Construct Library for AWS::Route53

1.127.0
Source
npm

Version published: 3 years ago

Weekly downloads: 78K; increased by9.19%

Maintainers: 5

Weekly downloads

Created: 6 years ago

Source

Amazon Route53 Construct Library

To add a public hosted zone:

import * as route53 from '@aws-cdk/aws-route53';

new route53.PublicHostedZone(this, 'HostedZone', {
  zoneName: 'fully.qualified.domain.com'
});

To add a private hosted zone, use PrivateHostedZone. Note that enableDnsHostnames and enableDnsSupport must have been enabled for the VPC you're configuring for private hosted zones.

import * as ec2 from '@aws-cdk/aws-ec2';
import * as route53 from '@aws-cdk/aws-route53';

const vpc = new ec2.Vpc(this, 'VPC');

const zone = new route53.PrivateHostedZone(this, 'HostedZone', {
  zoneName: 'fully.qualified.domain.com',
  vpc    // At least one VPC has to be added to a Private Hosted Zone.
});

Additional VPCs can be added with zone.addVpc().

Adding Records

To add a TXT record to your zone:

import * as route53 from '@aws-cdk/aws-route53';

new route53.TxtRecord(this, 'TXTRecord', {
  zone: myZone,
  recordName: '_foo',  // If the name ends with a ".", it will be used as-is;
                       // if it ends with a "." followed by the zone name, a trailing "." will be added automatically;
                       // otherwise, a ".", the zone name, and a trailing "." will be added automatically.
                       // Defaults to zone root if not specified.
  values: [            // Will be quoted for you, and " will be escaped automatically.
    'Bar!',
    'Baz?'
  ],
  ttl: Duration.minutes(90),       // Optional - default is 30 minutes
});

To add a NS record to your zone:

import * as route53 from '@aws-cdk/aws-route53';

new route53.NsRecord(this, 'NSRecord', {
  zone: myZone,
  recordName: 'foo',  
  values: [            
    'ns-1.awsdns.co.uk.',
    'ns-2.awsdns.com.'
  ],
  ttl: Duration.minutes(90),       // Optional - default is 30 minutes
});

To add a DS record to your zone:

import * as route53 from '@aws-cdk/aws-route53';

new route53.DsRecord(this, 'DSRecord', {
  zone: myZone,
  recordName: 'foo',
  values: [
    '12345 3 1 123456789abcdef67890123456789abcdef67890',
  ],
  ttl: Duration.minutes(90),       // Optional - default is 30 minutes
});

To add an A record to your zone:

import * as route53 from '@aws-cdk/aws-route53';

new route53.ARecord(this, 'ARecord', {
  zone: myZone,
  target: route53.RecordTarget.fromIpAddresses('1.2.3.4', '5.6.7.8')
});

To add an A record for an EC2 instance with an Elastic IP (EIP) to your zone:

import * as ec2 from '@aws-cdk/aws-ec2';
import * as route53 from '@aws-cdk/aws-route53';

const instance = new ec2.Instance(this, 'Instance', {
  // ...
});

const elasticIp = new ec2.CfnEIP(this, 'EIP', {
  domain: 'vpc',
  instanceId: instance.instanceId
});

new route53.ARecord(this, 'ARecord', {
  zone: myZone,
  target: route53.RecordTarget.fromIpAddresses(elasticIp.ref)
});

To add an AAAA record pointing to a CloudFront distribution:

import * as route53 from '@aws-cdk/aws-route53';
import * as targets from '@aws-cdk/aws-route53-targets';

new route53.AaaaRecord(this, 'Alias', {
  zone: myZone,
  target: route53.RecordTarget.fromAlias(new targets.CloudFrontTarget(distribution))
});

Constructs are available for A, AAAA, CAA, CNAME, MX, NS, SRV and TXT records.

Use the CaaAmazonRecord construct to easily restrict certificate authorities allowed to issue certificates for a domain to Amazon only.

To add a NS record to a HostedZone in different account you can do the following:

In the account containing the parent hosted zone:

import * as route53 from '@aws-cdk/aws-route53';

const parentZone = new route53.PublicHostedZone(this, 'HostedZone', {
  zoneName: 'someexample.com',
  crossAccountZoneDelegationPrincipal: new iam.AccountPrincipal('12345678901'),
  crossAccountZoneDelegationRoleName: 'MyDelegationRole',
});

In the account containing the child zone to be delegated:

import * as iam from '@aws-cdk/aws-iam';
import * as route53 from '@aws-cdk/aws-route53';

const subZone = new route53.PublicHostedZone(this, 'SubZone', {
  zoneName: 'sub.someexample.com'
});

// import the delegation role by constructing the roleArn
const delegationRoleArn = Stack.of(this).formatArn({
  region: '', // IAM is global in each partition
  service: 'iam',
  account: 'parent-account-id',
  resource: 'role',
  resourceName: 'MyDelegationRole',
});
const delegationRole = iam.Role.fromRoleArn(this, 'DelegationRole', delegationRoleArn);

// create the record
new route53.CrossAccountZoneDelegationRecord(this, 'delegate', {
  delegatedZone: subZone,
  parentHostedZoneName: 'someexample.com', // or you can use parentHostedZoneId
  delegationRole,
});

Imports

If you don't know the ID of the Hosted Zone to import, you can use the HostedZone.fromLookup:

HostedZone.fromLookup(this, 'MyZone', {
  domainName: 'example.com'
});

HostedZone.fromLookup requires an environment to be configured. Check out the documentation for more documentation and examples. CDK automatically looks into your ~/.aws/config file for the [default] profile. If you want to specify a different account run cdk deploy --profile [profile].

new MyDevStack(app, 'dev', { 
  env: { 
    account: process.env.CDK_DEFAULT_ACCOUNT, 
    region: process.env.CDK_DEFAULT_REGION 
}});

If you know the ID and Name of a Hosted Zone, you can import it directly:

const zone = HostedZone.fromHostedZoneAttributes(this, 'MyZone', {
  zoneName: 'example.com',
  hostedZoneId: 'ZOJJZC49E0EPZ',
});

Alternatively, use the HostedZone.fromHostedZoneId to import hosted zones if you know the ID and the retrieval for the zoneName is undesirable.

const zone = HostedZone.fromHostedZoneId(this, 'MyZone', 'ZOJJZC49E0EPZ');

VPC Endpoint Service Private DNS

When you create a VPC endpoint service, AWS generates endpoint-specific DNS hostnames that consumers use to communicate with the service. For example, vpce-1234-abcdev-us-east-1.vpce-svc-123345.us-east-1.vpce.amazonaws.com. By default, your consumers access the service with that DNS name. This can cause problems with HTTPS traffic because the DNS will not match the backend certificate:

curl: (60) SSL: no alternative certificate subject name matches target host name 'vpce-abcdefghijklmnopq-rstuvwx.vpce-svc-abcdefghijklmnopq.us-east-1.vpce.amazonaws.com'

Effectively, the endpoint appears untrustworthy. To mitigate this, clients have to create an alias for this DNS name in Route53.

Private DNS for an endpoint service lets you configure a private DNS name so consumers can access the service using an existing DNS name without creating this Route53 DNS alias This DNS name can also be guaranteed to match up with the backend certificate.

Before consumers can use the private DNS name, you must verify that you have control of the domain/subdomain.

Assuming your account has ownership of the particular domain/subdomain, this construct sets up the private DNS configuration on the endpoint service, creates all the necessary Route53 entries, and verifies domain ownership.

import { Stack } from '@aws-cdk/core';
import { Vpc, VpcEndpointService } from '@aws-cdk/aws-ec2';
import { NetworkLoadBalancer } from '@aws-cdk/aws-elasticloadbalancingv2';
import { PublicHostedZone } from '@aws-cdk/aws-route53';

stack = new Stack();
vpc = new Vpc(stack, 'VPC');
nlb = new NetworkLoadBalancer(stack, 'NLB', {
  vpc,
});
vpces = new VpcEndpointService(stack, 'VPCES', {
  vpcEndpointServiceLoadBalancers: [nlb],
});
// You must use a public hosted zone so domain ownership can be verified
zone = new PublicHostedZone(stack, 'PHZ', {
  zoneName: 'aws-cdk.dev',
});
new VpcEndpointServiceDomainName(stack, 'EndpointDomain', {
  endpointService: vpces,
  domainName: 'my-stuff.aws-cdk.dev',
  publicHostedZone: zone,
});

1.127.0 (2021-10-08)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

assertions: Match.absentProperty() becomes Match.absent(), and its type changes from string to Matcher.

Features

appsync: Lambda Authorizer for AppSync GraphqlApi (#16743) (bdbe8b6), closes #16380
chatbot: allow adding a sns topic in existing SlackChannel (#16643) (d29a20b), closes #15588
cfnspec: cloudformation spec v43.0.0 (#16748) (7c473a6)
cli: hotswap deployments for StepFunctions State Machines (#16489) (c3417f6)
ec2: add X2gd instances (#16810) (6d468d2), closes #16794
ecr-assets: control docker image asset hash (#16070) (13f67e7), closes #15936
elbv2: support ALB target for NLB (#16687) (27cc821), closes #16679

Bug Fixes

assertions: hasResourceProperties is incompatible with Match.not and Match.absent (#16678) (6f0a507), closes #16626
cloudfront: EdgeFunctions cannot be created when IDs contain spaces (#16845) (b0752c5), closes #16832
cloudwatch: alarms with accountId fails in regions that don't support cross-account alarms (#16875) (54472a0), closes #16874
iam: not possible to represent Principal: * (#16843) (6829a2a)
lambda: currentVersion fails when architecture specified (#16849) (8a0d369), closes #16814
s3: auto-delete fails when bucket has been deleted manually (#16645) (7b4fa72), closes #16619

Miscellaneous Chores

assertions: replace absentProperty() with absent() and support it as a Matcher type (#16653) (c980185)

Keywords

FAQs

What is @aws-cdk/aws-route53?

Is @aws-cdk/aws-route53 popular?

Is @aws-cdk/aws-route53 well maintained?

Package last updated on 08 Oct 2021

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install