Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
cdk-cross-account-route53
Advanced tools
CDK Construct to allow creation of Route 53 records in a different account
AWS CDK Constructs that define:
These constructs allow you to create Route53 records where the zone exists in a separate AWS account to the Cloudformation Stack.
yarn add cdk-cross-account-route53
First create the role in the stack for the AWS account which contains the hosted zone.
// DNS Stack
const zone = new route53.PublicHostedZone(this, 'HostedZone', {
zoneName: 'example.com',
});
new CrossAccountRoute53Role(this, 'WebRoute53Role', {
roleName: 'WebRoute53Role',
assumedBy: new iam.AccountPrincipal('22222222'), // Web Stack Account
zone,
records: [{ domainNames: 'www.example.com' }],
});
Then in the child stack create the records
const hostedZoneId = 'Z12345'; // ID of the zone in the other account
const distribution = new cloudfront.Distribution(this, 'Distribution', {
domainNames: ['example.com'],
});
new CrossAccountRoute53RecordSet(this, 'ARecord', {
delegationRoleName: 'WebRoute53Role',
delegationRoleAccount: '111111111', // The account that contains the zone and role
hostedZoneId,
resourceRecordSets: [{
Name: `example.com`,
Type: 'A',
AliasTarget: {
DNSName: distribution.distributionDomainName,
HostedZoneId: 'Z2FDTNDATAQYW2', // Cloudfront Hosted Zone Id
EvaluateTargetHealth: false,
},
}],
});
new CrossAccountRoute53Role(scope: Construct, id: string, props: CrossAccountRoute53RoleProps)
Parameters
Name | Type | Description |
---|---|---|
roleName | string | The role name |
assumedBy | iam.IPrincipal | The principals that are allowed to assume the role |
zone | route53.IHostedZone | The hosted zone. |
records | CrossAccountRoute53RolePropsRecord[] | The records that can be created by this role |
Name | Type | Description |
---|---|---|
domainNames | string | string[] | The names of the records that can be created or changed |
types | route53.RecordType[] | The typepsof records that can be created. Default ['A', 'AAAA'] |
actions | 'CREATE' | 'UPSERT' | 'DELETE' | The allowed actions. Default ['CREATE', 'UPSERT', 'DELETE'] |
new CrossAccountRoute53RecordSet(scope: Construct, id: string, props: CrossAccountRoute53RecordSetProps)
Parameters
Name | Type | Description |
---|---|---|
delegationRoleName | string | The role name created in the account with the hosted zone |
delegationRoleAccount | string | The account identfier of the account with the hosted zone |
hostedZoneId | string | The hosted zoned id |
resourceRecordSets | Route53.ResourceRecordSets | The changes to be applied. These are in the same format as taken by ChangeResourceRecordSets Action |
These constructs will stay in v0.x.x
for a while, to allow easier bug fixing & breaking changes if absolutely needed.
Once bugs are fixed (if any), the constructs will be published with v1
major version and will be marked as stable.
Only typescript has been tested.
npm run build
compile typescript to jsnpm run watch
watch for changes and compilenpm run test
perform the jest unit testsFAQs
CDK Construct to allow creation of Route 53 records in a different account
We found that cdk-cross-account-route53 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.