Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | 3x 3x 3x 3x 1x 1x 1x 1x 1x 1x 1x | import * as core from '@aws-cdk/core'; import * as route53 from '@aws-cdk/aws-route53'; import {CrossAccountZoneDelegationRecord} from "./cross-account-zone-delegation-record"; /** * Properties to create delegated subzone of a zone hosted in a different account * */ export interface ICrossAccountDNSDelegatorProps { /** * The Account hosting the parent zone * Optional since can be resolved if the system has been setup with aws-bootstrap-kit */ targetAccount?: string; /** * The role to Assume in the parent zone's account which has permissions to update the parent zone * Optional since can be resolved if the system has been setup with aws-bootstrap-kit */ targetRoleToAssume?: string; /** * The parent zone Id to add the sub zone delegation NS record to * Optional since can be resolved if the system has been setup with aws-bootstrap-kit */ targetHostedZoneId?: string; /** * The sub zone name to be created */ zoneName: string; } /** * TODO: propose this to fix https://github.com/aws/aws-cdk/issues/8776 * High-level construct that creates: * 1. A public hosted zone in the current account * 2. A record name in the hosted zone id of target account * * Usage: * Create a role with the following permission: * { * "Sid": "VisualEditor0", * "Effect": "Allow", * "Action": [ * "route53:GetHostedZone", * "route53:ChangeResourceRecordSets" * ], * "Resource": "arn:aws:route53:::hostedzone/ZXXXXXXXXX" * } * * Then use the construct like this: * * const crossAccountDNSDelegatorProps: ICrossAccountDNSDelegatorProps = { * targetAccount: '1234567890', * targetRoleToAssume: 'DelegateRecordUpdateRoleInThatAccount', * targetHostedZoneId: 'ZXXXXXXXXX', * zoneName: 'subdomain.mydomain.com', * }; * * new CrossAccountDNSDelegator(this, 'CrossAccountDNSDelegatorStack', crossAccountDNSDelegatorProps); */ export class CrossAccountDNSDelegator extends core.Construct { readonly hostedZone: route53.HostedZone; constructor(scope: core.Construct, id: string, props: ICrossAccountDNSDelegatorProps) { super(scope, id); const { targetAccount, targetRoleToAssume, targetHostedZoneId, zoneName, } = props; const hostedZone = new route53.HostedZone(this, 'HostedZone', { zoneName: zoneName }); this.hostedZone = hostedZone; const delegatedNameServers: string[] = hostedZone.hostedZoneNameServers!; const currentAccountId = core.Stack.of(this).account; new CrossAccountZoneDelegationRecord(this, 'CrossAccountZoneDelegationRecord', { targetAccount: targetAccount, targetRoleToAssume: targetRoleToAssume, targetHostedZoneId: targetHostedZoneId, recordName: zoneName, toDelegateNameServers: delegatedNameServers, currentAccountId: currentAccountId }); } } |