From a6a74801f6a36c84f7a13e4ac774393c4e4434c4 Mon Sep 17 00:00:00 2001 From: Samson Keung Date: Mon, 3 Jun 2024 10:09:30 -0700 Subject: [PATCH 1/3] CrossAccountZoneDelegationRecord: throw if delegatedZone is imported --- .../aws-cdk-lib/aws-route53/lib/record-set.ts | 4 ++++ .../aws-route53/test/record-set.test.ts | 21 +++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts index 6706443b1f260..3ee6f4aee669c 100644 --- a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts +++ b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts @@ -929,6 +929,10 @@ export class CrossAccountZoneDelegationRecord extends Construct { throw Error('Only one of parentHostedZoneName and parentHostedZoneId is supported'); } + if (!props.delegatedZone.hostedZoneNameServers) { + throw Error(`Not able to retrieve Name Servers for ${props.delegatedZone.zoneName} due to it being imported.`); + } + const provider = CrossAccountZoneDelegationProvider.getOrCreateProvider(this, CROSS_ACCOUNT_ZONE_DELEGATION_RESOURCE_TYPE); const role = iam.Role.fromRoleArn(this, 'cross-account-zone-delegation-handler-role', provider.roleArn); diff --git a/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts b/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts index 20abd698ee68b..a8436dde7fc32 100644 --- a/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts +++ b/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts @@ -893,6 +893,27 @@ describe('record set', () => { }); }); + test('CrossAccountZoneDelegationRecord should throw if delegatedZone is imported', () => { + // GIVEN + const stack = new Stack(); + const parentZone = new route53.PublicHostedZone(stack, 'ParentHostedZone', { + zoneName: 'myzone.com' + }); + + // WHEN + const childZone = route53.PublicHostedZone.fromPublicHostedZoneAttributes(stack, 'ChildHostedZone', { + hostedZoneId: 'fake-id', + zoneName: 'fake-name', + }); + + //THEN + expect(() => new route53.CrossAccountZoneDelegationRecord(stack, 'Delegation', { + delegatedZone: childZone, + parentHostedZoneId: parentZone.hostedZoneId, + delegationRole: parentZone.crossAccountZoneDelegationRole!, + })).toThrow(/Not able to retrieve Name Servers for fake-name due to it being imported./); + }); + testDeprecated('Cross account zone delegation record with parentHostedZoneName', () => { // GIVEN const stack = new Stack(); From 45efba52ab41e602e391303b31339b2e417b3699 Mon Sep 17 00:00:00 2001 From: Samson Keung Date: Mon, 3 Jun 2024 11:46:35 -0700 Subject: [PATCH 2/3] linting fix: missing comma --- packages/aws-cdk-lib/aws-route53/test/record-set.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts b/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts index a8436dde7fc32..9974237f6292c 100644 --- a/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts +++ b/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts @@ -897,7 +897,7 @@ describe('record set', () => { // GIVEN const stack = new Stack(); const parentZone = new route53.PublicHostedZone(stack, 'ParentHostedZone', { - zoneName: 'myzone.com' + zoneName: 'myzone.com', }); // WHEN From 5f048b21640c0f8d3c6254141bdf0de67ebe1aa0 Mon Sep 17 00:00:00 2001 From: Samson Keung Date: Mon, 3 Jun 2024 15:42:18 -0700 Subject: [PATCH 3/3] Update Route53 README --- packages/aws-cdk-lib/aws-route53/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-route53/README.md b/packages/aws-cdk-lib/aws-route53/README.md index 1c26a12541242..6fd275a2eb478 100644 --- a/packages/aws-cdk-lib/aws-route53/README.md +++ b/packages/aws-cdk-lib/aws-route53/README.md @@ -313,7 +313,7 @@ const delegationRole = iam.Role.fromRoleArn(this, 'DelegationRole', delegationRo // create the record new route53.CrossAccountZoneDelegationRecord(this, 'delegate', { - delegatedZone: subZone, + delegatedZone: subZone, // Note that an imported HostedZone is not supported as Name Servers info will not be available parentHostedZoneName: 'someexample.com', // or you can use parentHostedZoneId delegationRole, });