# Amazon Route53 Construct Library
<!--BEGIN STABILITY BANNER-->---
> AWS CDK v1 has reached End-of-Support on 2023-06-01.
> This package is no longer being updated, and users should migrate to AWS CDK v2.
>
> For more information on how to migrate, see the [*Migrating to AWS CDK v2* guide](https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html).
---
<!--END STABILITY BANNER-->
To add a public hosted zone:
```python
route53.PublicHostedZone(self, "HostedZone",
zone_name="fully.qualified.domain.com"
)
```
To add a private hosted zone, use `PrivateHostedZone`. Note that
`enableDnsHostnames` and `enableDnsSupport` must have been enabled for the
VPC you're configuring for private hosted zones.
```python
# vpc: ec2.Vpc
zone = route53.PrivateHostedZone(self, "HostedZone",
zone_name="fully.qualified.domain.com",
vpc=vpc
)
```
Additional VPCs can be added with `zone.addVpc()`.
## Adding Records
To add a TXT record to your zone:
```python
# my_zone: route53.HostedZone
route53.TxtRecord(self, "TXTRecord",
zone=my_zone,
record_name="_foo", # If the name ends with a ".", it will be used as-is;
# if it ends with a "." followed by the zone name, a trailing "." will be added automatically;
# otherwise, a ".", the zone name, and a trailing "." will be added automatically.
# Defaults to zone root if not specified.
values=["Bar!", "Baz?"],
ttl=Duration.minutes(90)
)
```
To add a NS record to your zone:
```python
# my_zone: route53.HostedZone
route53.NsRecord(self, "NSRecord",
zone=my_zone,
record_name="foo",
values=["ns-1.awsdns.co.uk.", "ns-2.awsdns.com."
],
ttl=Duration.minutes(90)
)
```
To add a DS record to your zone:
```python
# my_zone: route53.HostedZone
route53.DsRecord(self, "DSRecord",
zone=my_zone,
record_name="foo",
values=["12345 3 1 123456789abcdef67890123456789abcdef67890"
],
ttl=Duration.minutes(90)
)
```
To add an A record to your zone:
```python
# my_zone: route53.HostedZone
route53.ARecord(self, "ARecord",
zone=my_zone,
target=route53.RecordTarget.from_ip_addresses("1.2.3.4", "5.6.7.8")
)
```
To add an A record for an EC2 instance with an Elastic IP (EIP) to your zone:
```python
# instance: ec2.Instance
# my_zone: route53.HostedZone
elastic_ip = ec2.CfnEIP(self, "EIP",
domain="vpc",
instance_id=instance.instance_id
)
route53.ARecord(self, "ARecord",
zone=my_zone,
target=route53.RecordTarget.from_ip_addresses(elastic_ip.ref)
)
```
To add an AAAA record pointing to a CloudFront distribution:
```python
import aws_cdk.aws_cloudfront as cloudfront
# my_zone: route53.HostedZone
# distribution: cloudfront.CloudFrontWebDistribution
route53.AaaaRecord(self, "Alias",
zone=my_zone,
target=route53.RecordTarget.from_alias(targets.CloudFrontTarget(distribution))
)
```
Constructs are available for A, AAAA, CAA, CNAME, MX, NS, SRV and TXT records.
Use the `CaaAmazonRecord` construct to easily restrict certificate authorities
allowed to issue certificates for a domain to Amazon only.
To add a NS record to a HostedZone in different account you can do the following:
In the account containing the parent hosted zone:
```python
parent_zone = route53.PublicHostedZone(self, "HostedZone",
zone_name="someexample.com",
cross_account_zone_delegation_principal=iam.AccountPrincipal("12345678901"),
cross_account_zone_delegation_role_name="MyDelegationRole"
)
```
In the account containing the child zone to be delegated:
```python
sub_zone = route53.PublicHostedZone(self, "SubZone",
zone_name="sub.someexample.com"
)
# import the delegation role by constructing the roleArn
delegation_role_arn = Stack.of(self).format_arn(
region="", # IAM is global in each partition
service="iam",
account="parent-account-id",
resource="role",
resource_name="MyDelegationRole"
)
delegation_role = iam.Role.from_role_arn(self, "DelegationRole", delegation_role_arn)
# create the record
route53.CrossAccountZoneDelegationRecord(self, "delegate",
delegated_zone=sub_zone,
parent_hosted_zone_name="someexample.com", # or you can use parentHostedZoneId
delegation_role=delegation_role
)
```
## Imports
If you don't know the ID of the Hosted Zone to import, you can use the
`HostedZone.fromLookup`:
```python
route53.HostedZone.from_lookup(self, "MyZone",
domain_name="example.com"
)
```
`HostedZone.fromLookup` requires an environment to be configured. Check
out the [documentation](https://docs.aws.amazon.com/cdk/latest/guide/environments.html) for more documentation and examples. CDK
automatically looks into your `~/.aws/config` file for the `[default]` profile.
If you want to specify a different account run `cdk deploy --profile [profile]`.
```text
new MyDevStack(app, 'dev', {
env: {
account: process.env.CDK_DEFAULT_ACCOUNT,
region: process.env.CDK_DEFAULT_REGION,
},
});
```
If you know the ID and Name of a Hosted Zone, you can import it directly:
```python
zone = route53.HostedZone.from_hosted_zone_attributes(self, "MyZone",
zone_name="example.com",
hosted_zone_id="ZOJJZC49E0EPZ"
)
```
Alternatively, use the `HostedZone.fromHostedZoneId` to import hosted zones if
you know the ID and the retrieval for the `zoneName` is undesirable.
```python
zone = route53.HostedZone.from_hosted_zone_id(self, "MyZone", "ZOJJZC49E0EPZ")
```
You can import a Public Hosted Zone as well with the similar `PubicHostedZone.fromPublicHostedZoneId` and `PubicHostedZone.fromPublicHostedZoneAttributes` methods:
```python
zone_from_attributes = route53.PublicHostedZone.from_public_hosted_zone_attributes(self, "MyZone",
zone_name="example.com",
hosted_zone_id="ZOJJZC49E0EPZ"
)
# Does not know zoneName
zone_from_id = route53.PublicHostedZone.from_public_hosted_zone_id(self, "MyZone", "ZOJJZC49E0EPZ")
```
## VPC Endpoint Service Private DNS
When you create a VPC endpoint service, AWS generates endpoint-specific DNS hostnames that consumers use to communicate with the service.
For example, vpce-1234-abcdev-us-east-1.vpce-svc-123345.us-east-1.vpce.amazonaws.com.
By default, your consumers access the service with that DNS name.
This can cause problems with HTTPS traffic because the DNS will not match the backend certificate:
```console
curl: (60) SSL: no alternative certificate subject name matches target host name 'vpce-abcdefghijklmnopq-rstuvwx.vpce-svc-abcdefghijklmnopq.us-east-1.vpce.amazonaws.com'
```
Effectively, the endpoint appears untrustworthy. To mitigate this, clients have to create an alias for this DNS name in Route53.
Private DNS for an endpoint service lets you configure a private DNS name so consumers can
access the service using an existing DNS name without creating this Route53 DNS alias
This DNS name can also be guaranteed to match up with the backend certificate.
Before consumers can use the private DNS name, you must verify that you have control of the domain/subdomain.
Assuming your account has ownership of the particular domain/subdomain,
this construct sets up the private DNS configuration on the endpoint service,
creates all the necessary Route53 entries, and verifies domain ownership.
```python
from aws_cdk.core import Stack
from aws_cdk.aws_ec2 import Vpc, VpcEndpointService
from aws_cdk.aws_elasticloadbalancingv2 import NetworkLoadBalancer
from aws_cdk.aws_route53 import PublicHostedZone, VpcEndpointServiceDomainName
stack = Stack()
vpc = Vpc(stack, "VPC")
nlb = NetworkLoadBalancer(stack, "NLB",
vpc=vpc
)
vpces = VpcEndpointService(stack, "VPCES",
vpc_endpoint_service_load_balancers=[nlb]
)
# You must use a public hosted zone so domain ownership can be verified
zone = PublicHostedZone(stack, "PHZ",
zone_name="aws-cdk.dev"
)
VpcEndpointServiceDomainName(stack, "EndpointDomain",
endpoint_service=vpces,
domain_name="my-stuff.aws-cdk.dev",
public_hosted_zone=zone
)
```
Raw data
{
"_id": null,
"home_page": "https://github.com/aws/aws-cdk",
"name": "aws-cdk.aws-route53",
"maintainer": "",
"docs_url": null,
"requires_python": "~=3.7",
"maintainer_email": "",
"keywords": "",
"author": "Amazon Web Services",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/32/95/2ad029edca584a0d61a4f564fc6f087c419e06c79b18e0b89b3356d097b5/aws-cdk.aws-route53-1.204.0.tar.gz",
"platform": null,
"description": "# Amazon Route53 Construct Library\n\n<!--BEGIN STABILITY BANNER-->---\n\n\n\n\n> AWS CDK v1 has reached End-of-Support on 2023-06-01.\n> This package is no longer being updated, and users should migrate to AWS CDK v2.\n>\n> For more information on how to migrate, see the [*Migrating to AWS CDK v2* guide](https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html).\n\n---\n<!--END STABILITY BANNER-->\n\nTo add a public hosted zone:\n\n```python\nroute53.PublicHostedZone(self, \"HostedZone\",\n zone_name=\"fully.qualified.domain.com\"\n)\n```\n\nTo add a private hosted zone, use `PrivateHostedZone`. Note that\n`enableDnsHostnames` and `enableDnsSupport` must have been enabled for the\nVPC you're configuring for private hosted zones.\n\n```python\n# vpc: ec2.Vpc\n\n\nzone = route53.PrivateHostedZone(self, \"HostedZone\",\n zone_name=\"fully.qualified.domain.com\",\n vpc=vpc\n)\n```\n\nAdditional VPCs can be added with `zone.addVpc()`.\n\n## Adding Records\n\nTo add a TXT record to your zone:\n\n```python\n# my_zone: route53.HostedZone\n\n\nroute53.TxtRecord(self, \"TXTRecord\",\n zone=my_zone,\n record_name=\"_foo\", # If the name ends with a \".\", it will be used as-is;\n # if it ends with a \".\" followed by the zone name, a trailing \".\" will be added automatically;\n # otherwise, a \".\", the zone name, and a trailing \".\" will be added automatically.\n # Defaults to zone root if not specified.\n values=[\"Bar!\", \"Baz?\"],\n ttl=Duration.minutes(90)\n)\n```\n\nTo add a NS record to your zone:\n\n```python\n# my_zone: route53.HostedZone\n\n\nroute53.NsRecord(self, \"NSRecord\",\n zone=my_zone,\n record_name=\"foo\",\n values=[\"ns-1.awsdns.co.uk.\", \"ns-2.awsdns.com.\"\n ],\n ttl=Duration.minutes(90)\n)\n```\n\nTo add a DS record to your zone:\n\n```python\n# my_zone: route53.HostedZone\n\n\nroute53.DsRecord(self, \"DSRecord\",\n zone=my_zone,\n record_name=\"foo\",\n values=[\"12345 3 1 123456789abcdef67890123456789abcdef67890\"\n ],\n ttl=Duration.minutes(90)\n)\n```\n\nTo add an A record to your zone:\n\n```python\n# my_zone: route53.HostedZone\n\n\nroute53.ARecord(self, \"ARecord\",\n zone=my_zone,\n target=route53.RecordTarget.from_ip_addresses(\"1.2.3.4\", \"5.6.7.8\")\n)\n```\n\nTo add an A record for an EC2 instance with an Elastic IP (EIP) to your zone:\n\n```python\n# instance: ec2.Instance\n\n# my_zone: route53.HostedZone\n\n\nelastic_ip = ec2.CfnEIP(self, \"EIP\",\n domain=\"vpc\",\n instance_id=instance.instance_id\n)\nroute53.ARecord(self, \"ARecord\",\n zone=my_zone,\n target=route53.RecordTarget.from_ip_addresses(elastic_ip.ref)\n)\n```\n\nTo add an AAAA record pointing to a CloudFront distribution:\n\n```python\nimport aws_cdk.aws_cloudfront as cloudfront\n\n# my_zone: route53.HostedZone\n# distribution: cloudfront.CloudFrontWebDistribution\n\nroute53.AaaaRecord(self, \"Alias\",\n zone=my_zone,\n target=route53.RecordTarget.from_alias(targets.CloudFrontTarget(distribution))\n)\n```\n\nConstructs are available for A, AAAA, CAA, CNAME, MX, NS, SRV and TXT records.\n\nUse the `CaaAmazonRecord` construct to easily restrict certificate authorities\nallowed to issue certificates for a domain to Amazon only.\n\nTo add a NS record to a HostedZone in different account you can do the following:\n\nIn the account containing the parent hosted zone:\n\n```python\nparent_zone = route53.PublicHostedZone(self, \"HostedZone\",\n zone_name=\"someexample.com\",\n cross_account_zone_delegation_principal=iam.AccountPrincipal(\"12345678901\"),\n cross_account_zone_delegation_role_name=\"MyDelegationRole\"\n)\n```\n\nIn the account containing the child zone to be delegated:\n\n```python\nsub_zone = route53.PublicHostedZone(self, \"SubZone\",\n zone_name=\"sub.someexample.com\"\n)\n\n# import the delegation role by constructing the roleArn\ndelegation_role_arn = Stack.of(self).format_arn(\n region=\"\", # IAM is global in each partition\n service=\"iam\",\n account=\"parent-account-id\",\n resource=\"role\",\n resource_name=\"MyDelegationRole\"\n)\ndelegation_role = iam.Role.from_role_arn(self, \"DelegationRole\", delegation_role_arn)\n\n# create the record\nroute53.CrossAccountZoneDelegationRecord(self, \"delegate\",\n delegated_zone=sub_zone,\n parent_hosted_zone_name=\"someexample.com\", # or you can use parentHostedZoneId\n delegation_role=delegation_role\n)\n```\n\n## Imports\n\nIf you don't know the ID of the Hosted Zone to import, you can use the\n`HostedZone.fromLookup`:\n\n```python\nroute53.HostedZone.from_lookup(self, \"MyZone\",\n domain_name=\"example.com\"\n)\n```\n\n`HostedZone.fromLookup` requires an environment to be configured. Check\nout the [documentation](https://docs.aws.amazon.com/cdk/latest/guide/environments.html) for more documentation and examples. CDK\nautomatically looks into your `~/.aws/config` file for the `[default]` profile.\nIf you want to specify a different account run `cdk deploy --profile [profile]`.\n\n```text\nnew MyDevStack(app, 'dev', {\n env: {\n account: process.env.CDK_DEFAULT_ACCOUNT,\n region: process.env.CDK_DEFAULT_REGION,\n },\n});\n```\n\nIf you know the ID and Name of a Hosted Zone, you can import it directly:\n\n```python\nzone = route53.HostedZone.from_hosted_zone_attributes(self, \"MyZone\",\n zone_name=\"example.com\",\n hosted_zone_id=\"ZOJJZC49E0EPZ\"\n)\n```\n\nAlternatively, use the `HostedZone.fromHostedZoneId` to import hosted zones if\nyou know the ID and the retrieval for the `zoneName` is undesirable.\n\n```python\nzone = route53.HostedZone.from_hosted_zone_id(self, \"MyZone\", \"ZOJJZC49E0EPZ\")\n```\n\nYou can import a Public Hosted Zone as well with the similar `PubicHostedZone.fromPublicHostedZoneId` and `PubicHostedZone.fromPublicHostedZoneAttributes` methods:\n\n```python\nzone_from_attributes = route53.PublicHostedZone.from_public_hosted_zone_attributes(self, \"MyZone\",\n zone_name=\"example.com\",\n hosted_zone_id=\"ZOJJZC49E0EPZ\"\n)\n\n# Does not know zoneName\nzone_from_id = route53.PublicHostedZone.from_public_hosted_zone_id(self, \"MyZone\", \"ZOJJZC49E0EPZ\")\n```\n\n## VPC Endpoint Service Private DNS\n\nWhen you create a VPC endpoint service, AWS generates endpoint-specific DNS hostnames that consumers use to communicate with the service.\nFor example, vpce-1234-abcdev-us-east-1.vpce-svc-123345.us-east-1.vpce.amazonaws.com.\nBy default, your consumers access the service with that DNS name.\nThis can cause problems with HTTPS traffic because the DNS will not match the backend certificate:\n\n```console\ncurl: (60) SSL: no alternative certificate subject name matches target host name 'vpce-abcdefghijklmnopq-rstuvwx.vpce-svc-abcdefghijklmnopq.us-east-1.vpce.amazonaws.com'\n```\n\nEffectively, the endpoint appears untrustworthy. To mitigate this, clients have to create an alias for this DNS name in Route53.\n\nPrivate DNS for an endpoint service lets you configure a private DNS name so consumers can\naccess the service using an existing DNS name without creating this Route53 DNS alias\nThis DNS name can also be guaranteed to match up with the backend certificate.\n\nBefore consumers can use the private DNS name, you must verify that you have control of the domain/subdomain.\n\nAssuming your account has ownership of the particular domain/subdomain,\nthis construct sets up the private DNS configuration on the endpoint service,\ncreates all the necessary Route53 entries, and verifies domain ownership.\n\n```python\nfrom aws_cdk.core import Stack\nfrom aws_cdk.aws_ec2 import Vpc, VpcEndpointService\nfrom aws_cdk.aws_elasticloadbalancingv2 import NetworkLoadBalancer\nfrom aws_cdk.aws_route53 import PublicHostedZone, VpcEndpointServiceDomainName\n\nstack = Stack()\nvpc = Vpc(stack, \"VPC\")\nnlb = NetworkLoadBalancer(stack, \"NLB\",\n vpc=vpc\n)\nvpces = VpcEndpointService(stack, \"VPCES\",\n vpc_endpoint_service_load_balancers=[nlb]\n)\n# You must use a public hosted zone so domain ownership can be verified\nzone = PublicHostedZone(stack, \"PHZ\",\n zone_name=\"aws-cdk.dev\"\n)\nVpcEndpointServiceDomainName(stack, \"EndpointDomain\",\n endpoint_service=vpces,\n domain_name=\"my-stuff.aws-cdk.dev\",\n public_hosted_zone=zone\n)\n```\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "The CDK Construct Library for AWS::Route53",
"version": "1.204.0",
"project_urls": {
"Homepage": "https://github.com/aws/aws-cdk",
"Source": "https://github.com/aws/aws-cdk.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "794127d0795be15f1a73237eb9d6d48180097130c13fd02dab4ae05110aa7efa",
"md5": "f0257e7b05c230db32f6ef19c51e6ecf",
"sha256": "1a6610e7c9265128052d5b6993c55002cea36f4dabe4ed0c6e36a41507e35f34"
},
"downloads": -1,
"filename": "aws_cdk.aws_route53-1.204.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f0257e7b05c230db32f6ef19c51e6ecf",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.7",
"size": 389089,
"upload_time": "2023-06-19T21:00:43",
"upload_time_iso_8601": "2023-06-19T21:00:43.333258Z",
"url": "https://files.pythonhosted.org/packages/79/41/27d0795be15f1a73237eb9d6d48180097130c13fd02dab4ae05110aa7efa/aws_cdk.aws_route53-1.204.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "32952ad029edca584a0d61a4f564fc6f087c419e06c79b18e0b89b3356d097b5",
"md5": "8ebbb777c808312b8e4e80fd5ddeb290",
"sha256": "d1d035630131c2a93b574c7911dd6f175155a3335f72b78ce8a8cdc3529a36ee"
},
"downloads": -1,
"filename": "aws-cdk.aws-route53-1.204.0.tar.gz",
"has_sig": false,
"md5_digest": "8ebbb777c808312b8e4e80fd5ddeb290",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.7",
"size": 389724,
"upload_time": "2023-06-19T21:06:58",
"upload_time_iso_8601": "2023-06-19T21:06:58.889639Z",
"url": "https://files.pythonhosted.org/packages/32/95/2ad029edca584a0d61a4f564fc6f087c419e06c79b18e0b89b3356d097b5/aws-cdk.aws-route53-1.204.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-06-19 21:06:58",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "aws",
"github_project": "aws-cdk",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "aws-cdk.aws-route53"
}
JSON
