Class PublicHostedZoneProps
Construction properties for a PublicHostedZone.
Inheritance
Namespace: Amazon.CDK.AWS.Route53
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class PublicHostedZoneProps : Object, IPublicHostedZoneProps, ICommonHostedZoneProps
Syntax (vb)
Public Class PublicHostedZoneProps
Inherits Object
Implements IPublicHostedZoneProps, ICommonHostedZoneProps
Remarks
ExampleMetadata: infused
Examples
var parentZone = new PublicHostedZone(this, "HostedZone", new PublicHostedZoneProps {
ZoneName = "someexample.com"
});
var crossAccountRole = new Role(this, "CrossAccountRole", new RoleProps {
// The role name must be predictable
RoleName = "MyDelegationRole",
// The other account
AssumedBy = new AccountPrincipal("12345678901"),
// You can scope down this role policy to be least privileged.
// If you want the other account to be able to manage specific records,
// you can scope down by resource and/or normalized record names
InlinePolicies = new Dictionary<string, PolicyDocument> {
{ "crossAccountPolicy", new PolicyDocument(new PolicyDocumentProps {
Statements = new [] {
new PolicyStatement(new PolicyStatementProps {
Sid = "ListHostedZonesByName",
Effect = Effect.ALLOW,
Actions = new [] { "route53:ListHostedZonesByName" },
Resources = new [] { "*" }
}),
new PolicyStatement(new PolicyStatementProps {
Sid = "GetHostedZoneAndChangeResourceRecordSets",
Effect = Effect.ALLOW,
Actions = new [] { "route53:GetHostedZone", "route53:ChangeResourceRecordSets" },
// This example assumes the RecordSet subdomain.somexample.com
// is contained in the HostedZone
Resources = new [] { "arn:aws:route53:::hostedzone/HZID00000000000000000" },
Conditions = new Dictionary<string, object> {
{ "ForAllValues:StringLike", new Dictionary<string, string[]> {
{ "route53:ChangeResourceRecordSetsNormalizedRecordNames", new [] { "subdomain.someexample.com" } }
} }
}
}) }
}) }
}
});
parentZone.GrantDelegation(crossAccountRole);
Synopsis
Constructors
PublicHostedZoneProps() |
Properties
AddTrailingDot | Whether to add a trailing dot to the zone name. |
CaaAmazon | Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only. |
Comment | Any comments that you want to include about the hosted zone. |
CrossAccountZoneDelegationPrincipal | (deprecated) A principal which is trusted to assume a role for zone delegation. |
CrossAccountZoneDelegationRoleName | (deprecated) The name of the role created for cross account delegation. |
QueryLogsLogGroupArn | The Amazon Resource Name (ARN) for the log group that you want Amazon Route 53 to send query logs to. |
ZoneName | The name of the domain. |
Constructors
PublicHostedZoneProps()
public PublicHostedZoneProps()
Properties
AddTrailingDot
Whether to add a trailing dot to the zone name.
public Nullable<bool> AddTrailingDot { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: true
CaaAmazon
Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only.
public Nullable<bool> CaaAmazon { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
Comment
Any comments that you want to include about the hosted zone.
public string Comment { get; set; }
Property Value
System.String
Remarks
Default: none
CrossAccountZoneDelegationPrincipal
(deprecated) A principal which is trusted to assume a role for zone delegation.
public IPrincipal CrossAccountZoneDelegationPrincipal { get; set; }
Property Value
Remarks
If supplied, this will create a Role in the same account as the Hosted
Zone, which can be assumed by the CrossAccountZoneDelegationRecord
to
create a delegation record to a zone in a different account.
Be sure to indicate the account(s) that you trust to create delegation
records, using either iam.AccountPrincipal
or iam.OrganizationPrincipal
.
If you are planning to use iam.ServicePrincipal
s here, be sure to include
region-specific service principals for every opt-in region you are going to
be delegating to; or don't use this feature and create separate roles
with appropriate permissions for every opt-in region instead.
Default: - No delegation configuration
Stability: Deprecated
CrossAccountZoneDelegationRoleName
(deprecated) The name of the role created for cross account delegation.
public string CrossAccountZoneDelegationRoleName { get; set; }
Property Value
System.String
Remarks
Default: - A role name is generated automatically
Stability: Deprecated
QueryLogsLogGroupArn
The Amazon Resource Name (ARN) for the log group that you want Amazon Route 53 to send query logs to.
public string QueryLogsLogGroupArn { get; set; }
Property Value
System.String
Remarks
Default: disabled
ZoneName
The name of the domain.
public string ZoneName { get; set; }
Property Value
System.String
Remarks
For resource record types that include a domain name, specify a fully qualified domain name.