PublicHostedZoneProps

class aws_cdk.aws_route53.PublicHostedZoneProps(*, zone_name, comment=None, query_logs_log_group_arn=None, caa_amazon=None, cross_account_zone_delegation_principal=None, cross_account_zone_delegation_role_name=None)

Bases: CommonHostedZoneProps

Construction properties for a PublicHostedZone.

Parameters
  • zone_name (str) – The name of the domain. For resource record types that include a domain name, specify a fully qualified domain name.

  • comment (Optional[str]) – Any comments that you want to include about the hosted zone. Default: none

  • query_logs_log_group_arn (Optional[str]) – The Amazon Resource Name (ARN) for the log group that you want Amazon Route 53 to send query logs to. Default: disabled

  • caa_amazon (Optional[bool]) – Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only. Default: false

  • cross_account_zone_delegation_principal (Optional[IPrincipal]) – (deprecated) A principal which is trusted to assume a role for zone delegation. If supplied, this will create a Role in the same account as the Hosted Zone, which can be assumed by the CrossAccountZoneDelegationRecord to create a delegation record to a zone in a different account. Be sure to indicate the account(s) that you trust to create delegation records, using either iam.AccountPrincipal or iam.OrganizationPrincipal. If you are planning to use ``iam.ServicePrincipal``s here, be sure to include region-specific service principals for every opt-in region you are going to be delegating to; or don’t use this feature and create separate roles with appropriate permissions for every opt-in region instead. Default: - No delegation configuration

  • cross_account_zone_delegation_role_name (Optional[str]) – (deprecated) The name of the role created for cross account delegation. Default: - A role name is generated automatically

ExampleMetadata

infused

Example:

sub_zone = route53.PublicHostedZone(self, "SubZone",
    zone_name="sub.someexample.com"
)

# import the delegation role by constructing the roleArn
delegation_role_arn = Stack.of(self).format_arn(
    region="",  # IAM is global in each partition
    service="iam",
    account="parent-account-id",
    resource="role",
    resource_name="MyDelegationRole"
)
delegation_role = iam.Role.from_role_arn(self, "DelegationRole", delegation_role_arn)

# create the record
route53.CrossAccountZoneDelegationRecord(self, "delegate",
    delegated_zone=sub_zone,
    parent_hosted_zone_name="someexample.com",  # or you can use parentHostedZoneId
    delegation_role=delegation_role
)

Attributes

caa_amazon

Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only.

Default

false

comment

Any comments that you want to include about the hosted zone.

Default

none

cross_account_zone_delegation_principal

(deprecated) A principal which is trusted to assume a role for zone delegation.

If supplied, this will create a Role in the same account as the Hosted Zone, which can be assumed by the CrossAccountZoneDelegationRecord to create a delegation record to a zone in a different account.

Be sure to indicate the account(s) that you trust to create delegation records, using either iam.AccountPrincipal or iam.OrganizationPrincipal.

If you are planning to use ``iam.ServicePrincipal``s here, be sure to include region-specific service principals for every opt-in region you are going to be delegating to; or don’t use this feature and create separate roles with appropriate permissions for every opt-in region instead.

Default
  • No delegation configuration

Deprecated

Create the Role yourself and call hostedZone.grantDelegation().

Stability

deprecated

cross_account_zone_delegation_role_name

(deprecated) The name of the role created for cross account delegation.

Default
  • A role name is generated automatically

Deprecated

Create the Role yourself and call hostedZone.grantDelegation().

Stability

deprecated

query_logs_log_group_arn

The Amazon Resource Name (ARN) for the log group that you want Amazon Route 53 to send query logs to.

Default

disabled

zone_name

The name of the domain.

For resource record types that include a domain name, specify a fully qualified domain name.