PublicHostedZoneProps

class aws_cdk.aws_route53.PublicHostedZoneProps(*, zone_name, comment=None, query_logs_log_group_arn=None, caa_amazon=None, cross_account_zone_delegation_principal=None, cross_account_zone_delegation_role_name=None)

Bases: CommonHostedZoneProps

Construction properties for a PublicHostedZone.

Parameters:
  • zone_name (str) – The name of the domain. For resource record types that include a domain name, specify a fully qualified domain name.

  • comment (Optional[str]) – Any comments that you want to include about the hosted zone. Default: none

  • query_logs_log_group_arn (Optional[str]) – The Amazon Resource Name (ARN) for the log group that you want Amazon Route 53 to send query logs to. Default: disabled

  • caa_amazon (Optional[bool]) – Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only. Default: false

  • cross_account_zone_delegation_principal (Optional[IPrincipal]) – (deprecated) A principal which is trusted to assume a role for zone delegation. If supplied, this will create a Role in the same account as the Hosted Zone, which can be assumed by the CrossAccountZoneDelegationRecord to create a delegation record to a zone in a different account. Be sure to indicate the account(s) that you trust to create delegation records, using either iam.AccountPrincipal or iam.OrganizationPrincipal. If you are planning to use ``iam.ServicePrincipal``s here, be sure to include region-specific service principals for every opt-in region you are going to be delegating to; or don’t use this feature and create separate roles with appropriate permissions for every opt-in region instead. Default: - No delegation configuration

  • cross_account_zone_delegation_role_name (Optional[str]) – (deprecated) The name of the role created for cross account delegation. Default: - A role name is generated automatically

ExampleMetadata:

infused

Example:

sub_zone = route53.PublicHostedZone(self, "SubZone",
    zone_name="sub.someexample.com"
)

# import the delegation role by constructing the roleArn
delegation_role_arn = Stack.of(self).format_arn(
    region="",  # IAM is global in each partition
    service="iam",
    account="parent-account-id",
    resource="role",
    resource_name="MyDelegationRole"
)
delegation_role = iam.Role.from_role_arn(self, "DelegationRole", delegation_role_arn)

# create the record
route53.CrossAccountZoneDelegationRecord(self, "delegate",
    delegated_zone=sub_zone,
    parent_hosted_zone_name="someexample.com",  # or you can use parentHostedZoneId
    delegation_role=delegation_role
)

Attributes

caa_amazon

Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only.

Default:

false

comment

Any comments that you want to include about the hosted zone.

Default:

none

cross_account_zone_delegation_principal

(deprecated) A principal which is trusted to assume a role for zone delegation.

If supplied, this will create a Role in the same account as the Hosted Zone, which can be assumed by the CrossAccountZoneDelegationRecord to create a delegation record to a zone in a different account.

Be sure to indicate the account(s) that you trust to create delegation records, using either iam.AccountPrincipal or iam.OrganizationPrincipal.

If you are planning to use ``iam.ServicePrincipal``s here, be sure to include region-specific service principals for every opt-in region you are going to be delegating to; or don’t use this feature and create separate roles with appropriate permissions for every opt-in region instead.

Default:
  • No delegation configuration

Deprecated:

Create the Role yourself and call hostedZone.grantDelegation().

Stability:

deprecated

cross_account_zone_delegation_role_name

(deprecated) The name of the role created for cross account delegation.

Default:
  • A role name is generated automatically

Deprecated:

Create the Role yourself and call hostedZone.grantDelegation().

Stability:

deprecated

query_logs_log_group_arn

The Amazon Resource Name (ARN) for the log group that you want Amazon Route 53 to send query logs to.

Default:

disabled

zone_name

The name of the domain.

For resource record types that include a domain name, specify a fully qualified domain name.