PublicHostedZoneProps
- class aws_cdk.aws_route53.PublicHostedZoneProps(*, zone_name, comment=None, query_logs_log_group_arn=None, caa_amazon=None, cross_account_zone_delegation_principal=None, cross_account_zone_delegation_role_name=None)
Bases:
CommonHostedZoneProps
Construction properties for a PublicHostedZone.
- Parameters:
zone_name (
str
) – The name of the domain. For resource record types that include a domain name, specify a fully qualified domain name.comment (
Optional
[str
]) – Any comments that you want to include about the hosted zone. Default: nonequery_logs_log_group_arn (
Optional
[str
]) – The Amazon Resource Name (ARN) for the log group that you want Amazon Route 53 to send query logs to. Default: disabledcaa_amazon (
Optional
[bool
]) – Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only. Default: falsecross_account_zone_delegation_principal (
Optional
[IPrincipal
]) – (deprecated) A principal which is trusted to assume a role for zone delegation. If supplied, this will create a Role in the same account as the Hosted Zone, which can be assumed by theCrossAccountZoneDelegationRecord
to create a delegation record to a zone in a different account. Be sure to indicate the account(s) that you trust to create delegation records, using eitheriam.AccountPrincipal
oriam.OrganizationPrincipal
. If you are planning to use ``iam.ServicePrincipal``s here, be sure to include region-specific service principals for every opt-in region you are going to be delegating to; or don’t use this feature and create separate roles with appropriate permissions for every opt-in region instead. Default: - No delegation configurationcross_account_zone_delegation_role_name (
Optional
[str
]) – (deprecated) The name of the role created for cross account delegation. Default: - A role name is generated automatically
- ExampleMetadata:
infused
Example:
sub_zone = route53.PublicHostedZone(self, "SubZone", zone_name="sub.someexample.com" ) # import the delegation role by constructing the roleArn delegation_role_arn = Stack.of(self).format_arn( region="", # IAM is global in each partition service="iam", account="parent-account-id", resource="role", resource_name="MyDelegationRole" ) delegation_role = iam.Role.from_role_arn(self, "DelegationRole", delegation_role_arn) # create the record route53.CrossAccountZoneDelegationRecord(self, "delegate", delegated_zone=sub_zone, parent_hosted_zone_name="someexample.com", # or you can use parentHostedZoneId delegation_role=delegation_role )
Attributes
- caa_amazon
Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only.
- Default:
false
- comment
Any comments that you want to include about the hosted zone.
- Default:
none
- cross_account_zone_delegation_principal
(deprecated) A principal which is trusted to assume a role for zone delegation.
If supplied, this will create a Role in the same account as the Hosted Zone, which can be assumed by the
CrossAccountZoneDelegationRecord
to create a delegation record to a zone in a different account.Be sure to indicate the account(s) that you trust to create delegation records, using either
iam.AccountPrincipal
oriam.OrganizationPrincipal
.If you are planning to use ``iam.ServicePrincipal``s here, be sure to include region-specific service principals for every opt-in region you are going to be delegating to; or don’t use this feature and create separate roles with appropriate permissions for every opt-in region instead.
- Default:
No delegation configuration
- Deprecated:
Create the Role yourself and call
hostedZone.grantDelegation()
.- Stability:
deprecated
- cross_account_zone_delegation_role_name
(deprecated) The name of the role created for cross account delegation.
- Default:
A role name is generated automatically
- Deprecated:
Create the Role yourself and call
hostedZone.grantDelegation()
.- Stability:
deprecated
- query_logs_log_group_arn
The Amazon Resource Name (ARN) for the log group that you want Amazon Route 53 to send query logs to.
- Default:
disabled
- zone_name
The name of the domain.
For resource record types that include a domain name, specify a fully qualified domain name.