PublicHostedZoneProps
- class aws_cdk.aws_route53.PublicHostedZoneProps(*, zone_name, add_trailing_dot=None, comment=None, query_logs_log_group_arn=None, caa_amazon=None, cross_account_zone_delegation_principal=None, cross_account_zone_delegation_role_name=None)
Bases:
CommonHostedZoneProps
Construction properties for a PublicHostedZone.
- Parameters:
zone_name (
str
) – The name of the domain. For resource record types that include a domain name, specify a fully qualified domain name.add_trailing_dot (
Optional
[bool
]) – Whether to add a trailing dot to the zone name. Default: truecomment (
Optional
[str
]) – Any comments that you want to include about the hosted zone. Default: nonequery_logs_log_group_arn (
Optional
[str
]) – The Amazon Resource Name (ARN) for the log group that you want Amazon Route 53 to send query logs to. Default: disabledcaa_amazon (
Optional
[bool
]) – Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only. Default: falsecross_account_zone_delegation_principal (
Optional
[IPrincipal
]) – (deprecated) A principal which is trusted to assume a role for zone delegation. If supplied, this will create a Role in the same account as the Hosted Zone, which can be assumed by theCrossAccountZoneDelegationRecord
to create a delegation record to a zone in a different account. Be sure to indicate the account(s) that you trust to create delegation records, using eitheriam.AccountPrincipal
oriam.OrganizationPrincipal
. If you are planning to use ``iam.ServicePrincipal``s here, be sure to include region-specific service principals for every opt-in region you are going to be delegating to; or don’t use this feature and create separate roles with appropriate permissions for every opt-in region instead. Default: - No delegation configurationcross_account_zone_delegation_role_name (
Optional
[str
]) – (deprecated) The name of the role created for cross account delegation. Default: - A role name is generated automatically
- ExampleMetadata:
infused
Example:
parent_zone = route53.PublicHostedZone(self, "HostedZone", zone_name="someexample.com" ) cross_account_role = iam.Role(self, "CrossAccountRole", # The role name must be predictable role_name="MyDelegationRole", # The other account assumed_by=iam.AccountPrincipal("12345678901"), # You can scope down this role policy to be least privileged. # If you want the other account to be able to manage specific records, # you can scope down by resource and/or normalized record names inline_policies={ "cross_account_policy": iam.PolicyDocument( statements=[ iam.PolicyStatement( sid="ListHostedZonesByName", effect=iam.Effect.ALLOW, actions=["route53:ListHostedZonesByName"], resources=["*"] ), iam.PolicyStatement( sid="GetHostedZoneAndChangeResourceRecordSets", effect=iam.Effect.ALLOW, actions=["route53:GetHostedZone", "route53:ChangeResourceRecordSets"], # This example assumes the RecordSet subdomain.somexample.com # is contained in the HostedZone resources=["arn:aws:route53:::hostedzone/HZID00000000000000000"], conditions={ "ForAllValues:StringLike": { "route53:ChangeResourceRecordSetsNormalizedRecordNames": ["subdomain.someexample.com" ] } } ) ] ) } ) parent_zone.grant_delegation(cross_account_role)
Attributes
- add_trailing_dot
Whether to add a trailing dot to the zone name.
- Default:
true
- caa_amazon
Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only.
- Default:
false
- comment
Any comments that you want to include about the hosted zone.
- Default:
none
- cross_account_zone_delegation_principal
(deprecated) A principal which is trusted to assume a role for zone delegation.
If supplied, this will create a Role in the same account as the Hosted Zone, which can be assumed by the
CrossAccountZoneDelegationRecord
to create a delegation record to a zone in a different account.Be sure to indicate the account(s) that you trust to create delegation records, using either
iam.AccountPrincipal
oriam.OrganizationPrincipal
.If you are planning to use ``iam.ServicePrincipal``s here, be sure to include region-specific service principals for every opt-in region you are going to be delegating to; or don’t use this feature and create separate roles with appropriate permissions for every opt-in region instead.
- Default:
No delegation configuration
- Deprecated:
Create the Role yourself and call
hostedZone.grantDelegation()
.- Stability:
deprecated
- cross_account_zone_delegation_role_name
(deprecated) The name of the role created for cross account delegation.
- Default:
A role name is generated automatically
- Deprecated:
Create the Role yourself and call
hostedZone.grantDelegation()
.- Stability:
deprecated
- query_logs_log_group_arn
The Amazon Resource Name (ARN) for the log group that you want Amazon Route 53 to send query logs to.
- Default:
disabled
- zone_name
The name of the domain.
For resource record types that include a domain name, specify a fully qualified domain name.