feat(apigatewayv2): add ipAddressType support to DomainName

ykethan · ykethan · commit 336b6891ce0f · 2025-05-09T16:46:57.000-04:00
diff --git a/packages/aws-cdk-lib/aws-apigatewayv2/lib/common/domain-name.ts b/packages/aws-cdk-lib/aws-apigatewayv2/lib/common/domain-name.ts
@@ -1,4 +1,5 @@
 import { Construct } from 'constructs';
+import { IpAddressType } from './api';
 import { CfnDomainName, CfnDomainNameProps } from '.././index';
 import { ICertificate } from '../../../aws-certificatemanager';
 import { IBucket } from '../../../aws-s3';
@@ -120,6 +121,14 @@ export interface EndpointOptions {
    */
   readonly securityPolicy?: SecurityPolicy;
 
+  /**
+   * The IP address types that can invoke this domain name.
+   * Use 'ipv4' to allow only IPv4 addresses to invoke the domain name, or use 'dualstack'
+   * to allow both IPv4 and IPv6 addresses to invoke the domain name.
+   * @default - undefined - AWS default is IPV4
+   */
+  readonly ipAddressType?: IpAddressType;
+
   /**
    * A public certificate issued by ACM to validate that you own a custom domain. This parameter is required
    * only when you configure mutual TLS authentication and you specify an ACM imported or private CA certificate
@@ -227,6 +236,7 @@ export class DomainName extends Resource implements IDomainName {
       endpointType: options.endpointType ? options.endpointType?.toString() : 'REGIONAL',
       ownershipVerificationCertificateArn: options.ownershipCertificate?.certificateArn,
       securityPolicy: options.securityPolicy?.toString(),
+      ipAddressType: options.ipAddressType,
     };
 
     this.validateEndpointType(domainNameConfig.endpointType);
diff --git a/packages/aws-cdk-lib/aws-apigatewayv2/test/http/domain-name.test.ts b/packages/aws-cdk-lib/aws-apigatewayv2/test/http/domain-name.test.ts
@@ -2,7 +2,7 @@ import { Template } from '../../../assertions';
 import { Certificate } from '../../../aws-certificatemanager';
 import { Bucket } from '../../../aws-s3';
 import { Stack } from '../../../core';
-import { DomainName, EndpointType, HttpApi, SecurityPolicy } from '../../lib';
+import { DomainName, EndpointType, HttpApi, SecurityPolicy, IpAddressType } from '../../lib';
 
 const domainName = 'example.com';
 const certArn = 'arn:aws:acm:us-east-1:111111111111:certificate';
@@ -270,6 +270,30 @@ describe('DomainName', () => {
     });
   });
 
+  test('domain name with IP address type set to DUAL_STACK', () => {
+    // GIVEN
+    const stack = new Stack();
+
+    // WHEN
+    new DomainName(stack, 'DomainName', {
+      domainName,
+      certificate: Certificate.fromCertificateArn(stack, 'cert', certArn),
+      ipAddressType: IpAddressType.DUAL_STACK,
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::DomainName', {
+      DomainName: 'example.com',
+      DomainNameConfigurations: [
+        {
+          CertificateArn: 'arn:aws:acm:us-east-1:111111111111:certificate',
+          EndpointType: 'REGIONAL',
+          IpAddressType: 'dualstack',
+        },
+      ],
+    });
+  });
+
   test('throws when ownerhsip cert is used for non-mtls domain', () => {
     // GIVEN
     const stack = new Stack();
