[Route53]: CrossAccountZoneDelegationRecord should support RemovalPolicy #15211

epheat · 2021-06-19T01:30:54Z

CrossAccountZoneDelegationRecord currently does not support the application of a RemovalPolicy. When the resource is deleted, it will assume the DelegationRole and issue a ChangeResourceRecordSets call with action DELETE. In our case, we would rather leave the delegation intact (at least in production-like environments) so we don't risk tearing down our endpoints accidentally.

Use Case

We would like to apply a removal policy of RETAIN on the CrossAccountZoneDelegationRecord resource, in order to protect against accidental deletion of the resource.

Proposed Solution

let hostedZone = new HostedZone(this, 'HostedZone', {
  zoneName: 'my.cool.zone'
});

let delegation = new CrossAccountZoneDelegationRecord(this, 'CrossAccountDelegation', {
  delegatedZone: hostedZone,
  parentHostedZoneName: 'cool.zone',
  delegationRole: Role.fromRoleArn(this, 'DelegationRole', 'arn:aws:iam::000000000000:role/delegator')
});

// vvv NEW vvv
delegation.applyRemovalPolicy(RemovalPolicy.RETAIN);

Other

👋 I may be able to implement this feature request
⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

epheat · 2021-06-19T01:35:32Z

Alternatively, the CrossAccountZoneDelegationRecord could somehow inherit the RemovalPolicy from the HostedZone that it delegates to. It would be an antipattern to have a HostedZone with RemovalPolicy.DESTROY, meanwhile a Delegation with RemovalPolicy.RETAIN, since that would leave you with a dangling delegation.

njlynch · 2021-06-23T09:02:17Z

Agreed that this construct should expose a removalPolicy, and potentially default to the removal policy of the delegatedZone.

I've tagged it as P1, which means it should be on our near-term roadmap.

We welcome community contributions! If you are able, we encourage you to contribute a bug fix or new feature to the CDK. If you decide to contribute, please start an engineering discussion in this issue to ensure there is a commonly understood design before submitting code. This will minimize the number of review cycles and get your code merged faster.

…ationRecord (#15782) add support for RemovalPolicy in CrossAccountZoneDelegationRecord closes #15211 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2021-07-30T13:43:42Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

…ationRecord (aws#15782) add support for RemovalPolicy in CrossAccountZoneDelegationRecord closes aws#15211 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

epheat added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jun 19, 2021

github-actions bot assigned njlynch Jun 19, 2021

github-actions bot added the @aws-cdk/aws-route53 Related to Amazon Route 53 label Jun 19, 2021

njlynch added effort/small Small work item – less than a day of effort p1 and removed needs-triage This issue or PR still needs to be triaged. labels Jun 23, 2021

njlynch removed their assignment Jun 23, 2021

ayush987goyal mentioned this issue Jul 27, 2021

feat(Route53): add support for RemovalPolicy in CrossAccountZoneDelegationRecord #15782

Merged

mergify bot closed this as completed in #15782 Jul 30, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Route53]: CrossAccountZoneDelegationRecord should support RemovalPolicy #15211

[Route53]: CrossAccountZoneDelegationRecord should support RemovalPolicy #15211

epheat commented Jun 19, 2021

epheat commented Jun 19, 2021

njlynch commented Jun 23, 2021

github-actions bot commented Jul 30, 2021