From cfba4432441100d1e832d970fea7e1a5b5eb254c Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Wed, 12 Jul 2023 10:31:58 +0200 Subject: [PATCH 1/5] feat(route53): add support for grantDelegation on imported PublicHostedZone --- packages/aws-cdk-lib/aws-route53/README.md | 12 +++++ .../aws-route53/lib/hosted-zone.ts | 37 +++++--------- packages/aws-cdk-lib/aws-route53/lib/util.ts | 22 ++++++++ .../aws-route53/test/hosted-zone.test.ts | 51 +++++++++++++++++++ 4 files changed, 99 insertions(+), 23 deletions(-) diff --git a/packages/aws-cdk-lib/aws-route53/README.md b/packages/aws-cdk-lib/aws-route53/README.md index 3521fe8bc7669..e6755934e7081 100644 --- a/packages/aws-cdk-lib/aws-route53/README.md +++ b/packages/aws-cdk-lib/aws-route53/README.md @@ -255,6 +255,18 @@ const zoneFromAttributes = route53.PublicHostedZone.fromPublicHostedZoneAttribut const zoneFromId = route53.PublicHostedZone.fromPublicHostedZoneId(this, 'MyZone', 'ZOJJZC49E0EPZ'); ``` +You can use `CrossAccountZoneDelegationRecord` on imported Public Hosted Zones with the `grantDelegation` method: + +```ts +const crossAccountRole = new iam.Role(this, 'CrossAccountRole', { + // The role name must be predictable + roleName: 'MyDelegationRole', + // The other account + assumedBy: new iam.AccountPrincipal('12345678901'), +}); +zoneFromId.grantDelegation(crossAccountRole); +``` + ## VPC Endpoint Service Private DNS When you create a VPC endpoint service, AWS generates endpoint-specific DNS hostnames that consumers use to communicate with the service. diff --git a/packages/aws-cdk-lib/aws-route53/lib/hosted-zone.ts b/packages/aws-cdk-lib/aws-route53/lib/hosted-zone.ts index efe94731622ae..3ce161aadaf53 100644 --- a/packages/aws-cdk-lib/aws-route53/lib/hosted-zone.ts +++ b/packages/aws-cdk-lib/aws-route53/lib/hosted-zone.ts @@ -3,7 +3,7 @@ import { HostedZoneProviderProps } from './hosted-zone-provider'; import { HostedZoneAttributes, IHostedZone, PublicHostedZoneAttributes } from './hosted-zone-ref'; import { CaaAmazonRecord, ZoneDelegationRecord } from './record-set'; import { CfnHostedZone } from './route53.generated'; -import { makeHostedZoneArn, validateZoneName } from './util'; +import { makeGrantDelegation, makeHostedZoneArn, validateZoneName } from './util'; import * as ec2 from '../../aws-ec2'; import * as iam from '../../aws-iam'; import * as cxschema from '../../cloud-assembly-schema'; @@ -238,7 +238,12 @@ export interface PublicHostedZoneProps extends CommonHostedZoneProps { /** * Represents a Route 53 public hosted zone */ -export interface IPublicHostedZone extends IHostedZone { } +export interface IPublicHostedZone extends IHostedZone { + /** + * Grant permissions to add delegation records to this zone + */ + grantDelegation(grantee: iam.IGrantable): void; +} /** * Create a Route53 public hosted zone. @@ -264,6 +269,9 @@ export class PublicHostedZone extends HostedZone implements IPublicHostedZone { public get hostedZoneArn(): string { return makeHostedZoneArn(this, this.hostedZoneId); } + public grantDelegation(grantee: iam.IGrantable) { + makeGrantDelegation(grantee, this.hostedZoneArn); + }; } return new Import(scope, id); } @@ -284,6 +292,9 @@ export class PublicHostedZone extends HostedZone implements IPublicHostedZone { public get hostedZoneArn(): string { return makeHostedZoneArn(this, this.hostedZoneId); } + public grantDelegation(grantee: iam.IGrantable) { + makeGrantDelegation(grantee, this.hostedZoneArn); + }; } return new Import(scope, id); } @@ -354,28 +365,8 @@ export class PublicHostedZone extends HostedZone implements IPublicHostedZone { }); } - /** - * Grant permissions to add delegation records to this zone - */ public grantDelegation(grantee: iam.IGrantable) { - const g1 = iam.Grant.addToPrincipal({ - grantee, - actions: ['route53:ChangeResourceRecordSets'], - resourceArns: [this.hostedZoneArn], - conditions: { - 'ForAllValues:StringEquals': { - 'route53:ChangeResourceRecordSetsRecordTypes': ['NS'], - 'route53:ChangeResourceRecordSetsActions': ['UPSERT', 'DELETE'], - }, - }, - }); - const g2 = iam.Grant.addToPrincipal({ - grantee, - actions: ['route53:ListHostedZonesByName'], - resourceArns: ['*'], - }); - - return g1.combine(g2); + makeGrantDelegation(grantee, this.hostedZoneArn); } } diff --git a/packages/aws-cdk-lib/aws-route53/lib/util.ts b/packages/aws-cdk-lib/aws-route53/lib/util.ts index b6416e49a366f..762833ff31eda 100644 --- a/packages/aws-cdk-lib/aws-route53/lib/util.ts +++ b/packages/aws-cdk-lib/aws-route53/lib/util.ts @@ -1,5 +1,6 @@ import { Construct } from 'constructs'; import { IHostedZone } from './hosted-zone-ref'; +import * as iam from '../../aws-iam'; import { Stack } from '../../core'; /** @@ -69,3 +70,24 @@ export function makeHostedZoneArn(construct: Construct, hostedZoneId: string): s resourceName: hostedZoneId, }); } + +export function makeGrantDelegation(grantee: iam.IGrantable, hostedZoneArn: string) { + const g1 = iam.Grant.addToPrincipal({ + grantee, + actions: ['route53:ChangeResourceRecordSets'], + resourceArns: [hostedZoneArn], + conditions: { + 'ForAllValues:StringEquals': { + 'route53:ChangeResourceRecordSetsRecordTypes': ['NS'], + 'route53:ChangeResourceRecordSetsActions': ['UPSERT', 'DELETE'], + }, + }, + }); + const g2 = iam.Grant.addToPrincipal({ + grantee, + actions: ['route53:ListHostedZonesByName'], + resourceArns: ['*'], + }); + + return g1.combine(g2); +} \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-route53/test/hosted-zone.test.ts b/packages/aws-cdk-lib/aws-route53/test/hosted-zone.test.ts index 4f37b586ee041..a5b2722a8adf5 100644 --- a/packages/aws-cdk-lib/aws-route53/test/hosted-zone.test.ts +++ b/packages/aws-cdk-lib/aws-route53/test/hosted-zone.test.ts @@ -288,6 +288,57 @@ test('grantDelegation', () => { }); }); +test('grantDelegation on imported public zones', () => { + // GIVEN + const stack = new cdk.Stack(undefined, 'TestStack', { + env: { account: '123456789012', region: 'us-east-1' }, + }); + + const role = new iam.Role(stack, 'Role', { + assumedBy: new iam.AccountPrincipal('22222222222222'), + }); + + const zone = PublicHostedZone.fromPublicHostedZoneId(stack, 'Zone', 'hosted-id'); + + // WHEN + zone.grantDelegation(role); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: 'route53:ChangeResourceRecordSets', + Effect: 'Allow', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':route53:::hostedzone/hosted-id', + ], + ], + }, + Condition: { + 'ForAllValues:StringEquals': { + 'route53:ChangeResourceRecordSetsRecordTypes': ['NS'], + 'route53:ChangeResourceRecordSetsActions': ['UPSERT', 'DELETE'], + }, + }, + }, + { + Action: 'route53:ListHostedZonesByName', + Effect: 'Allow', + Resource: '*', + }, + ], + }, + }); +}); + describe('Hosted Zone with dot', () => { test('Hosted Zone constructs without trailing dot by default', () => { // GIVEN From 50bc8ee5ec1c5016f1c8ffe5989eafc3a4f0e32e Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Mon, 17 Jul 2023 09:27:36 +0200 Subject: [PATCH 2/5] added integration test --- ...efaultTestDeployAssert4E6713E1.assets.json | 19 ++ ...aultTestDeployAssert4E6713E1.template.json | 36 +++ ...te53-imported-delegation-integ.assets.json | 19 ++ ...53-imported-delegation-integ.template.json | 118 +++++++++ .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 117 +++++++++ .../tree.json | 233 ++++++++++++++++++ .../test/integ.route53-imported-delegation.ts | 21 ++ 9 files changed, 576 insertions(+) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.assets.json new file mode 100644 index 0000000000000..b4769dfd10a1d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.assets.json @@ -0,0 +1,19 @@ +{ + "version": "32.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "IntegDefaultTestDeployAssert4E6713E1.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.assets.json new file mode 100644 index 0000000000000..f36b2c22c8de5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.assets.json @@ -0,0 +1,19 @@ +{ + "version": "32.0.0", + "files": { + "6fb57c70d0a4d658605cfc8d26cd1a14277eb9487b92b3ea3a5cce6e6d83554f": { + "source": { + "path": "aws-cdk-route53-imported-delegation-integ.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "6fb57c70d0a4d658605cfc8d26cd1a14277eb9487b92b3ea3a5cce6e6d83554f.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.template.json new file mode 100644 index 0000000000000..11cf9d4b64dd9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.template.json @@ -0,0 +1,118 @@ +{ + "Resources": { + "Role1ABCC5F0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "RoleDefaultPolicy5FFB7DAB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "route53:ChangeResourceRecordSets", + "Condition": { + "ForAllValues:StringEquals": { + "route53:ChangeResourceRecordSetsRecordTypes": [ + "NS" + ], + "route53:ChangeResourceRecordSetsActions": [ + "UPSERT", + "DELETE" + ] + } + }, + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":route53:::hostedzone/public-zone-id" + ] + ] + } + }, + { + "Action": "route53:ListHostedZonesByName", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "RoleDefaultPolicy5FFB7DAB", + "Roles": [ + { + "Ref": "Role1ABCC5F0" + } + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/cdk.out new file mode 100644 index 0000000000000..f0b901e7c06e5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"32.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/integ.json new file mode 100644 index 0000000000000..00f8d517f6600 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "32.0.0", + "testCases": { + "Integ/DefaultTest": { + "stacks": [ + "aws-cdk-route53-imported-delegation-integ" + ], + "assertionStack": "Integ/DefaultTest/DeployAssert", + "assertionStackName": "IntegDefaultTestDeployAssert4E6713E1" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/manifest.json new file mode 100644 index 0000000000000..853945d950717 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/manifest.json @@ -0,0 +1,117 @@ +{ + "version": "32.0.0", + "artifacts": { + "aws-cdk-route53-imported-delegation-integ.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-route53-imported-delegation-integ.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-route53-imported-delegation-integ": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-route53-imported-delegation-integ.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6fb57c70d0a4d658605cfc8d26cd1a14277eb9487b92b3ea3a5cce6e6d83554f.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-route53-imported-delegation-integ.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-route53-imported-delegation-integ.assets" + ], + "metadata": { + "/aws-cdk-route53-imported-delegation-integ/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Role1ABCC5F0" + } + ], + "/aws-cdk-route53-imported-delegation-integ/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RoleDefaultPolicy5FFB7DAB" + } + ], + "/aws-cdk-route53-imported-delegation-integ/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-route53-imported-delegation-integ/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-route53-imported-delegation-integ" + }, + "IntegDefaultTestDeployAssert4E6713E1.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "IntegDefaultTestDeployAssert4E6713E1.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "IntegDefaultTestDeployAssert4E6713E1": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "IntegDefaultTestDeployAssert4E6713E1.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "IntegDefaultTestDeployAssert4E6713E1.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "IntegDefaultTestDeployAssert4E6713E1.assets" + ], + "metadata": { + "/Integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "Integ/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/tree.json new file mode 100644 index 0000000000000..680fa5c10c673 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/tree.json @@ -0,0 +1,233 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-route53-imported-delegation-integ": { + "id": "aws-cdk-route53-imported-delegation-integ", + "path": "aws-cdk-route53-imported-delegation-integ", + "children": { + "Role": { + "id": "Role", + "path": "aws-cdk-route53-imported-delegation-integ/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "aws-cdk-route53-imported-delegation-integ/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-route53-imported-delegation-integ/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-route53-imported-delegation-integ/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-route53-imported-delegation-integ/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "route53:ChangeResourceRecordSets", + "Condition": { + "ForAllValues:StringEquals": { + "route53:ChangeResourceRecordSetsRecordTypes": [ + "NS" + ], + "route53:ChangeResourceRecordSetsActions": [ + "UPSERT", + "DELETE" + ] + } + }, + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":route53:::hostedzone/public-zone-id" + ] + ] + } + }, + { + "Action": "route53:ListHostedZonesByName", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "RoleDefaultPolicy5FFB7DAB", + "roles": [ + { + "Ref": "Role1ABCC5F0" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "PublicZone": { + "id": "PublicZone", + "path": "aws-cdk-route53-imported-delegation-integ/PublicZone", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-route53-imported-delegation-integ/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-route53-imported-delegation-integ/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "Integ": { + "id": "Integ", + "path": "Integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "Integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "Integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.55" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "Integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "Integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "Integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.55" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.ts new file mode 100644 index 0000000000000..d80f8fecedd25 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.ts @@ -0,0 +1,21 @@ +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as cdk from 'aws-cdk-lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { PublicHostedZone } from 'aws-cdk-lib/aws-route53'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-route53-imported-delegation-integ'); + +const role = new iam.Role(stack, 'Role', { + assumedBy: new iam.AccountRootPrincipal(), +}); + +const publicZone = PublicHostedZone.fromPublicHostedZoneId(stack, 'PublicZone', 'public-zone-id'); +publicZone.grantDelegation(role); + +new IntegTest(app, 'Integ', { + testCases: [stack], +}); + +app.synth(); From 9594bf00cb6cde9bc62c9204d06f96787f310200 Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Tue, 25 Jul 2023 10:47:14 +0200 Subject: [PATCH 3/5] fixed function return type --- .../aws-cdk-lib/aws-route53/lib/hosted-zone.ts | 14 +++++++------- packages/aws-cdk-lib/aws-route53/lib/util.ts | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/packages/aws-cdk-lib/aws-route53/lib/hosted-zone.ts b/packages/aws-cdk-lib/aws-route53/lib/hosted-zone.ts index 3ce161aadaf53..cbb8ad6faf524 100644 --- a/packages/aws-cdk-lib/aws-route53/lib/hosted-zone.ts +++ b/packages/aws-cdk-lib/aws-route53/lib/hosted-zone.ts @@ -242,7 +242,7 @@ export interface IPublicHostedZone extends IHostedZone { /** * Grant permissions to add delegation records to this zone */ - grantDelegation(grantee: iam.IGrantable): void; + grantDelegation(grantee: iam.IGrantable): iam.Grant; } /** @@ -269,8 +269,8 @@ export class PublicHostedZone extends HostedZone implements IPublicHostedZone { public get hostedZoneArn(): string { return makeHostedZoneArn(this, this.hostedZoneId); } - public grantDelegation(grantee: iam.IGrantable) { - makeGrantDelegation(grantee, this.hostedZoneArn); + public grantDelegation(grantee: iam.IGrantable): iam.Grant { + return makeGrantDelegation(grantee, this.hostedZoneArn); }; } return new Import(scope, id); @@ -292,8 +292,8 @@ export class PublicHostedZone extends HostedZone implements IPublicHostedZone { public get hostedZoneArn(): string { return makeHostedZoneArn(this, this.hostedZoneId); } - public grantDelegation(grantee: iam.IGrantable) { - makeGrantDelegation(grantee, this.hostedZoneArn); + public grantDelegation(grantee: iam.IGrantable): iam.Grant { + return makeGrantDelegation(grantee, this.hostedZoneArn); }; } return new Import(scope, id); @@ -365,8 +365,8 @@ export class PublicHostedZone extends HostedZone implements IPublicHostedZone { }); } - public grantDelegation(grantee: iam.IGrantable) { - makeGrantDelegation(grantee, this.hostedZoneArn); + public grantDelegation(grantee: iam.IGrantable): iam.Grant { + return makeGrantDelegation(grantee, this.hostedZoneArn); } } diff --git a/packages/aws-cdk-lib/aws-route53/lib/util.ts b/packages/aws-cdk-lib/aws-route53/lib/util.ts index 762833ff31eda..6f8f832289a98 100644 --- a/packages/aws-cdk-lib/aws-route53/lib/util.ts +++ b/packages/aws-cdk-lib/aws-route53/lib/util.ts @@ -71,7 +71,7 @@ export function makeHostedZoneArn(construct: Construct, hostedZoneId: string): s }); } -export function makeGrantDelegation(grantee: iam.IGrantable, hostedZoneArn: string) { +export function makeGrantDelegation(grantee: iam.IGrantable, hostedZoneArn: string): iam.Grant { const g1 = iam.Grant.addToPrincipal({ grantee, actions: ['route53:ChangeResourceRecordSets'], From 7523cdd29b84218779e57e4cd6978759bbc74e07 Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Tue, 25 Jul 2023 17:05:25 +0200 Subject: [PATCH 4/5] fixed README --- packages/aws-cdk-lib/aws-ec2/README.md | 4 ++-- packages/aws-cdk-lib/aws-route53/README.md | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md index 50a9ed93d6372..45fe6d024e7f2 100644 --- a/packages/aws-cdk-lib/aws-ec2/README.md +++ b/packages/aws-cdk-lib/aws-ec2/README.md @@ -980,8 +980,8 @@ Endpoint services support private DNS, which makes it easier for clients to conn You can enable private DNS on an endpoint service like so: ```ts -import { HostedZone, VpcEndpointServiceDomainName } from 'aws-cdk-lib/aws-route53'; -declare const zone: HostedZone; +import { PublicHostedZone, VpcEndpointServiceDomainName } from 'aws-cdk-lib/aws-route53'; +declare const zone: PublicHostedZone; declare const vpces: ec2.VpcEndpointService; new VpcEndpointServiceDomainName(this, 'EndpointDomain', { diff --git a/packages/aws-cdk-lib/aws-route53/README.md b/packages/aws-cdk-lib/aws-route53/README.md index b16e92b15c2ab..af2036ca097fd 100644 --- a/packages/aws-cdk-lib/aws-route53/README.md +++ b/packages/aws-cdk-lib/aws-route53/README.md @@ -298,6 +298,8 @@ const crossAccountRole = new iam.Role(this, 'CrossAccountRole', { // The other account assumedBy: new iam.AccountPrincipal('12345678901'), }); + +const zoneFromId = route53.PublicHostedZone.fromPublicHostedZoneId(this, 'MyZone', 'ZOJJZC49E0EPZ'); zoneFromId.grantDelegation(crossAccountRole); ``` From d651da10b8d1df8e698edd16c31a28c6f01d291f Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Fri, 18 Aug 2023 09:51:44 +0200 Subject: [PATCH 5/5] updated integration test --- ...dk-route53-cross-account-integ.assets.json | 4 +- ...-route53-cross-account-integ.template.json | 80 ++++++ .../manifest.json | 14 +- .../tree.json | 132 ++++++++++ .../integ.cross-account-zone-delegation.ts | 8 + ...efaultTestDeployAssert4E6713E1.assets.json | 19 -- ...aultTestDeployAssert4E6713E1.template.json | 36 --- ...te53-imported-delegation-integ.assets.json | 19 -- ...53-imported-delegation-integ.template.json | 118 --------- .../cdk.out | 1 - .../integ.json | 12 - .../manifest.json | 117 --------- .../tree.json | 233 ------------------ .../test/integ.route53-imported-delegation.ts | 21 -- 14 files changed, 235 insertions(+), 579 deletions(-) delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/integ.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/tree.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.assets.json index 03a8cf2340c2f..53d04417642e3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.assets.json @@ -14,7 +14,7 @@ } } }, - "3222f491727b0389ac87f972f2443b490ff3cee14d24c28f1527c3f085cab460": { + "52da24cb67101152630cedcc08830f183f595580f8a7f6fcef1e0aac216c7198": { "source": { "path": "aws-cdk-route53-cross-account-integ.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "3222f491727b0389ac87f972f2443b490ff3cee14d24c28f1527c3f085cab460.json", + "objectKey": "52da24cb67101152630cedcc08830f183f595580f8a7f6fcef1e0aac216c7198.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.template.json index 0dc079b05fef5..1d8521c793e6e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.template.json @@ -302,6 +302,86 @@ ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" + }, + "Role1ABCC5F0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "RoleDefaultPolicy5FFB7DAB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "route53:ChangeResourceRecordSets", + "Condition": { + "ForAllValues:StringEquals": { + "route53:ChangeResourceRecordSetsRecordTypes": [ + "NS" + ], + "route53:ChangeResourceRecordSetsActions": [ + "UPSERT", + "DELETE" + ] + } + }, + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":route53:::hostedzone/imported-public-zone-id" + ] + ] + } + }, + { + "Action": "route53:ListHostedZonesByName", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "RoleDefaultPolicy5FFB7DAB", + "Roles": [ + { + "Ref": "Role1ABCC5F0" + } + ] + } } }, "Parameters": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json index 646cd1f7d8514..4ccccaed927c8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3222f491727b0389ac87f972f2443b490ff3cee14d24c28f1527c3f085cab460.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/52da24cb67101152630cedcc08830f183f595580f8a7f6fcef1e0aac216c7198.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -93,6 +93,18 @@ "data": "DelegationWithZoneNameCrossAccountZoneDelegationCustomResourceA1A1C94A" } ], + "/aws-cdk-route53-cross-account-integ/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Role1ABCC5F0" + } + ], + "/aws-cdk-route53-cross-account-integ/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RoleDefaultPolicy5FFB7DAB" + } + ], "/aws-cdk-route53-cross-account-integ/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/tree.json index d74a2a27509b1..583d08a41ccc4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/tree.json @@ -427,6 +427,138 @@ "version": "0.0.0" } }, + "Role": { + "id": "Role", + "path": "aws-cdk-route53-cross-account-integ/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "aws-cdk-route53-cross-account-integ/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-route53-cross-account-integ/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-route53-cross-account-integ/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-route53-cross-account-integ/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "route53:ChangeResourceRecordSets", + "Condition": { + "ForAllValues:StringEquals": { + "route53:ChangeResourceRecordSetsRecordTypes": [ + "NS" + ], + "route53:ChangeResourceRecordSetsActions": [ + "UPSERT", + "DELETE" + ] + } + }, + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":route53:::hostedzone/imported-public-zone-id" + ] + ] + } + }, + { + "Action": "route53:ListHostedZonesByName", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "RoleDefaultPolicy5FFB7DAB", + "roles": [ + { + "Ref": "Role1ABCC5F0" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "ImportedPublicZone": { + "id": "ImportedPublicZone", + "path": "aws-cdk-route53-cross-account-integ/ImportedPublicZone", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-route53-cross-account-integ/BootstrapVersion", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.ts index 0e72c2df287d5..e8e5d3d154b1b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.ts @@ -32,8 +32,16 @@ new CrossAccountZoneDelegationRecord(stack, 'DelegationWithZoneName', { delegationRole: parentZone.crossAccountZoneDelegationRole!, }); +const role = new iam.Role(stack, 'Role', { + assumedBy: new iam.AccountRootPrincipal(), +}); + +const importedPublicZone = PublicHostedZone.fromPublicHostedZoneId(stack, 'ImportedPublicZone', 'imported-public-zone-id'); +importedPublicZone.grantDelegation(role); + new IntegTest(app, 'Route53CrossAccountInteg', { testCases: [stack], diffAssets: true, }); + app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.assets.json deleted file mode 100644 index b4769dfd10a1d..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "32.0.0", - "files": { - "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { - "source": { - "path": "IntegDefaultTestDeployAssert4E6713E1.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.template.json deleted file mode 100644 index ad9d0fb73d1dd..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.template.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.assets.json deleted file mode 100644 index f36b2c22c8de5..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "32.0.0", - "files": { - "6fb57c70d0a4d658605cfc8d26cd1a14277eb9487b92b3ea3a5cce6e6d83554f": { - "source": { - "path": "aws-cdk-route53-imported-delegation-integ.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "6fb57c70d0a4d658605cfc8d26cd1a14277eb9487b92b3ea3a5cce6e6d83554f.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.template.json deleted file mode 100644 index 11cf9d4b64dd9..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/aws-cdk-route53-imported-delegation-integ.template.json +++ /dev/null @@ -1,118 +0,0 @@ -{ - "Resources": { - "Role1ABCC5F0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "RoleDefaultPolicy5FFB7DAB": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "route53:ChangeResourceRecordSets", - "Condition": { - "ForAllValues:StringEquals": { - "route53:ChangeResourceRecordSetsRecordTypes": [ - "NS" - ], - "route53:ChangeResourceRecordSetsActions": [ - "UPSERT", - "DELETE" - ] - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":route53:::hostedzone/public-zone-id" - ] - ] - } - }, - { - "Action": "route53:ListHostedZonesByName", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "RoleDefaultPolicy5FFB7DAB", - "Roles": [ - { - "Ref": "Role1ABCC5F0" - } - ] - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/cdk.out deleted file mode 100644 index f0b901e7c06e5..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"32.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/integ.json deleted file mode 100644 index 00f8d517f6600..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/integ.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "version": "32.0.0", - "testCases": { - "Integ/DefaultTest": { - "stacks": [ - "aws-cdk-route53-imported-delegation-integ" - ], - "assertionStack": "Integ/DefaultTest/DeployAssert", - "assertionStackName": "IntegDefaultTestDeployAssert4E6713E1" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/manifest.json deleted file mode 100644 index 853945d950717..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/manifest.json +++ /dev/null @@ -1,117 +0,0 @@ -{ - "version": "32.0.0", - "artifacts": { - "aws-cdk-route53-imported-delegation-integ.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "aws-cdk-route53-imported-delegation-integ.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "aws-cdk-route53-imported-delegation-integ": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "aws-cdk-route53-imported-delegation-integ.template.json", - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6fb57c70d0a4d658605cfc8d26cd1a14277eb9487b92b3ea3a5cce6e6d83554f.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "aws-cdk-route53-imported-delegation-integ.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "aws-cdk-route53-imported-delegation-integ.assets" - ], - "metadata": { - "/aws-cdk-route53-imported-delegation-integ/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Role1ABCC5F0" - } - ], - "/aws-cdk-route53-imported-delegation-integ/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "RoleDefaultPolicy5FFB7DAB" - } - ], - "/aws-cdk-route53-imported-delegation-integ/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/aws-cdk-route53-imported-delegation-integ/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "aws-cdk-route53-imported-delegation-integ" - }, - "IntegDefaultTestDeployAssert4E6713E1.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "IntegDefaultTestDeployAssert4E6713E1.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "IntegDefaultTestDeployAssert4E6713E1": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "IntegDefaultTestDeployAssert4E6713E1.template.json", - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "IntegDefaultTestDeployAssert4E6713E1.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "IntegDefaultTestDeployAssert4E6713E1.assets" - ], - "metadata": { - "/Integ/DefaultTest/DeployAssert/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "Integ/DefaultTest/DeployAssert" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/tree.json deleted file mode 100644 index 680fa5c10c673..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.js.snapshot/tree.json +++ /dev/null @@ -1,233 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "aws-cdk-route53-imported-delegation-integ": { - "id": "aws-cdk-route53-imported-delegation-integ", - "path": "aws-cdk-route53-imported-delegation-integ", - "children": { - "Role": { - "id": "Role", - "path": "aws-cdk-route53-imported-delegation-integ/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "aws-cdk-route53-imported-delegation-integ/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-route53-imported-delegation-integ/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "aws-cdk-route53-imported-delegation-integ/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-route53-imported-delegation-integ/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": "route53:ChangeResourceRecordSets", - "Condition": { - "ForAllValues:StringEquals": { - "route53:ChangeResourceRecordSetsRecordTypes": [ - "NS" - ], - "route53:ChangeResourceRecordSetsActions": [ - "UPSERT", - "DELETE" - ] - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":route53:::hostedzone/public-zone-id" - ] - ] - } - }, - { - "Action": "route53:ListHostedZonesByName", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "policyName": "RoleDefaultPolicy5FFB7DAB", - "roles": [ - { - "Ref": "Role1ABCC5F0" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "PublicZone": { - "id": "PublicZone", - "path": "aws-cdk-route53-imported-delegation-integ/PublicZone", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "aws-cdk-route53-imported-delegation-integ/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "aws-cdk-route53-imported-delegation-integ/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "Integ": { - "id": "Integ", - "path": "Integ", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "Integ/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "Integ/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.55" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "Integ/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "Integ/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "Integ/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.55" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.ts deleted file mode 100644 index d80f8fecedd25..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.ts +++ /dev/null @@ -1,21 +0,0 @@ -import * as iam from 'aws-cdk-lib/aws-iam'; -import * as cdk from 'aws-cdk-lib'; -import { IntegTest } from '@aws-cdk/integ-tests-alpha'; -import { PublicHostedZone } from 'aws-cdk-lib/aws-route53'; - -const app = new cdk.App(); - -const stack = new cdk.Stack(app, 'aws-cdk-route53-imported-delegation-integ'); - -const role = new iam.Role(stack, 'Role', { - assumedBy: new iam.AccountRootPrincipal(), -}); - -const publicZone = PublicHostedZone.fromPublicHostedZoneId(stack, 'PublicZone', 'public-zone-id'); -publicZone.grantDelegation(role); - -new IntegTest(app, 'Integ', { - testCases: [stack], -}); - -app.synth();