diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33.assets.json new file mode 100644 index 0000000000000..9301fd973b289 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "displayName": "Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33 Template", + "source": { + "path": "Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-d8d86b35": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/cdk.out new file mode 100644 index 0000000000000..523a9aac37cbf --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"48.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/failover-record.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/failover-record.assets.json new file mode 100644 index 0000000000000..f9b107a37e206 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/failover-record.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "3378b654ed54790cca2d1a7620da283ab18bf644143bfb42c3cf5c2bbb9253d8": { + "displayName": "failover-record Template", + "source": { + "path": "failover-record.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-4a6f0ddc": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "3378b654ed54790cca2d1a7620da283ab18bf644143bfb42c3cf5c2bbb9253d8.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/failover-record.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/failover-record.template.json new file mode 100644 index 0000000000000..5280212c2de80 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/failover-record.template.json @@ -0,0 +1,94 @@ +{ + "Resources": { + "HostedZoneDB99F866": { + "Type": "AWS::Route53::HostedZone", + "Properties": { + "Name": "cdk.dev." + } + }, + "HealthCheckA1C381C7": { + "Type": "AWS::Route53::HealthCheck", + "Properties": { + "HealthCheckConfig": { + "FailureThreshold": 3, + "FullyQualifiedDomainName": "example.com", + "Inverted": false, + "MeasureLatency": false, + "Port": 80, + "RequestInterval": 30, + "ResourcePath": "/health", + "Type": "HTTP" + } + } + }, + "ARecordFailoverPrimary99B7E3AE": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "Failover": "PRIMARY", + "HealthCheckId": { + "Ref": "HealthCheckA1C381C7" + }, + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "failover.cdk.dev.", + "ResourceRecords": [ + "1.2.3.4" + ], + "SetIdentifier": "failover-primary", + "TTL": "60", + "Type": "A" + } + }, + "ARecordFailoverSecondaryD176C0A2": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "Failover": "SECONDARY", + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "failover.cdk.dev.", + "ResourceRecords": [ + "5.6.7.8" + ], + "SetIdentifier": "failover-secondary", + "TTL": "60", + "Type": "A" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/integ.json new file mode 100644 index 0000000000000..6e13090c18d26 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "48.0.0", + "testCases": { + "Route53FailoverRecordInteg/DefaultTest": { + "stacks": [ + "failover-record" + ], + "assertionStack": "Route53FailoverRecordInteg/DefaultTest/DeployAssert", + "assertionStackName": "Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33" + } + }, + "minimumCliVersion": "2.1027.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/manifest.json new file mode 100644 index 0000000000000..b27c9b5125a16 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/manifest.json @@ -0,0 +1,698 @@ +{ + "version": "48.0.0", + "artifacts": { + "failover-record.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "failover-record.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "failover-record": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "failover-record.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3378b654ed54790cca2d1a7620da283ab18bf644143bfb42c3cf5c2bbb9253d8.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "failover-record.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "failover-record.assets" + ], + "metadata": { + "/failover-record/HostedZone": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "zoneName": "*" + } + }, + { + "type": "aws:cdk:analytics:construct", + "data": { + "zoneName": "*" + } + } + ], + "/failover-record/HostedZone/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "HostedZoneDB99F866" + } + ], + "/failover-record/HealthCheck": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "type": "HTTP", + "fqdn": "*", + "port": "*", + "resourcePath": "*", + "failureThreshold": "*", + "requestInterval": "*" + } + } + ], + "/failover-record/HealthCheck/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "HealthCheckA1C381C7" + } + ], + "/failover-record/ARecordFailoverPrimary": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "zone": "*", + "recordName": "*", + "target": "*", + "healthCheck": "*", + "setIdentifier": "*", + "ttl": "*" + } + }, + { + "type": "aws:cdk:analytics:construct", + "data": { + "zone": "*", + "recordName": "*", + "target": "*", + "healthCheck": "*", + "setIdentifier": "*", + "ttl": "*" + } + } + ], + "/failover-record/ARecordFailoverPrimary/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ARecordFailoverPrimary99B7E3AE" + } + ], + "/failover-record/ARecordFailoverSecondary": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "zone": "*", + "recordName": "*", + "target": "*", + "setIdentifier": "*", + "ttl": "*" + } + }, + { + "type": "aws:cdk:analytics:construct", + "data": { + "zone": "*", + "recordName": "*", + "target": "*", + "setIdentifier": "*", + "ttl": "*" + } + } + ], + "/failover-record/ARecordFailoverSecondary/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ARecordFailoverSecondaryD176C0A2" + } + ], + "/failover-record/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/failover-record/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "failover-record" + }, + "Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "Route53FailoverRecordIntegDefaultTestDeployAssert3BE1FD33.assets" + ], + "metadata": { + "/Route53FailoverRecordInteg/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/Route53FailoverRecordInteg/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "Route53FailoverRecordInteg/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-lib/feature-flag-report": { + "type": "cdk:feature-flag-report", + "properties": { + "module": "aws-cdk-lib", + "flags": { + "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "recommendedValue": true, + "explanation": "Pass signingProfileName to CfnSigningProfile" + }, + "@aws-cdk/core:newStyleStackSynthesis": { + "recommendedValue": true, + "explanation": "Switch to new stack synthesis method which enables CI/CD", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:stackRelativeExports": { + "recommendedValue": true, + "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "recommendedValue": true, + "explanation": "Disable implicit openListener when custom security groups are provided" + }, + "@aws-cdk/aws-rds:lowercaseDbIdentifier": { + "recommendedValue": true, + "explanation": "Force lowercasing of RDS Cluster names in CDK", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { + "recommendedValue": true, + "explanation": "Allow adding/removing multiple UsagePlanKeys independently", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeVersionProps": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeLayerVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:checkSecretUsage": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" + }, + "@aws-cdk/core:target-partitions": { + "recommendedValue": [ + "aws", + "aws-cn" + ], + "explanation": "What regions to include in lookup tables of environment agnostic stacks" + }, + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { + "userValue": true, + "recommendedValue": true, + "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" + }, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." + }, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { + "userValue": true, + "recommendedValue": true, + "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." + }, + "@aws-cdk/aws-iam:minimizePolicies": { + "userValue": true, + "recommendedValue": true, + "explanation": "Minimize IAM policies by combining Statements" + }, + "@aws-cdk/core:validateSnapshotRemovalPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Error on snapshot removal policies on resources that do not support it." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate key aliases that include the stack name" + }, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." + }, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict KMS key policy for encrypted Queues a bit more" + }, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" + }, + "@aws-cdk/core:enablePartitionLiterals": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make ARNs concrete if AWS partition is known" + }, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { + "userValue": true, + "recommendedValue": true, + "explanation": "Event Rules may only push to encrypted SQS queues in the same account" + }, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { + "userValue": true, + "recommendedValue": true, + "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" + }, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + }, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" + }, + "@aws-cdk/aws-route53-patters:useCertificate": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" + }, + "@aws-cdk/customresources:installLatestAwsSdkDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "Whether to install the latest SDK by default in AwsCustomResource" + }, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use unique resource name for Database Proxy" + }, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Remove CloudWatch alarms from deployment group" + }, + "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." + }, + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { + "userValue": true, + "recommendedValue": true, + "explanation": "Define user data for a launch template by default when a machine image is provided." + }, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { + "userValue": true, + "recommendedValue": true, + "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." + }, + "@aws-cdk/aws-redshift:columnId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Whether to use an ID to track Redshift column changes" + }, + "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" + }, + "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict access to the VPC default security group" + }, + "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a unique id for each RequestValidator added to a method" + }, + "@aws-cdk/aws-kms:aliasNameRef": { + "userValue": true, + "recommendedValue": true, + "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" + }, + "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" + }, + "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a launch template when creating an AutoScalingGroup" + }, + "@aws-cdk/core:includePrefixInUniqueNameGeneration": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include the stack prefix in the stack name generation process" + }, + "@aws-cdk/aws-efs:denyAnonymousAccess": { + "userValue": true, + "recommendedValue": true, + "explanation": "EFS denies anonymous clients accesses" + }, + "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" + }, + "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" + }, + "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." + }, + "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." + }, + "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." + }, + "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." + }, + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." + }, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." + }, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default pipeline type to V2." + }, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." + }, + "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-eks:nodegroupNameAttribute": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." + }, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default volume type of the EBS volume will be GP3" + }, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, remove default deployment alarm settings" + }, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" + }, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." + }, + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { + "recommendedValue": true, + "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:explicitStackTags": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." + }, + "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": { + "userValue": false, + "recommendedValue": false, + "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**" + }, + "@aws-cdk/aws-ecs:disableEcsImdsBlocking": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**" + }, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" + }, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" + }, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." + }, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." + }, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" + }, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." + }, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." + }, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." + }, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." + }, + "@aws-cdk/core:aspectStabilization": { + "recommendedValue": true, + "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." + }, + "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" + }, + "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" + }, + "@aws-cdk/core:enableAdditionalMetadataCollection": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." + }, + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { + "userValue": false, + "recommendedValue": false, + "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" + }, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." + }, + "@aws-cdk/pipelines:reduceStageRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from Stage addActions trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-events:requireEventBusPolicySid": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." + }, + "@aws-cdk/core:aspectPrioritiesMutating": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." + }, + "@aws-cdk/aws-dynamodb:retainTableReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." + }, + "@aws-cdk/cognito:logUserPoolClientSecretValue": { + "recommendedValue": false, + "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." + }, + "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { + "recommendedValue": true, + "explanation": "When enabled, scopes down the trust policy for the cross-account action role", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" + }, + "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { + "userValue": true, + "recommendedValue": true, + "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." + }, + "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." + }, + "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { + "recommendedValue": false, + "explanation": "When enabled, use resource IDs for VPC V2 migration" + }, + "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." + }, + "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + }, + "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": { + "recommendedValue": true, + "explanation": "When enabled, Network Load Balancer will be created with a security group by default." + }, + "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { + "recommendedValue": true, + "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": { + "recommendedValue": true, + "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement" + } + } + } + } + }, + "minimumCliVersion": "2.1027.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/tree.json new file mode 100644 index 0000000000000..1f2cde072d2d1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.js.snapshot/tree.json @@ -0,0 +1 @@ +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"failover-record":{"id":"failover-record","path":"failover-record","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"HostedZone":{"id":"HostedZone","path":"failover-record/HostedZone","constructInfo":{"fqn":"aws-cdk-lib.aws_route53.PublicHostedZone","version":"0.0.0","metadata":[{"zoneName":"*"},{"zoneName":"*"}]},"children":{"Resource":{"id":"Resource","path":"failover-record/HostedZone/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_route53.CfnHostedZone","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Route53::HostedZone","aws:cdk:cloudformation:props":{"name":"cdk.dev."}}}}},"HealthCheck":{"id":"HealthCheck","path":"failover-record/HealthCheck","constructInfo":{"fqn":"aws-cdk-lib.aws_route53.HealthCheck","version":"0.0.0","metadata":[{"type":"HTTP","fqdn":"*","port":"*","resourcePath":"*","failureThreshold":"*","requestInterval":"*"}]},"children":{"Resource":{"id":"Resource","path":"failover-record/HealthCheck/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_route53.CfnHealthCheck","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Route53::HealthCheck","aws:cdk:cloudformation:props":{"healthCheckConfig":{"type":"HTTP","failureThreshold":3,"fullyQualifiedDomainName":"example.com","inverted":false,"measureLatency":false,"port":80,"requestInterval":30,"resourcePath":"/health"}}}}}},"ARecordFailoverPrimary":{"id":"ARecordFailoverPrimary","path":"failover-record/ARecordFailoverPrimary","constructInfo":{"fqn":"aws-cdk-lib.aws_route53.ARecord","version":"0.0.0","metadata":[{"zone":"*","recordName":"*","target":"*","healthCheck":"*","setIdentifier":"*","ttl":"*"},{"zone":"*","recordName":"*","target":"*","healthCheck":"*","setIdentifier":"*","ttl":"*"}]},"children":{"Resource":{"id":"Resource","path":"failover-record/ARecordFailoverPrimary/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_route53.CfnRecordSet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Route53::RecordSet","aws:cdk:cloudformation:props":{"failover":"PRIMARY","healthCheckId":{"Ref":"HealthCheckA1C381C7"},"hostedZoneId":{"Ref":"HostedZoneDB99F866"},"name":"failover.cdk.dev.","resourceRecords":["1.2.3.4"],"setIdentifier":"failover-primary","ttl":"60","type":"A"}}}}},"ARecordFailoverSecondary":{"id":"ARecordFailoverSecondary","path":"failover-record/ARecordFailoverSecondary","constructInfo":{"fqn":"aws-cdk-lib.aws_route53.ARecord","version":"0.0.0","metadata":[{"zone":"*","recordName":"*","target":"*","setIdentifier":"*","ttl":"*"},{"zone":"*","recordName":"*","target":"*","setIdentifier":"*","ttl":"*"}]},"children":{"Resource":{"id":"Resource","path":"failover-record/ARecordFailoverSecondary/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_route53.CfnRecordSet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Route53::RecordSet","aws:cdk:cloudformation:props":{"failover":"SECONDARY","hostedZoneId":{"Ref":"HostedZoneDB99F866"},"name":"failover.cdk.dev.","resourceRecords":["5.6.7.8"],"setIdentifier":"failover-secondary","ttl":"60","type":"A"}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"failover-record/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"failover-record/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"Route53FailoverRecordInteg":{"id":"Route53FailoverRecordInteg","path":"Route53FailoverRecordInteg","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"Route53FailoverRecordInteg/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"Route53FailoverRecordInteg/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"Route53FailoverRecordInteg/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"Route53FailoverRecordInteg/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"Route53FailoverRecordInteg/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.ts new file mode 100644 index 0000000000000..106f4992c9029 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.failover-record.ts @@ -0,0 +1,48 @@ +import { App, Duration, Stack, StackProps } from 'aws-cdk-lib'; +import { Construct } from 'constructs'; +import * as route53 from 'aws-cdk-lib/aws-route53'; + +class TestStack extends Stack { + constructor(scope: Construct, id: string, props?: StackProps) { + super(scope, id, props); + + const hostedZone = new route53.PublicHostedZone(this, 'HostedZone', { + zoneName: 'cdk.dev', + }); + + const healthCheck = new route53.HealthCheck(this, 'HealthCheck', { + type: route53.HealthCheckType.HTTP, + fqdn: 'example.com', + port: 80, + resourcePath: '/health', + failureThreshold: 3, + requestInterval: Duration.seconds(30), + }); + + // Primary failover record with health check + new route53.ARecord(this, 'ARecordFailoverPrimary', { + zone: hostedZone, + recordName: 'failover', + target: route53.RecordTarget.fromIpAddresses('1.2.3.4'), + failover: route53.Failover.PRIMARY, + healthCheck, + setIdentifier: 'failover-primary', + ttl: Duration.seconds(60), + }); + + // Secondary failover record + new route53.ARecord(this, 'ARecordFailoverSecondary', { + zone: hostedZone, + recordName: 'failover', + target: route53.RecordTarget.fromIpAddresses('5.6.7.8'), + failover: route53.Failover.SECONDARY, + setIdentifier: 'failover-secondary', + ttl: Duration.seconds(60), + }); + } +} + +const app = new App(); +new TestStack(app, 'failover-record'); + +app.synth(); diff --git a/packages/aws-cdk-lib/aws-route53/README.md b/packages/aws-cdk-lib/aws-route53/README.md index 49681bd5d7888..e912b69cf5b38 100644 --- a/packages/aws-cdk-lib/aws-route53/README.md +++ b/packages/aws-cdk-lib/aws-route53/README.md @@ -216,6 +216,36 @@ new route53.ARecord(this, 'ARecordLatency1', { }); ``` +To enable [failover routing](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-failover.html), use the `failover` parameter: + +```ts +declare const myZone: route53.HostedZone; + +const healthCheck = new route53.HealthCheck(this, 'HealthCheck', { + type: route53.HealthCheckType.HTTP, + fqdn: 'example.com', + port: 80, + resourcePath: '/health', + failureThreshold: 3, + requestInterval: Duration.seconds(30), +}); + +new route53.ARecord(this, 'ARecordFailoverPrimary', { + zone: myZone, + target: route53.RecordTarget.fromIpAddresses('1.2.3.4'), + failover: route53.Failover.PRIMARY, + healthCheck, + setIdentifier: 'failover-primary', +}); + +new route53.ARecord(this, 'ARecordFailoverSecondary', { + zone: myZone, + target: route53.RecordTarget.fromIpAddresses('5.6.7.8'), + failover: route53.Failover.SECONDARY, + setIdentifier: 'failover-secondary', +}); +``` + To enable [multivalue answer routing](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-multivalue.html), use the `multivalueAnswer` parameter: ```ts diff --git a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts index 85f992df8710e..a22b2c1f7f2f8 100644 --- a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts +++ b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts @@ -166,6 +166,24 @@ export enum RecordType { TXT = 'TXT', } +/** + * The failvoer policy. + * @see https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-failover.html + */ +export enum Failover { + /** + * The primary resource record set determines how Route 53 responds to DNS queries when + * the primary resource is healthy. + */ + PRIMARY = 'PRIMARY', + + /** + * The secondary resource record set determines how Route 53 responds to DNS queries when + * the primary resource is unhealthy. + */ + SECONDARY = 'SECONDARY', +} + /** * Options for a RecordSet. */ @@ -289,6 +307,20 @@ export interface RecordSetOptions { * @default - No CIDR routing configured */ readonly cidrRoutingConfig?: CidrRoutingConfig; + + /** + * Failover configuration for the record set. + * + * To configure failover, you add the Failover element to two resource record sets. + * For one resource record set, you specify PRIMARY as the value for Failover; + * for the other resource record set, you specify SECONDARY. + * + * You must also include the HealthCheckId element for PRIMARY configurations. + * + * @default - No failover configuration + * @see https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-failover.html + */ + readonly failover?: Failover; } /** @@ -353,6 +385,7 @@ export class RecordSet extends Resource implements IRecordSet { private readonly weight?: number; private readonly region?: string; private readonly multiValueAnswer?: boolean; + private readonly failover?: Failover; constructor(scope: Construct, id: string, props: RecordSetProps) { super(scope, id); @@ -366,12 +399,24 @@ export class RecordSet extends Resource implements IRecordSet { throw new ValidationError(`setIdentifier must be between 1 and 128 characters long, got: ${props.setIdentifier.length}`, this); } if (props.setIdentifier && props.weight === undefined && !props.geoLocation && !props.region && !props.multiValueAnswer - && !props.cidrRoutingConfig) { + && !props.cidrRoutingConfig && !props.failover) { throw new ValidationError('setIdentifier can only be specified for non-simple routing policies', this); } if (props.multiValueAnswer && props.target.aliasTarget) { throw new ValidationError('multiValueAnswer cannot be specified for alias record', this); } + if (props.failover && props.multiValueAnswer) { + throw new ValidationError('Cannot use both failover and multiValueAnswer routing policies', this); + } + if (props.failover === Failover.PRIMARY && !props.healthCheck) { + Annotations.of(this).addWarningV2('@aws-cdk/aws-route53:primaryFailoverHealthCheck', 'PRIMARY failover record sets should include a health check for proper failover behavior'); + } + if (props.failover && props.target.aliasTarget) { + const aliasTargetConfig = props.target.aliasTarget.bind(this, props.zone); + if (aliasTargetConfig && aliasTargetConfig.evaluateTargetHealth !== true) { + Annotations.of(this).addWarningV2('@aws-cdk/aws-route53:failoverAliasEvaluateTargetHealth', 'Failover alias record sets should include EvaluateTargetHealth = true for proper failover behavior.'); + } + } const nonSimpleRoutingPolicies = [ props.geoLocation, @@ -379,15 +424,17 @@ export class RecordSet extends Resource implements IRecordSet { props.weight, props.multiValueAnswer, props.cidrRoutingConfig, + props.failover, ].filter((variable) => variable !== undefined).length; if (nonSimpleRoutingPolicies > 1) { - throw new ValidationError('Only one of region, weight, multiValueAnswer, geoLocation or cidrRoutingConfig can be defined', this); + throw new ValidationError('Only one of region, weight, multiValueAnswer, geoLocation, cidrRoutingConfig, or failover can be defined', this); } this.geoLocation = props.geoLocation; this.weight = props.weight; this.region = props.region; this.multiValueAnswer = props.multiValueAnswer; + this.failover = props.failover; const ttl = props.target.aliasTarget ? undefined : ((props.ttl && props.ttl.toSeconds()) ?? 1800).toString(); if (props.target.aliasTarget && props.ttl != undefined) { @@ -415,6 +462,7 @@ export class RecordSet extends Resource implements IRecordSet { region: props.region, healthCheckId: props.healthCheck?.healthCheckId, cidrRoutingConfig: props.cidrRoutingConfig, + failover: props.failover, }); this.domainName = recordSet.ref; @@ -462,6 +510,11 @@ export class RecordSet extends Resource implements IRecordSet { } private configureSetIdentifier(): string | undefined { + if (this.failover) { + const idPrefix = `FAILOVER_${this.failover}_ID_`; + return this.createIdentifier(idPrefix); + } + if (this.geoLocation) { let identifier = 'GEO'; if (this.geoLocation.continentCode) { @@ -1377,3 +1430,4 @@ export class CrossAccountZoneDelegationRecord extends Construct { } } } + diff --git a/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts b/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts index cdd633e29f84a..23197d0044f3d 100644 --- a/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts +++ b/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts @@ -1,5 +1,5 @@ import { testDeprecated } from '@aws-cdk/cdk-build-tools'; -import { Annotations, Template } from '../../assertions'; +import { Annotations, Template, Match } from '../../assertions'; import * as cloudfront from '../../aws-cloudfront'; import * as origins from '../../aws-cloudfront-origins'; import * as iam from '../../aws-iam'; @@ -1733,7 +1733,7 @@ describe('record set', () => { target: route53.RecordTarget.fromValues('zzz'), setIdentifier: 'uniqueId', ...props, - })).toThrow('Only one of region, weight, multiValueAnswer, geoLocation or cidrRoutingConfig can be defined'); + })).toThrow('Only one of region, weight, multiValueAnswer, geoLocation, cidrRoutingConfig, or failover can be defined'); }); test('throw error for the definition of setIdentifier without weight, geoLocation or region', () => { @@ -1803,4 +1803,154 @@ describe('record set', () => { multiValueAnswer: true, })).toThrow('multiValueAnswer cannot be specified for alias record'); }); + + test('A record with PRIMARY failover and health check', () => { + // GIVEN + const stack = new Stack(); + const zone = new route53.HostedZone(stack, 'HostedZone', { zoneName: 'myzone' }); + + const healthCheck = new route53.HealthCheck(stack, 'HealthCheck', { + type: route53.HealthCheckType.HTTP, + fqdn: 'example.com', + }); + + // WHEN + new route53.ARecord(stack, 'PrimaryFailover', { + zone, + recordName: 'www', + target: route53.RecordTarget.fromIpAddresses('1.2.3.4'), + failover: route53.Failover.PRIMARY, + healthCheck, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Route53::RecordSet', { + Failover: 'PRIMARY', + HealthCheckId: stack.resolve(healthCheck.healthCheckId), + SetIdentifier: 'FAILOVER_PRIMARY_ID_PrimaryFailover', + }); + }); + + test('A record with SECONDARY failover and no health check', () => { + // GIVEN + const stack = new Stack(); + const zone = new route53.HostedZone(stack, 'HostedZone', { zoneName: 'myzone' }); + + // WHEN + new route53.ARecord(stack, 'SecondaryFailover', { + zone, + recordName: 'backup', + target: route53.RecordTarget.fromIpAddresses('5.6.7.8'), + failover: route53.Failover.SECONDARY, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Route53::RecordSet', { + Failover: 'SECONDARY', + SetIdentifier: 'FAILOVER_SECONDARY_ID_SecondaryFailover', + }); + }); + + test('warns when PRIMARY failover has no health check', () => { + // GIVEN + const stack = new Stack(); + const zone = new route53.HostedZone(stack, 'HostedZone', { zoneName: 'myzone' }); + + // WHEN + new route53.ARecord(stack, 'PrimaryFailover', { + zone, + recordName: 'www', + target: route53.RecordTarget.fromIpAddresses('1.2.3.4'), + failover: route53.Failover.PRIMARY, + }); + + // THEN + Annotations.fromStack(stack).hasWarning( + '*', + Match.stringLikeRegexp('PRIMARY failover record sets should include a health check'), + ); + }); + + test('warns when failover alias target does not set EvaluateTargetHealth=true', () => { + // GIVEN + const stack = new Stack(); + const zone = new route53.HostedZone(stack, 'HostedZone', { zoneName: 'myzone' }); + + const target: route53.IAliasRecordTarget = { + bind: () => ({ + hostedZoneId: 'Z111', + dnsName: 'alias.example.com', + evaluateTargetHealth: false, + }), + }; + + // WHEN + new route53.ARecord(stack, 'AliasFailover', { + zone, + recordName: 'www', + target: route53.RecordTarget.fromAlias(target), + failover: route53.Failover.PRIMARY, + }); + + // THEN + Annotations.fromStack(stack).hasWarning( + '*', + Match.stringLikeRegexp('Failover alias record sets should include EvaluateTargetHealth'), + ); + }); + + test('does not warn when failover alias target sets EvaluateTargetHealth=true', () => { + // GIVEN + const stack = new Stack(); + const zone = new route53.HostedZone(stack, 'HostedZone', { zoneName: 'myzone' }); + + const target: route53.IAliasRecordTarget = { + bind: () => ({ + hostedZoneId: 'Z111', + dnsName: 'alias.example.com', + evaluateTargetHealth: true, + }), + }; + + // WHEN + new route53.ARecord(stack, 'AliasFailover', { + zone, + recordName: 'www', + target: route53.RecordTarget.fromAlias(target), + failover: route53.Failover.PRIMARY, + }); + + // THEN + Annotations.fromStack(stack).hasNoWarning('*', '*'); + }); + + test('throws when failover is combined with another routing policy', () => { + // GIVEN + const stack = new Stack(); + const zone = new route53.HostedZone(stack, 'HostedZone', { zoneName: 'myzone' }); + + // THEN + expect(() => new route53.ARecord(stack, 'InvalidFailover', { + zone, + recordName: 'www', + target: route53.RecordTarget.fromIpAddresses('1.2.3.4'), + failover: route53.Failover.PRIMARY, + weight: 10, + })).toThrow('Only one of region, weight, multiValueAnswer, geoLocation, cidrRoutingConfig, or failover can be defined'); + }); + + test('throws when failover is combined with multiValueAnswer', () => { + // GIVEN + const stack = new Stack(); + const zone = new route53.HostedZone(stack, 'HostedZone', { zoneName: 'myzone' }); + + // THEN + expect(() => new route53.ARecord(stack, 'InvalidFailover', { + zone, + recordName: 'www', + target: route53.RecordTarget.fromIpAddresses('1.2.3.4'), + failover: route53.Failover.PRIMARY, + multiValueAnswer: true, + })).toThrow('Cannot use both failover and multiValueAnswer routing policies'); + }); });