Interface PublicHostedZoneProps
- All Superinterfaces:
CommonHostedZoneProps,software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
PublicHostedZoneProps.Jsii$Proxy
@Generated(value="jsii-pacmak/1.110.0 (build 336b265)",
date="2025-04-22T23:08:19.723Z")
@Stability(Stable)
public interface PublicHostedZoneProps
extends software.amazon.jsii.JsiiSerializable, CommonHostedZoneProps
Construction properties for a PublicHostedZone.
Example:
PublicHostedZone parentZone = PublicHostedZone.Builder.create(this, "HostedZone")
.zoneName("someexample.com")
.build();
Role crossAccountRole = Role.Builder.create(this, "CrossAccountRole")
// The role name must be predictable
.roleName("MyDelegationRole")
// The other account
.assumedBy(new AccountPrincipal("12345678901"))
// You can scope down this role policy to be least privileged.
// If you want the other account to be able to manage specific records,
// you can scope down by resource and/or normalized record names
.inlinePolicies(Map.of(
"crossAccountPolicy", PolicyDocument.Builder.create()
.statements(List.of(
PolicyStatement.Builder.create()
.sid("ListHostedZonesByName")
.effect(Effect.ALLOW)
.actions(List.of("route53:ListHostedZonesByName"))
.resources(List.of("*"))
.build(),
PolicyStatement.Builder.create()
.sid("GetHostedZoneAndChangeResourceRecordSets")
.effect(Effect.ALLOW)
.actions(List.of("route53:GetHostedZone", "route53:ChangeResourceRecordSets"))
// This example assumes the RecordSet subdomain.somexample.com
// is contained in the HostedZone
.resources(List.of("arn:aws:route53:::hostedzone/HZID00000000000000000"))
.conditions(Map.of(
"ForAllValues:StringLike", Map.of(
"route53:ChangeResourceRecordSetsNormalizedRecordNames", List.of("subdomain.someexample.com"))))
.build()))
.build()))
.build();
parentZone.grantDelegation(crossAccountRole);
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forPublicHostedZonePropsstatic final classAn implementation forPublicHostedZoneProps -
Method Summary
Modifier and TypeMethodDescriptionbuilder()default BooleanWhether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only.default IPrincipalDeprecated.default StringDeprecated.Create the Role yourself and callhostedZone.grantDelegation().Methods inherited from interface software.amazon.awscdk.services.route53.CommonHostedZoneProps
getAddTrailingDot, getComment, getQueryLogsLogGroupArn, getZoneNameMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getCaaAmazon
Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only.Default: false
-
getCrossAccountZoneDelegationPrincipal
@Stability(Deprecated) @Deprecated @Nullable default IPrincipal getCrossAccountZoneDelegationPrincipal()Deprecated.Create the Role yourself and callhostedZone.grantDelegation().(deprecated) A principal which is trusted to assume a role for zone delegation.If supplied, this will create a Role in the same account as the Hosted Zone, which can be assumed by the
CrossAccountZoneDelegationRecordto create a delegation record to a zone in a different account.Be sure to indicate the account(s) that you trust to create delegation records, using either
iam.AccountPrincipaloriam.OrganizationPrincipal.If you are planning to use
iam.ServicePrincipals here, be sure to include region-specific service principals for every opt-in region you are going to be delegating to; or don't use this feature and create separate roles with appropriate permissions for every opt-in region instead.Default: - No delegation configuration
-
getCrossAccountZoneDelegationRoleName
Deprecated.Create the Role yourself and callhostedZone.grantDelegation().(deprecated) The name of the role created for cross account delegation.Default: - A role name is generated automatically
-
builder
- Returns:
- a
PublicHostedZoneProps.BuilderofPublicHostedZoneProps
-
hostedZone.grantDelegation().