diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f/__entrypoint__.js similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6/__entrypoint__.js rename to packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f/__entrypoint__.js diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f/index.js new file mode 100644 index 0000000000000..05533111a2553 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f/index.js @@ -0,0 +1 @@ +"use strict";var c=Object.defineProperty;var Z=Object.getOwnPropertyDescriptor;var N=Object.getOwnPropertyNames;var P=Object.prototype.hasOwnProperty;var h=(o,e)=>{for(var s in e)c(o,s,{get:e[s],enumerable:!0})},E=(o,e,s,t)=>{if(e&&typeof e=="object"||typeof e=="function")for(let n of N(e))!P.call(o,n)&&n!==s&&c(o,n,{get:()=>e[n],enumerable:!(t=Z(e,n))||t.enumerable});return o};var A=o=>E(c({},"__esModule",{value:!0}),o);var T={};h(T,{handler:()=>w});module.exports=A(T);var m=require("@aws-sdk/client-route-53"),d=require("@aws-sdk/credential-providers");async function w(o){let e=o.ResourceProperties;switch(o.RequestType){case"Create":return r(e,!1);case"Update":return D(e,o.OldResourceProperties);case"Delete":return r(e,!0)}}async function D(o,e){e&&o.DelegatedZoneName!==e.DelegatedZoneName&&await r(e,!0),await r(o,!1)}async function r(o,e){let{AssumeRoleArn:s,ParentZoneId:t,ParentZoneName:n,DelegatedZoneName:a,DelegatedZoneNameServers:i,TTL:g,AssumeRoleRegion:R}=o;if(!t&&!n)throw Error("One of ParentZoneId or ParentZoneName must be specified");let l=new Date().getTime(),u=new m.Route53({credentials:(0,d.fromTemporaryCredentials)({clientConfig:{region:R??S(process.env.AWS_REGION??process.env.AWS_DEFAULT_REGION??"")},params:{RoleArn:s,RoleSessionName:`cross-account-zone-delegation-${l}`}})}),f=t??await v(n,u);await u.changeResourceRecordSets({HostedZoneId:f,ChangeBatch:{Changes:[{Action:e?"DELETE":"UPSERT",ResourceRecordSet:{Name:a,Type:"NS",TTL:g,ResourceRecords:i.map(p=>({Value:p}))}}]}})}async function v(o,e){let t=(await e.listHostedZonesByName({DNSName:o})).HostedZones?.filter(n=>{let a=n.Name===`${o}.`,i=n.Config?.PrivateZone!==!0;return a&&i})??[];if(t&&t.length!==1)throw Error(`Expected one hosted zone to match the given name but found ${t.length}`);return t[0].Id}function S(o){let e={cn:"cn-northwest-1","us-gov":"us-gov-west-1","us-iso":"us-iso-east-1","us-isob":"us-isob-east-1","eu-isoe":"eu-isoe-west-1","us-isof":"us-isof-south-1"};for(let[s,t]of Object.entries(e))if(o.startsWith(`${s}-`))return t;return"us-east-1"}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6/__entrypoint__.js rename to packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js new file mode 100644 index 0000000000000..013bcaffd8fe5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js @@ -0,0 +1 @@ +"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack-with-assume-role-region.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack-with-assume-role-region.assets.json index 8e313ee618bf0..45c6bef33b345 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack-with-assume-role-region.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack-with-assume-role-region.assets.json @@ -1,21 +1,21 @@ { "version": "36.0.0", "files": { - "df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6": { + "862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f": { "source": { - "path": "asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6", + "path": "asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f", "packaging": "zip" }, "destinations": { "234567890123-af-south-1": { "bucketName": "cdk-hnb659fds-assets-234567890123-af-south-1", - "objectKey": "df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6.zip", + "objectKey": "862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f.zip", "region": "af-south-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-file-publishing-role-234567890123-af-south-1" } } }, - "6a1fa56f4cf82aefd4e776de912952086974138722025a2b07ccccd86e73fedf": { + "ef8363771ed7b52f347bef9b2e282ea0a24cb7d378a76f41e396c8bbfd60b0d2": { "source": { "path": "child-opt-in-stack-with-assume-role-region.template.json", "packaging": "file" @@ -23,7 +23,7 @@ "destinations": { "234567890123-af-south-1": { "bucketName": "cdk-hnb659fds-assets-234567890123-af-south-1", - "objectKey": "6a1fa56f4cf82aefd4e776de912952086974138722025a2b07ccccd86e73fedf.json", + "objectKey": "ef8363771ed7b52f347bef9b2e282ea0a24cb7d378a76f41e396c8bbfd60b0d2.json", "region": "af-south-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-file-publishing-role-234567890123-af-south-1" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack-with-assume-role-region.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack-with-assume-role-region.template.json index 41f34bacf7129..839dc6d28c51e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack-with-assume-role-region.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack-with-assume-role-region.template.json @@ -104,7 +104,7 @@ "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-234567890123-af-south-1", - "S3Key": "df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6.zip" + "S3Key": "862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f.zip" }, "Timeout": 900, "MemorySize": 128, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.assets.json index 1d4b27d5f861e..e6eeee1df0880 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.assets.json @@ -1,21 +1,21 @@ { "version": "36.0.0", "files": { - "df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6": { + "862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f": { "source": { - "path": "asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6", + "path": "asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f", "packaging": "zip" }, "destinations": { "234567890123-af-south-1": { "bucketName": "cdk-hnb659fds-assets-234567890123-af-south-1", - "objectKey": "df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6.zip", + "objectKey": "862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f.zip", "region": "af-south-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-file-publishing-role-234567890123-af-south-1" } } }, - "c719cc5d5998bcf5d26560907356501af1176a31b4751b874e42e126024599e9": { + "fba0e7bb10fe98265cda3e329729be15e78355eb0e537a2b589a5ff98aaf42e2": { "source": { "path": "child-opt-in-stack.template.json", "packaging": "file" @@ -23,7 +23,7 @@ "destinations": { "234567890123-af-south-1": { "bucketName": "cdk-hnb659fds-assets-234567890123-af-south-1", - "objectKey": "c719cc5d5998bcf5d26560907356501af1176a31b4751b874e42e126024599e9.json", + "objectKey": "fba0e7bb10fe98265cda3e329729be15e78355eb0e537a2b589a5ff98aaf42e2.json", "region": "af-south-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-file-publishing-role-234567890123-af-south-1" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.template.json index 25be75da9b5eb..1f78ab6e18887 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.template.json @@ -103,7 +103,7 @@ "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-234567890123-af-south-1", - "S3Key": "df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6.zip" + "S3Key": "862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f.zip" }, "Timeout": 900, "MemorySize": 128, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.assets.json index 3c8b05fe7f454..b8d5498b2fe43 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.assets.json @@ -1,21 +1,21 @@ { "version": "36.0.0", "files": { - "df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6": { + "862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f": { "source": { - "path": "asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6", + "path": "asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f", "packaging": "zip" }, "destinations": { "234567890123-us-east-1": { "bucketName": "cdk-hnb659fds-assets-234567890123-us-east-1", - "objectKey": "df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6.zip", + "objectKey": "862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f.zip", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-file-publishing-role-234567890123-us-east-1" } } }, - "f02bd95575c8aeaef4d5919ad2a94da7b4ce45d20583703f649ceebbb3bcdc00": { + "593a0d47f978b7d96e19d8590cbedeb6d66846e07c8b9cdbdadcd2addb7158d4": { "source": { "path": "child-stack.template.json", "packaging": "file" @@ -23,7 +23,7 @@ "destinations": { "234567890123-us-east-1": { "bucketName": "cdk-hnb659fds-assets-234567890123-us-east-1", - "objectKey": "f02bd95575c8aeaef4d5919ad2a94da7b4ce45d20583703f649ceebbb3bcdc00.json", + "objectKey": "593a0d47f978b7d96e19d8590cbedeb6d66846e07c8b9cdbdadcd2addb7158d4.json", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-file-publishing-role-234567890123-us-east-1" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.template.json index dd35a52abe738..63f28e870e2c0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.template.json @@ -103,7 +103,7 @@ "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-234567890123-us-east-1", - "S3Key": "df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6.zip" + "S3Key": "862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f.zip" }, "Timeout": 900, "MemorySize": 128, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json index b97f0cbd4321a..6c901c9f0d1ee 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-us-east-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-12345678-us-east-1/56fdc835ae6a670f2f958a73f56b508710e57cbe667bc0c562ed7a04dadd5cc4.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-12345678-us-east-1/3f1315b27c99d1b75dccc6f588b8886eedd87e0ca51af42a9c519db49f6ba80f.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -40,6 +40,228 @@ "data": "HostedZoneDB99F866" } ], + "/parent-stack/TheVPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPC92636AB0" + } + ], + "/parent-stack/TheVPC/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet1Subnet770D4FF2" + } + ], + "/parent-stack/TheVPC/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet1RouteTable17DA183D" + } + ], + "/parent-stack/TheVPC/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet1RouteTableAssociationE5186D77" + } + ], + "/parent-stack/TheVPC/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet1DefaultRoute6D26543F" + } + ], + "/parent-stack/TheVPC/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet1EIP4412F690" + } + ], + "/parent-stack/TheVPC/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet1NATGatewayC61D892B" + } + ], + "/parent-stack/TheVPC/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet2Subnet73F96DA9" + } + ], + "/parent-stack/TheVPC/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet2RouteTable3609F42C" + } + ], + "/parent-stack/TheVPC/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet2RouteTableAssociationB4B0A733" + } + ], + "/parent-stack/TheVPC/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet2DefaultRouteFEB062B2" + } + ], + "/parent-stack/TheVPC/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet2EIP5AAFF9FA" + } + ], + "/parent-stack/TheVPC/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet2NATGatewayB437CFAF" + } + ], + "/parent-stack/TheVPC/PublicSubnet3/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet3Subnet7C1E748F" + } + ], + "/parent-stack/TheVPC/PublicSubnet3/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet3RouteTable679ADB47" + } + ], + "/parent-stack/TheVPC/PublicSubnet3/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet3RouteTableAssociationACA3F606" + } + ], + "/parent-stack/TheVPC/PublicSubnet3/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet3DefaultRoute326CE968" + } + ], + "/parent-stack/TheVPC/PublicSubnet3/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet3EIPE3930834" + } + ], + "/parent-stack/TheVPC/PublicSubnet3/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPublicSubnet3NATGateway3A4A718F" + } + ], + "/parent-stack/TheVPC/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPrivateSubnet1Subnet571D3690" + } + ], + "/parent-stack/TheVPC/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPrivateSubnet1RouteTableF6513BC2" + } + ], + "/parent-stack/TheVPC/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPrivateSubnet1RouteTableAssociation46F1FFFC" + } + ], + "/parent-stack/TheVPC/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPrivateSubnet1DefaultRouteD1B9E467" + } + ], + "/parent-stack/TheVPC/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPrivateSubnet2SubnetCC3D7013" + } + ], + "/parent-stack/TheVPC/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPrivateSubnet2RouteTable9AC81FAC" + } + ], + "/parent-stack/TheVPC/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPrivateSubnet2RouteTableAssociation336D47D1" + } + ], + "/parent-stack/TheVPC/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPrivateSubnet2DefaultRoute52A1F245" + } + ], + "/parent-stack/TheVPC/PrivateSubnet3/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPrivateSubnet3Subnet69CC2C6F" + } + ], + "/parent-stack/TheVPC/PrivateSubnet3/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPrivateSubnet3RouteTable1A0D1274" + } + ], + "/parent-stack/TheVPC/PrivateSubnet3/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPrivateSubnet3RouteTableAssociation50EE5E34" + } + ], + "/parent-stack/TheVPC/PrivateSubnet3/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCPrivateSubnet3DefaultRoute990F9A2A" + } + ], + "/parent-stack/TheVPC/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCIGWFA25CC08" + } + ], + "/parent-stack/TheVPC/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCVPCGWC9B93E30" + } + ], + "/parent-stack/TheVPC/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "TheVPCRestrictDefaultSecurityGroupCustomResourceAFA88FCE" + } + ], + "/parent-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/parent-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/parent-stack/PrivateHostedZone/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PrivateHostedZone6354E1BB" + } + ], "/parent-stack/CrossAccountRole/Resource": [ { "type": "aws:cdk:logicalId", @@ -84,7 +306,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-deploy-role-234567890123-us-east-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-cfn-exec-role-234567890123-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-234567890123-us-east-1/f02bd95575c8aeaef4d5919ad2a94da7b4ce45d20583703f649ceebbb3bcdc00.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-234567890123-us-east-1/593a0d47f978b7d96e19d8590cbedeb6d66846e07c8b9cdbdadcd2addb7158d4.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -163,7 +385,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-deploy-role-234567890123-af-south-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-cfn-exec-role-234567890123-af-south-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-234567890123-af-south-1/c719cc5d5998bcf5d26560907356501af1176a31b4751b874e42e126024599e9.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-234567890123-af-south-1/fba0e7bb10fe98265cda3e329729be15e78355eb0e537a2b589a5ff98aaf42e2.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -242,7 +464,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-deploy-role-234567890123-af-south-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-cfn-exec-role-234567890123-af-south-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-234567890123-af-south-1/6a1fa56f4cf82aefd4e776de912952086974138722025a2b07ccccd86e73fedf.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-234567890123-af-south-1/ef8363771ed7b52f347bef9b2e282ea0a24cb7d378a76f41e396c8bbfd60b0d2.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/parent-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/parent-stack.assets.json index 8d7fb29fe9ee9..1482c28aeadc3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/parent-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/parent-stack.assets.json @@ -1,7 +1,21 @@ { "version": "36.0.0", "files": { - "56fdc835ae6a670f2f958a73f56b508710e57cbe667bc0c562ed7a04dadd5cc4": { + "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1": { + "source": { + "path": "asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1", + "packaging": "zip" + }, + "destinations": { + "12345678-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-12345678-us-east-1", + "objectKey": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-us-east-1" + } + } + }, + "3f1315b27c99d1b75dccc6f588b8886eedd87e0ca51af42a9c519db49f6ba80f": { "source": { "path": "parent-stack.template.json", "packaging": "file" @@ -9,7 +23,7 @@ "destinations": { "12345678-us-east-1": { "bucketName": "cdk-hnb659fds-assets-12345678-us-east-1", - "objectKey": "56fdc835ae6a670f2f958a73f56b508710e57cbe667bc0c562ed7a04dadd5cc4.json", + "objectKey": "3f1315b27c99d1b75dccc6f588b8886eedd87e0ca51af42a9c519db49f6ba80f.json", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-us-east-1" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/parent-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/parent-stack.template.json index b3e0aa3918c48..71ca2ec8a3d24 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/parent-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/parent-stack.template.json @@ -6,6 +6,646 @@ "Name": "uniqueexample.com." } }, + "TheVPC92636AB0": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC" + } + ] + } + }, + "TheVPCPublicSubnet1Subnet770D4FF2": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "us-east-1a", + "CidrBlock": "10.0.0.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCPublicSubnet1RouteTable17DA183D": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCPublicSubnet1RouteTableAssociationE5186D77": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "TheVPCPublicSubnet1RouteTable17DA183D" + }, + "SubnetId": { + "Ref": "TheVPCPublicSubnet1Subnet770D4FF2" + } + } + }, + "TheVPCPublicSubnet1DefaultRoute6D26543F": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "TheVPCIGWFA25CC08" + }, + "RouteTableId": { + "Ref": "TheVPCPublicSubnet1RouteTable17DA183D" + } + }, + "DependsOn": [ + "TheVPCVPCGWC9B93E30" + ] + }, + "TheVPCPublicSubnet1EIP4412F690": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PublicSubnet1" + } + ] + } + }, + "TheVPCPublicSubnet1NATGatewayC61D892B": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "TheVPCPublicSubnet1EIP4412F690", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "TheVPCPublicSubnet1Subnet770D4FF2" + }, + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "TheVPCPublicSubnet1DefaultRoute6D26543F", + "TheVPCPublicSubnet1RouteTableAssociationE5186D77" + ] + }, + "TheVPCPublicSubnet2Subnet73F96DA9": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "us-east-1b", + "CidrBlock": "10.0.32.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCPublicSubnet2RouteTable3609F42C": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCPublicSubnet2RouteTableAssociationB4B0A733": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "TheVPCPublicSubnet2RouteTable3609F42C" + }, + "SubnetId": { + "Ref": "TheVPCPublicSubnet2Subnet73F96DA9" + } + } + }, + "TheVPCPublicSubnet2DefaultRouteFEB062B2": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "TheVPCIGWFA25CC08" + }, + "RouteTableId": { + "Ref": "TheVPCPublicSubnet2RouteTable3609F42C" + } + }, + "DependsOn": [ + "TheVPCVPCGWC9B93E30" + ] + }, + "TheVPCPublicSubnet2EIP5AAFF9FA": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PublicSubnet2" + } + ] + } + }, + "TheVPCPublicSubnet2NATGatewayB437CFAF": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "TheVPCPublicSubnet2EIP5AAFF9FA", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "TheVPCPublicSubnet2Subnet73F96DA9" + }, + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "TheVPCPublicSubnet2DefaultRouteFEB062B2", + "TheVPCPublicSubnet2RouteTableAssociationB4B0A733" + ] + }, + "TheVPCPublicSubnet3Subnet7C1E748F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "us-east-1c", + "CidrBlock": "10.0.64.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PublicSubnet3" + } + ], + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCPublicSubnet3RouteTable679ADB47": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PublicSubnet3" + } + ], + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCPublicSubnet3RouteTableAssociationACA3F606": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "TheVPCPublicSubnet3RouteTable679ADB47" + }, + "SubnetId": { + "Ref": "TheVPCPublicSubnet3Subnet7C1E748F" + } + } + }, + "TheVPCPublicSubnet3DefaultRoute326CE968": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "TheVPCIGWFA25CC08" + }, + "RouteTableId": { + "Ref": "TheVPCPublicSubnet3RouteTable679ADB47" + } + }, + "DependsOn": [ + "TheVPCVPCGWC9B93E30" + ] + }, + "TheVPCPublicSubnet3EIPE3930834": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PublicSubnet3" + } + ] + } + }, + "TheVPCPublicSubnet3NATGateway3A4A718F": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "TheVPCPublicSubnet3EIPE3930834", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "TheVPCPublicSubnet3Subnet7C1E748F" + }, + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PublicSubnet3" + } + ] + }, + "DependsOn": [ + "TheVPCPublicSubnet3DefaultRoute326CE968", + "TheVPCPublicSubnet3RouteTableAssociationACA3F606" + ] + }, + "TheVPCPrivateSubnet1Subnet571D3690": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "us-east-1a", + "CidrBlock": "10.0.96.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCPrivateSubnet1RouteTableF6513BC2": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCPrivateSubnet1RouteTableAssociation46F1FFFC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "TheVPCPrivateSubnet1RouteTableF6513BC2" + }, + "SubnetId": { + "Ref": "TheVPCPrivateSubnet1Subnet571D3690" + } + } + }, + "TheVPCPrivateSubnet1DefaultRouteD1B9E467": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "TheVPCPublicSubnet1NATGatewayC61D892B" + }, + "RouteTableId": { + "Ref": "TheVPCPrivateSubnet1RouteTableF6513BC2" + } + } + }, + "TheVPCPrivateSubnet2SubnetCC3D7013": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "us-east-1b", + "CidrBlock": "10.0.128.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCPrivateSubnet2RouteTable9AC81FAC": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCPrivateSubnet2RouteTableAssociation336D47D1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "TheVPCPrivateSubnet2RouteTable9AC81FAC" + }, + "SubnetId": { + "Ref": "TheVPCPrivateSubnet2SubnetCC3D7013" + } + } + }, + "TheVPCPrivateSubnet2DefaultRoute52A1F245": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "TheVPCPublicSubnet2NATGatewayB437CFAF" + }, + "RouteTableId": { + "Ref": "TheVPCPrivateSubnet2RouteTable9AC81FAC" + } + } + }, + "TheVPCPrivateSubnet3Subnet69CC2C6F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "us-east-1c", + "CidrBlock": "10.0.160.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PrivateSubnet3" + } + ], + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCPrivateSubnet3RouteTable1A0D1274": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC/PrivateSubnet3" + } + ], + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCPrivateSubnet3RouteTableAssociation50EE5E34": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "TheVPCPrivateSubnet3RouteTable1A0D1274" + }, + "SubnetId": { + "Ref": "TheVPCPrivateSubnet3Subnet69CC2C6F" + } + } + }, + "TheVPCPrivateSubnet3DefaultRoute990F9A2A": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "TheVPCPublicSubnet3NATGateway3A4A718F" + }, + "RouteTableId": { + "Ref": "TheVPCPrivateSubnet3RouteTable1A0D1274" + } + } + }, + "TheVPCIGWFA25CC08": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "parent-stack/TheVPC" + } + ] + } + }, + "TheVPCVPCGWC9B93E30": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "TheVPCIGWFA25CC08" + }, + "VpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "TheVPCRestrictDefaultSecurityGroupCustomResourceAFA88FCE": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "TheVPC92636AB0", + "DefaultSecurityGroup" + ] + }, + "Account": "12345678" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:aws:ec2:us-east-1:12345678:security-group/", + { + "Fn::GetAtt": [ + "TheVPC92636AB0", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "cdk-hnb659fds-assets-12345678-us-east-1", + "S3Key": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "PrivateHostedZone6354E1BB": { + "Type": "AWS::Route53::HostedZone", + "Properties": { + "Name": "uniqueexample.com.", + "VPCs": [ + { + "VPCId": { + "Ref": "TheVPC92636AB0" + }, + "VPCRegion": "us-east-1" + } + ] + } + }, "CrossAccountRoleFACE29D1": { "Type": "AWS::IAM::Role", "Properties": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/tree.json index 6ed5d16c08087..8ef11d45927ef 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/tree.json @@ -32,6 +32,977 @@ "version": "0.0.0" } }, + "TheVPC": { + "id": "TheVPC", + "path": "parent-stack/TheVPC", + "children": { + "Resource": { + "id": "Resource", + "path": "parent-stack/TheVPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "parent-stack/TheVPC/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "parent-stack/TheVPC/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "us-east-1a", + "cidrBlock": "10.0.0.0/19", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "parent-stack/TheVPC/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "parent-stack/TheVPC/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "parent-stack/TheVPC/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "parent-stack/TheVPC/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "TheVPCPublicSubnet1RouteTable17DA183D" + }, + "subnetId": { + "Ref": "TheVPCPublicSubnet1Subnet770D4FF2" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "parent-stack/TheVPC/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "TheVPCIGWFA25CC08" + }, + "routeTableId": { + "Ref": "TheVPCPublicSubnet1RouteTable17DA183D" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "parent-stack/TheVPC/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "parent-stack/TheVPC/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "TheVPCPublicSubnet1EIP4412F690", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "TheVPCPublicSubnet1Subnet770D4FF2" + }, + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "parent-stack/TheVPC/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "parent-stack/TheVPC/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "us-east-1b", + "cidrBlock": "10.0.32.0/19", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "parent-stack/TheVPC/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "parent-stack/TheVPC/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "parent-stack/TheVPC/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "parent-stack/TheVPC/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "TheVPCPublicSubnet2RouteTable3609F42C" + }, + "subnetId": { + "Ref": "TheVPCPublicSubnet2Subnet73F96DA9" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "parent-stack/TheVPC/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "TheVPCIGWFA25CC08" + }, + "routeTableId": { + "Ref": "TheVPCPublicSubnet2RouteTable3609F42C" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "parent-stack/TheVPC/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "parent-stack/TheVPC/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "TheVPCPublicSubnet2EIP5AAFF9FA", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "TheVPCPublicSubnet2Subnet73F96DA9" + }, + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet3": { + "id": "PublicSubnet3", + "path": "parent-stack/TheVPC/PublicSubnet3", + "children": { + "Subnet": { + "id": "Subnet", + "path": "parent-stack/TheVPC/PublicSubnet3/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "us-east-1c", + "cidrBlock": "10.0.64.0/19", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "parent-stack/TheVPC/PublicSubnet3" + } + ], + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "parent-stack/TheVPC/PublicSubnet3/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "parent-stack/TheVPC/PublicSubnet3/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC/PublicSubnet3" + } + ], + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "parent-stack/TheVPC/PublicSubnet3/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "TheVPCPublicSubnet3RouteTable679ADB47" + }, + "subnetId": { + "Ref": "TheVPCPublicSubnet3Subnet7C1E748F" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "parent-stack/TheVPC/PublicSubnet3/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "TheVPCIGWFA25CC08" + }, + "routeTableId": { + "Ref": "TheVPCPublicSubnet3RouteTable679ADB47" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "parent-stack/TheVPC/PublicSubnet3/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC/PublicSubnet3" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "parent-stack/TheVPC/PublicSubnet3/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "TheVPCPublicSubnet3EIPE3930834", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "TheVPCPublicSubnet3Subnet7C1E748F" + }, + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC/PublicSubnet3" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "parent-stack/TheVPC/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "parent-stack/TheVPC/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "us-east-1a", + "cidrBlock": "10.0.96.0/19", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "parent-stack/TheVPC/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "parent-stack/TheVPC/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "parent-stack/TheVPC/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "parent-stack/TheVPC/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "TheVPCPrivateSubnet1RouteTableF6513BC2" + }, + "subnetId": { + "Ref": "TheVPCPrivateSubnet1Subnet571D3690" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "parent-stack/TheVPC/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "TheVPCPublicSubnet1NATGatewayC61D892B" + }, + "routeTableId": { + "Ref": "TheVPCPrivateSubnet1RouteTableF6513BC2" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "parent-stack/TheVPC/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "parent-stack/TheVPC/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "us-east-1b", + "cidrBlock": "10.0.128.0/19", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "parent-stack/TheVPC/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "parent-stack/TheVPC/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "parent-stack/TheVPC/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "parent-stack/TheVPC/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "TheVPCPrivateSubnet2RouteTable9AC81FAC" + }, + "subnetId": { + "Ref": "TheVPCPrivateSubnet2SubnetCC3D7013" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "parent-stack/TheVPC/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "TheVPCPublicSubnet2NATGatewayB437CFAF" + }, + "routeTableId": { + "Ref": "TheVPCPrivateSubnet2RouteTable9AC81FAC" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet3": { + "id": "PrivateSubnet3", + "path": "parent-stack/TheVPC/PrivateSubnet3", + "children": { + "Subnet": { + "id": "Subnet", + "path": "parent-stack/TheVPC/PrivateSubnet3/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "us-east-1c", + "cidrBlock": "10.0.160.0/19", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "parent-stack/TheVPC/PrivateSubnet3" + } + ], + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "parent-stack/TheVPC/PrivateSubnet3/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "parent-stack/TheVPC/PrivateSubnet3/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC/PrivateSubnet3" + } + ], + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "parent-stack/TheVPC/PrivateSubnet3/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "TheVPCPrivateSubnet3RouteTable1A0D1274" + }, + "subnetId": { + "Ref": "TheVPCPrivateSubnet3Subnet69CC2C6F" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "parent-stack/TheVPC/PrivateSubnet3/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "TheVPCPublicSubnet3NATGateway3A4A718F" + }, + "routeTableId": { + "Ref": "TheVPCPrivateSubnet3RouteTable1A0D1274" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "parent-stack/TheVPC/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "parent-stack/TheVPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "parent-stack/TheVPC/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "TheVPCIGWFA25CC08" + }, + "vpcId": { + "Ref": "TheVPC92636AB0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "parent-stack/TheVPC/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "parent-stack/TheVPC/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "parent-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "parent-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "parent-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "parent-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "PrivateHostedZone": { + "id": "PrivateHostedZone", + "path": "parent-stack/PrivateHostedZone", + "children": { + "Resource": { + "id": "Resource", + "path": "parent-stack/PrivateHostedZone/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::HostedZone", + "aws:cdk:cloudformation:props": { + "name": "uniqueexample.com.", + "vpcs": [ + { + "vpcId": { + "Ref": "TheVPC92636AB0" + }, + "vpcRegion": "us-east-1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.CfnHostedZone", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.PrivateHostedZone", + "version": "0.0.0" + } + }, "CrossAccountRole": { "id": "CrossAccountRole", "path": "parent-stack/CrossAccountRole", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.ts index 5ceb81c95f453..e8218e9b71316 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.ts @@ -1,6 +1,7 @@ import * as iam from 'aws-cdk-lib/aws-iam'; import * as cdk from 'aws-cdk-lib'; import * as route53 from 'aws-cdk-lib/aws-route53'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; import { Construct } from 'constructs'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; @@ -47,6 +48,12 @@ class ParentStack extends cdk.Stack { const parentZone = new route53.PublicHostedZone(this, 'HostedZone', { zoneName: parentZoneName, }); + new route53.PrivateHostedZone(this, 'PrivateHostedZone', { + zoneName: parentZoneName, + vpc: new ec2.Vpc(this, 'TheVPC', { + ipAddresses: ec2.IpAddresses.cidr('10.0.0.0/16'), + }), + }); const crossAccountRole = new iam.Role(this, 'CrossAccountRole', { roleName: delegationRoleName, assumedBy: new iam.AccountPrincipal(crossAccount), diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.392b3833f117607db3f72dc30f3acf726cd6b17317a3da1598e52003fd21f86b/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.392b3833f117607db3f72dc30f3acf726cd6b17317a3da1598e52003fd21f86b/__entrypoint__.js new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.392b3833f117607db3f72dc30f3acf726cd6b17317a3da1598e52003fd21f86b/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.392b3833f117607db3f72dc30f3acf726cd6b17317a3da1598e52003fd21f86b/index.js new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f/__entrypoint__.js new file mode 100644 index 0000000000000..02033f55cf612 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f/__entrypoint__.js @@ -0,0 +1,155 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.handler = exports.external = void 0; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +exports.handler = handler; +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + exports.external.log('submit response to cloudformation', loggingSafeUrl, json); + const responseBody = JSON.stringify(json); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f/index.js similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6/index.js rename to packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f/index.js diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6/index.js deleted file mode 100644 index 3f0f1c7eede9c..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var a=Object.defineProperty;var Z=Object.getOwnPropertyDescriptor;var N=Object.getOwnPropertyNames;var h=Object.prototype.hasOwnProperty;var P=(o,e)=>{for(var n in e)a(o,n,{get:e[n],enumerable:!0})},E=(o,e,n,t)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of N(e))!h.call(o,s)&&s!==n&&a(o,s,{get:()=>e[s],enumerable:!(t=Z(e,s))||t.enumerable});return o};var A=o=>E(a({},"__esModule",{value:!0}),o);var v={};P(v,{handler:()=>w});module.exports=A(v);var c=require("@aws-sdk/client-route-53"),u=require("@aws-sdk/credential-providers");async function w(o){let e=o.ResourceProperties;switch(o.RequestType){case"Create":return r(e,!1);case"Update":return D(e,o.OldResourceProperties);case"Delete":return r(e,!0)}}async function D(o,e){e&&o.DelegatedZoneName!==e.DelegatedZoneName&&await r(e,!0),await r(o,!1)}async function r(o,e){let{AssumeRoleArn:n,ParentZoneId:t,ParentZoneName:s,DelegatedZoneName:m,DelegatedZoneNameServers:d,TTL:g,AssumeRoleRegion:R}=o;if(!t&&!s)throw Error("One of ParentZoneId or ParentZoneName must be specified");let l=new Date().getTime(),i=new c.Route53({credentials:(0,u.fromTemporaryCredentials)({clientConfig:{region:R??T(process.env.AWS_REGION??process.env.AWS_DEFAULT_REGION??"")},params:{RoleArn:n,RoleSessionName:`cross-account-zone-delegation-${l}`}})}),f=t??await S(s,i);await i.changeResourceRecordSets({HostedZoneId:f,ChangeBatch:{Changes:[{Action:e?"DELETE":"UPSERT",ResourceRecordSet:{Name:m,Type:"NS",TTL:g,ResourceRecords:d.map(p=>({Value:p}))}}]}})}async function S(o,e){let t=(await e.listHostedZonesByName({DNSName:o})).HostedZones?.filter(s=>s.Name===`${o}.`)??[];if(t&&t.length!==1)throw Error(`Expected one hosted zone to match the given name but found ${t.length}`);return t[0].Id}function T(o){let e={cn:"cn-northwest-1","us-gov":"us-gov-west-1","us-iso":"us-iso-east-1","us-isob":"us-isob-east-1","eu-isoe":"eu-isoe-west-1","us-isof":"us-isof-south-1"};for(let[n,t]of Object.entries(e))if(o.startsWith(`${n}-`))return t;return"us-east-1"}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/child-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/child-stack.assets.json index 1ab7979945d89..a290a7fb63bc7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/child-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/child-stack.assets.json @@ -1,15 +1,15 @@ { "version": "36.0.0", "files": { - "df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6": { + "862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f": { "source": { - "path": "asset.df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6", + "path": "asset.862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f", "packaging": "zip" }, "destinations": { "234567890123-us-east-1": { "bucketName": "cdk-hnb659fds-assets-234567890123-us-east-1", - "objectKey": "df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6.zip", + "objectKey": "862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f.zip", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-file-publishing-role-234567890123-us-east-1" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/child-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/child-stack.template.json index b21853e7cfa70..bc68dc42848d2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/child-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.rename-cross-account-zone-delegation.js.snapshot/child-stack.template.json @@ -103,7 +103,7 @@ "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-234567890123-us-east-1", - "S3Key": "df3b0c6a1a1c298cd483caec10a008f70e053a49a8472aa907dfa3021fed2bd6.zip" + "S3Key": "862d20f925bec1059342f4a1a7717b3c20bd77ffd1c2c38fadbf6f3e766cc87f.zip" }, "Timeout": 900, "MemorySize": 128, diff --git a/packages/@aws-cdk/custom-resource-handlers/lib/aws-route53/cross-account-zone-delegation-handler/index.ts b/packages/@aws-cdk/custom-resource-handlers/lib/aws-route53/cross-account-zone-delegation-handler/index.ts index 092b6aad9b27a..1337c2b415d14 100644 --- a/packages/@aws-cdk/custom-resource-handlers/lib/aws-route53/cross-account-zone-delegation-handler/index.ts +++ b/packages/@aws-cdk/custom-resource-handlers/lib/aws-route53/cross-account-zone-delegation-handler/index.ts @@ -77,7 +77,12 @@ async function cfnEventHandler(props: ResourceProperties, isDeleteEvent: boolean async function getHostedZoneIdByName(name: string, route53: Route53): Promise { const zones = await route53.listHostedZonesByName({ DNSName: name }); - const matchedZones = zones.HostedZones?.filter(zone => zone.Name === `${name}.`) ?? []; + const matchedZones = zones.HostedZones?.filter(zone => { + const matchZoneName = zone.Name === `${name}.`; + const isPublic = zone.Config?.PrivateZone !== true; + + return matchZoneName && isPublic; + }) ?? []; if (matchedZones && matchedZones.length !== 1) { throw Error(`Expected one hosted zone to match the given name but found ${matchedZones.length}`); diff --git a/packages/@aws-cdk/custom-resource-handlers/test/aws-route53/cross-account-zone-delegation-handler.test.ts b/packages/@aws-cdk/custom-resource-handlers/test/aws-route53/cross-account-zone-delegation-handler.test.ts index d26356be46bbc..a426f836591d0 100644 --- a/packages/@aws-cdk/custom-resource-handlers/test/aws-route53/cross-account-zone-delegation-handler.test.ts +++ b/packages/@aws-cdk/custom-resource-handlers/test/aws-route53/cross-account-zone-delegation-handler.test.ts @@ -104,13 +104,18 @@ test('calls create resource record set with DELETE for Delete event', async () = }); }); -test('calls listHostedZonesByName to get zoneId if ParentZoneId is not provided', async () => { +test('calls listHostedZonesByName to get public zoneId if ParentZoneId is not provided', async () => { // GIVEN const parentZoneName = 'some.zone'; const parentZoneId = 'zone-id'; mockStsClient.assumeRole.mockResolvedValueOnce({ Credentials: { AccessKeyId: 'K', SecretAccessKey: 'S', SessionToken: 'T' } }); - mockRoute53Client.listHostedZonesByName.mockResolvedValueOnce({ HostedZones: [{ Name: `${parentZoneName}.`, Id: parentZoneId }] }); + mockRoute53Client.listHostedZonesByName.mockResolvedValueOnce({ + HostedZones: [ + { Name: `${parentZoneName}.`, Id: parentZoneId }, + { Name: `${parentZoneName}.`, Id: parentZoneId, Config: { PrivateZone: true } }, + ], + }); mockRoute53Client.changeResourceRecordSets.mockResolvedValueOnce({}); // WHEN @@ -141,7 +146,7 @@ test('calls listHostedZonesByName to get zoneId if ParentZoneId is not provided' }); }); -test('throws if more than one HostedZones are returnd for the provided ParentHostedZone', async () => { +test('throws if more than one HostedZones are returned for the provided ParentHostedZone', async () => { // GIVEN const parentZoneName = 'some.zone'; const parentZoneId = 'zone-id';