interface PublicHostedZoneProps

Language	Type name
.NET	Amazon.CDK.AWS.Route53.PublicHostedZoneProps
Go	github.com/aws/aws-cdk-go/awscdk/v2/awsroute53#PublicHostedZoneProps
Java	software.amazon.awscdk.services.route53.PublicHostedZoneProps
Python	aws_cdk.aws_route53.PublicHostedZoneProps
TypeScript (source)	aws-cdk-lib » aws_route53 » PublicHostedZoneProps

Construction properties for a PublicHostedZone.

Example

const parentZone = new route53.PublicHostedZone(this, 'HostedZone', {
  zoneName: 'someexample.com',
});
const crossAccountRole = new iam.Role(this, 'CrossAccountRole', {
  // The role name must be predictable
  roleName: 'MyDelegationRole',
  // The other account
  assumedBy: new iam.AccountPrincipal('12345678901'),
  // You can scope down this role policy to be least privileged.
  // If you want the other account to be able to manage specific records,
  // you can scope down by resource and/or normalized record names
  inlinePolicies: {
    crossAccountPolicy: new iam.PolicyDocument({
      statements: [
        new iam.PolicyStatement({
          sid: 'ListHostedZonesByName',
          effect: iam.Effect.ALLOW,
          actions: ['route53:ListHostedZonesByName'],
          resources: ['*'],
        }),
        new iam.PolicyStatement({
          sid: 'GetHostedZoneAndChangeResourceRecordSets',
          effect: iam.Effect.ALLOW,
          actions: ['route53:GetHostedZone', 'route53:ChangeResourceRecordSets'],
          // This example assumes the RecordSet subdomain.somexample.com
          // is contained in the HostedZone
          resources: ['arn:aws:route53:::hostedzone/HZID00000000000000000'],
          conditions: {
            'ForAllValues:StringLike': {
              'route53:ChangeResourceRecordSetsNormalizedRecordNames': [
                'subdomain.someexample.com',
              ],
            },
          },
        }),
      ],
    }),
  },
});
parentZone.grantDelegation(crossAccountRole);

Properties

Name	Type	Description
zoneName	string	The name of the domain.
addTrailingDot?	boolean	Whether to add a trailing dot to the zone name.
caaAmazon?	boolean	Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only.
comment?	string	Any comments that you want to include about the hosted zone.
crossAccountZoneDelegationPrincipal?⚠️	IPrincipal	A principal which is trusted to assume a role for zone delegation.
crossAccountZoneDelegationRoleName?⚠️	string	The name of the role created for cross account delegation.
queryLogsLogGroupArn?	string	The Amazon Resource Name (ARN) for the log group that you want Amazon Route 53 to send query logs to.

---

zoneName

Type: string

The name of the domain.

For resource record types that include a domain name, specify a fully qualified domain name.

---

addTrailingDot?

Type: boolean (optional, default: true)

Whether to add a trailing dot to the zone name.

---

caaAmazon?

Type: boolean (optional, default: false)

Whether to create a CAA record to restrict certificate authorities allowed to issue certificates for this domain to Amazon only.

---

comment?

Type: string (optional, default: none)

Any comments that you want to include about the hosted zone.

---

crossAccountZoneDelegationPrincipal?⚠️

⚠️ Deprecated: Create the Role yourself and call hostedZone.grantDelegation().

Type: IPrincipal (optional, default: No delegation configuration)

A principal which is trusted to assume a role for zone delegation.

If supplied, this will create a Role in the same account as the Hosted Zone, which can be assumed by the CrossAccountZoneDelegationRecord to create a delegation record to a zone in a different account.

Be sure to indicate the account(s) that you trust to create delegation records, using either iam.AccountPrincipal or iam.OrganizationPrincipal.

If you are planning to use iam.ServicePrincipals here, be sure to include region-specific service principals for every opt-in region you are going to be delegating to; or don't use this feature and create separate roles with appropriate permissions for every opt-in region instead.

---

crossAccountZoneDelegationRoleName?⚠️

⚠️ Deprecated: Create the Role yourself and call hostedZone.grantDelegation().

Type: string (optional, default: A role name is generated automatically)

The name of the role created for cross account delegation.

---

queryLogsLogGroupArn?

Type: string (optional, default: disabled)

The Amazon Resource Name (ARN) for the log group that you want Amazon Route 53 to send query logs to.