Skip to content

Latest commit

 

History

History
216 lines (134 loc) · 7.87 KB

API.md

File metadata and controls

216 lines (134 loc) · 7.87 KB
Raw

CDK custom resource for DNSSEC

This package contains a custom resource that will add the DS record to AWS Route53 based on the provied KeySigningKey name.

Problem this package solves: When enabling DNSSEC from the CDK one has to manually add te DS record related to the active KeySigningKey in the hosted zone to the parent hosted zone. This manual step complicates fresh deployments of CDK defined infrastructure as code. This package aims to solve this by providing a custom resource wrapped in a CDK construct that will obtain the DS record from the hosted zone and add is to the parent hosted zone, automatically, within a single deployment.

Example

The example below demonstrates how to setup DNSSEC using CDK and how this package can be used to create the DS record in a single deployment.

setupDNSSEC(hostedZone: Route53.IHostedZone, parentHostedZone: Route53.IHostedZone) {

  const ksk = new Route53.CfnKeySigningKey(this, 'dnssec-ksk', {
    name: 'ksk_name',
    status: 'ACTIVE',
    hostedZoneId: hostedZone.hostedZoneId,
    keyManagementServiceArn: kmsKeyArn,
  });

  const dnssec = new Route53.CfnDNSSEC(this, 'dnssec', {
    hostedZoneId: hostedZone.hostedZoneId,
  });
  dnssec.node.addDependency(ksk);

  // Add the DS record using the struct provided by this package
  const dnssecRecord = new DnssecRecordStruct(this, 'dnssec-record', {
    keySigningKey: dnssecKeySigning,
    hostedZone: hostedZone,
    parentHostedZone: parentHostedZone,
  });
  dnssecRecord.node.addDependency(dnssec);

}

API Reference

Constructs

DnssecRecordStruct

Initializers 

import { DnssecRecordStruct } from '@gemeentenijmegen/dnssec-record'

new DnssecRecordStruct(scope: Construct, id: string, props: DnssecRecordStructProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props DnssecRecordStructProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { DnssecRecordStruct } from '@gemeentenijmegen/dnssec-record'

DnssecRecordStruct.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

Structs

DnssecRecordStructProps

Initializer 

import { DnssecRecordStructProps } from '@gemeentenijmegen/dnssec-record'

const dnssecRecordStructProps: DnssecRecordStructProps = { ... }

Properties

Name Type Description
hostedZone aws-cdk-lib.aws_route53.IHostedZone No description.
keySigningKey aws-cdk-lib.aws_route53.CfnKeySigningKey No description.
parentHostedZone aws-cdk-lib.aws_route53.IHostedZone No description.
forceUpdate string Force update Pass a random string to trigger an update in this custom resource.
roleToAssume string Set a role to assume for creating the DNSSEC record Can be used for cross account DS record creation.
hostedZoneRequired 
public readonly hostedZone: IHostedZone;
  • Type: aws-cdk-lib.aws_route53.IHostedZone
keySigningKeyRequired 
public readonly keySigningKey: CfnKeySigningKey;
  • Type: aws-cdk-lib.aws_route53.CfnKeySigningKey
parentHostedZoneRequired 
public readonly parentHostedZone: IHostedZone;
  • Type: aws-cdk-lib.aws_route53.IHostedZone
forceUpdateOptional 
public readonly forceUpdate: string;
  • Type: string

Force update Pass a random string to trigger an update in this custom resource.

roleToAssumeOptional 
public readonly roleToAssume: string;
  • Type: string

Set a role to assume for creating the DNSSEC record Can be used for cross account DS record creation.