aws-route53: `Not able to retrieve Name Servers for fake-name due to it being imported.` CrossAccountZoneDelegationRecord `delegatedZone` validation on NameServers blocks using Custom Resource to retrieve NameServers

Question

aws-route53: `Not able to retrieve Name Servers for fake-name due to it being imported.` CrossAccountZoneDelegationRecord `delegatedZone` validation on NameServers blocks using Custom Resource to retrieve NameServers

samson-keung opened this issue 19 days ago · comments

Please add your +1 👍 to let us know you have encountered this

Status: RESOLVED

Overview:

Versions 2.145.0-2.147.0 will throw a synthesis error when passing an imported delegatedZone to route53.CrossAccountZoneDelegationRecord. For example, the following code will throw:

   const parentZone = new route53.PublicHostedZone(stack, 'ParentHostedZone', {
      zoneName: 'myzone.com',
    });

    const childZone = route53.PublicHostedZone.fromPublicHostedZoneAttributes(stack, 'ChildHostedZone', {
      hostedZoneId: 'my-id',
      zoneName: 'my-name,
    });

 new route53.CrossAccountZoneDelegationRecord(stack, 'Delegation', {
      delegatedZone: childZone,
      parentHostedZoneId: parentZone.hostedZoneId,
      delegationRole: parentZone.crossAccountZoneDelegationRole,
    });

Complete Error Message:

Not able to retrieve Name Servers for my-name due to it being imported.

Workaround:

Pin the version of aws-cdk-lib to 2.144.0.

Solution:

Related Issues:

Original Report

Describe the bug

The fix in #30440 is blocking users from using custom resource to retrieve the delegated zone name servers.

Expected Behavior

CDK should not throw error that blocks the user when the delegated zone is imported and does not have Name Servers information as users can use custom resource to retrieve the NS.

Current Behavior

CrossAccountZoneDelegationRecord throws when delegatedZone is imported.

Reproduction Steps

Following code will throw the error in question:

    const stack = new Stack();
    const parentZone = new route53.PublicHostedZone(stack, 'ParentHostedZone', {
      zoneName: 'myzone.com',
      crossAccountZoneDelegationPrincipal: new iam.AccountPrincipal('123456789012'),
    });

    // WHEN
    const childZone = route53.PublicHostedZone.fromPublicHostedZoneAttributes(stack, 'ChildHostedZone', {
      hostedZoneId: 'fake-id',
      zoneName: 'fake-name',
    });

    new route53.CrossAccountZoneDelegationRecord(stack, 'Delegation', {
      delegatedZone: childZone,
      parentHostedZoneId: parentZone.hostedZoneId,
      delegationRole: parentZone.crossAccountZoneDelegationRole,
    });

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.146.0

Framework Version

No response

Node.js Version

20

OS

mac

Language

TypeScript

Language Version

No response

Other information

No response

Kendra Neil · Answer 1 · Fri Jun 21 2024 09:07:53 GMT+0800 (China Standard Time)

This is a regression and therefore a p0. Updating the label here.

github-actions · Answer 2 · Sat Jun 22 2024 00:24:25 GMT+0800 (China Standard Time)

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

github-actions · Answer 3 · Sat Jun 22 2024 00:24:25 GMT+0800 (China Standard Time)

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.