chore: filter and pick single public hosted zone

cf-custom-resources/lib/custom-domain-app-runner.js

@@ -95,7 +95,10 @@ exports.handler = async function (event, context) {
             }),
         });
         appRunnerClient = new AWS.AppRunner();
-        appHostedZoneID = await domainHostedZoneID(appDNSName);
+        appHostedZoneID = props.RootHostedZoneId
+        if (!appHostedZoneID){
+            appHostedZoneID = await domainHostedZoneID(appDNSName);
+        }
         switch (event.RequestType) {
             case "Create":
             case "Update":

cf-custom-resources/lib/custom-domain.js

@@ -98,7 +98,10 @@ const writeCustomDomainRecord = async function (
   accessDNS,
   accessHostedZone,
   aliasTypes,
-  action
+  action,
+  rootHostedZoneId,
+  appHostedZoneId,
+  envHostedZoneId
 ) {
   const actions = [];
   for (const alias of aliases) {
@@ -111,7 +114,8 @@ const writeCustomDomainRecord = async function (
           accessDNS,
           accessHostedZone,
           aliasType.domain,
-          action
+          action,
+          envHostedZoneId
         ));
         break;
       case aliasTypes.AppDomainZone:
@@ -121,7 +125,8 @@ const writeCustomDomainRecord = async function (
           accessDNS,
           accessHostedZone,
           aliasType.domain,
-          action
+          action,
+          appHostedZoneId
         ));
         break;
       case aliasTypes.RootDomainZone:
@@ -131,7 +136,8 @@ const writeCustomDomainRecord = async function (
           accessDNS,
           accessHostedZone,
           aliasType.domain,
-          action
+          action,
+          rootHostedZoneId
         ));
         break;
       // We'll skip if it is the other alias type since it will be in another account's route53.
@@ -147,9 +153,10 @@ const writeARecord = async function (
   accessDNS,
   accessHostedZone,
   domain,
-  action
+  action,
+  hostedZoneID
 ) {
-  let hostedZoneId = hostedZoneCache.get(domain);
+  let hostedZoneId = hostedZoneID || hostedZoneCache.get(domain);
   if (!hostedZoneId) {
     const hostedZones = await route53
       .listHostedZonesByName({
@@ -233,6 +240,9 @@ exports.handler = async function (event, context) {
           props.PublicAccessHostedZone,
           aliasTypes,
           changeRecordAction.Upsert,
+          props.RootHostedZoneId,
+          props.AppHostedZoneId,
+          props.EnvHostedZoneId
         );
         break;
       case "Update":
@@ -244,6 +254,9 @@ exports.handler = async function (event, context) {
           props.PublicAccessHostedZone,
           aliasTypes,
           changeRecordAction.Upsert,
+          props.RootHostedZoneId,
+          props.AppHostedZoneId,
+          props.EnvHostedZoneId
         );
         // After upserting new aliases, delete unused ones. For example: previously we have ["foo.com", "bar.com"],
         // and now the aliases param is updated to just ["foo.com"] then we'll delete "bar.com".
@@ -261,6 +274,9 @@ exports.handler = async function (event, context) {
           props.PublicAccessHostedZone,
           aliasTypes,
           changeRecordAction.Delete,
+          props.RootHostedZoneId,
+          props.AppHostedZoneId,
+          props.EnvHostedZoneId
         );
         break;
       case "Delete":
@@ -271,7 +287,10 @@ exports.handler = async function (event, context) {
           props.PublicAccessDNS,
           props.PublicAccessHostedZone,
           aliasTypes,
-          changeRecordAction.Delete
+          changeRecordAction.Delete,
+          props.RootHostedZoneId,
+          props.AppHostedZoneId,
+          props.EnvHostedZoneId
         );
         break;
       default:

cf-custom-resources/lib/dns-cert-validator.js

@@ -212,6 +212,8 @@ const validateCertificate = async function(
     options,
     envRoute53,
     appRoute53,
+    rootHostedZoneId,
+    appHostedZoneId,
     envHostedZoneId,
     certificateARN,
     acm
@@ -221,6 +223,8 @@ const validateCertificate = async function(
       options,
       envRoute53,
       appRoute53,
+      rootHostedZoneId,
+      appHostedZoneId,
       envHostedZoneId
   );
 
@@ -241,7 +245,9 @@ const updateHostedZoneRecords = async function (
   options,
   envRoute53,
   appRoute53,
-  envHostedZoneId
+  rootHostedZoneId,
+  appHostedZoneId,
+  envHostedZoneId,
 ) {
   const promises = [];
   for (const option of options) {
@@ -265,6 +271,7 @@ const updateHostedZoneRecords = async function (
             record: option.ResourceRecord,
             action: action,
             domainName: domainType.domain,
+            hostedZoneId: appHostedZoneId,
           })
         );
         break;
@@ -275,6 +282,7 @@ const updateHostedZoneRecords = async function (
             record: option.ResourceRecord,
             action: action,
             domainName: domainType.domain,
+            hostedZoneId: rootHostedZoneId,
           })
         );
         break;
@@ -293,6 +301,8 @@ const deleteHostedZoneRecords = async function (
   envRoute53,
   appRoute53,
   acm,
+  rootHostedZoneId,
+  appHostedZoneId,
   envHostedZoneId
 ) {
   let listCertificatesInput = {};
@@ -354,6 +364,8 @@ const deleteHostedZoneRecords = async function (
         filteredRecordOption,
         envRoute53,
         appRoute53,
+        rootHostedZoneId,
+        appHostedZoneId,
         envHostedZoneId
     );
   } catch (e) {
@@ -416,6 +428,8 @@ const deleteCertificate = async function (
   arn,
   certDomain,
   region,
+  rootHostedZoneId,
+  appHostedZoneId,
   envHostedZoneId,
   rootDnsRole
 ) {
@@ -463,6 +477,8 @@ const deleteCertificate = async function (
       envRoute53,
       appRoute53,
       acm,
+      rootHostedZoneId,
+      appHostedZoneId,
       envHostedZoneId
     );
 
@@ -626,7 +642,7 @@ exports.certificateRequestHandler = async function (event, context) {
         );
         responseData.Arn = physicalResourceId = response.CertificateArn;  // Set physicalResourceId as soon as we can.
         options = await waitForValidationOptionsToBeReady(response.CertificateArn, sansToUse, acm);
-        await validateCertificate(options, envRoute53, appRoute53, props.EnvHostedZoneId, response.CertificateArn, acm);
+        await validateCertificate(options, envRoute53, appRoute53, props.RootHostedZoneId, props.AppHostedZoneId, props.EnvHostedZoneId, response.CertificateArn, acm);
         break;
       case "Update":
         // Exit early if cert doesn't change.
@@ -644,7 +660,7 @@ exports.certificateRequestHandler = async function (event, context) {
         );
         responseData.Arn = physicalResourceId = response.CertificateArn;
         options = await waitForValidationOptionsToBeReady(response.CertificateArn, sansToUse, acm);
-        await validateCertificate(options, envRoute53, appRoute53, props.EnvHostedZoneId, response.CertificateArn, acm);
+        await validateCertificate(options, envRoute53, appRoute53, props.RootHostedZoneId, props.AppHostedZoneId, props.EnvHostedZoneId, response.CertificateArn, acm);
         break;
       case "Delete":
         // If the resource didn't create correctly, the physical resource ID won't be the
@@ -654,6 +670,8 @@ exports.certificateRequestHandler = async function (event, context) {
             physicalResourceId,
             certDomain,
             props.Region,
+            props.RootHostedZoneId, 
+            props.AppHostedZoneId,
             props.EnvHostedZoneId,
             props.RootDNSRole
           );

cf-custom-resources/lib/dns-delegation.js

@@ -90,15 +90,16 @@ const createSubdomainInRoot = async function (
   domainName,
   subDomain,
   nameServers,
-  rootDnsRole
+  rootDnsRole,
+  hostedZoneId
 ) {
   const route53 = new aws.Route53({
     credentials: new aws.ChainableTemporaryCredentials({
       params: { RoleArn: rootDnsRole },
       masterCredentials: new aws.EnvironmentCredentials("AWS"),
     }),
   });
-
+  if (!hostedZoneId) {
   const hostedZones = await route53
     .listHostedZonesByName({
       DNSName: domainName,
@@ -115,8 +116,8 @@ const createSubdomainInRoot = async function (
 
   // HostedZoneIDs are of the form /hostedzone/1234455, but the actual
   // ID is after the last slash.
-  const hostedZoneId = domainHostedZone.Id.split("/").pop();
-
+  hostedZoneId = domainHostedZone.Id.split("/").pop();
+  }
   const changeBatch = await route53
     .changeResourceRecordSets({
       ChangeBatch: {
@@ -158,15 +159,16 @@ const deleteSubdomainInRoot = async function (
   requestId,
   domainName,
   subDomain,
-  rootDnsRole
+  rootDnsRole,
+  hostedZoneId
 ) {
   const route53 = new aws.Route53({
     credentials: new aws.ChainableTemporaryCredentials({
       params: { RoleArn: rootDnsRole },
       masterCredentials: new aws.EnvironmentCredentials("AWS"),
     }),
   });
-
+  if (!hostedZoneId) {
   const hostedZones = await route53
     .listHostedZonesByName({
       DNSName: domainName,
@@ -183,8 +185,8 @@ const deleteSubdomainInRoot = async function (
 
   // HostedZoneIDs are of the form /hostedzone/1234455, but the actual
   // ID is after the last slash.
-  const hostedZoneId = domainHostedZone.Id.split("/").pop();
-
+  hostedZoneId = domainHostedZone.Id.split("/").pop();
+  }
   // Find the recordsets for this subdomain, and then remove it
   // from the hosted zone.
   const recordSets = await route53
@@ -275,15 +277,17 @@ exports.domainDelegationHandler = async function (event, context) {
           props.DomainName,
           props.SubdomainName,
           props.NameServers,
-          props.RootDNSRole
+          props.RootDNSRole,
+          props.RootHostedZoneId
         );
         break;
       case "Delete":
         await deleteSubdomainInRoot(
           event.RequestId,
           props.DomainName,
           props.SubdomainName,
-          props.RootDNSRole
+          props.RootDNSRole,
+          props.RootHostedZoneId
         );
         break;
       default:

cf-custom-resources/lib/wkld-cert-validator.js

@@ -10,7 +10,7 @@ const ATTEMPTS_CERTIFICATE_VALIDATED = 19;
 const ATTEMPTS_CERTIFICATE_NOT_IN_USE = 12;
 const DELAY_CERTIFICATE_VALIDATED_IN_S = 30;
 
-let envHostedZoneID, appName, envName, serviceName, certificateDomain, domainTypes, rootDNSRole, domainName, isCloudFrontCert;
+let rootHostedZoneID,appHostedZoneID,envHostedZoneID, appName, envName, serviceName, certificateDomain, domainTypes, rootDNSRole, domainName, isCloudFrontCert;
 let defaultSleep = function (ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 };
@@ -168,6 +168,8 @@ exports.handler = async function (event, context) {
   const aliases = new Set(props.Aliases);
 
   // Initialize global variables.
+  rootHostedZoneID = props.RootHostedZoneId;
+  appHostedZoneID = props.AppHostedZoneId;
   envHostedZoneID = props.EnvHostedZoneId;
   envName = props.EnvName;
   appName = props.AppName;
@@ -748,17 +750,23 @@ async function domainResources(alias) {
     };
   }
   if (domainTypes.AppDomainZone.regex.test(alias)) {
+    if (!appHostedZoneID){
+      appHostedZoneID = await hostedZoneID.app()
+    }
     return {
       domain: domainTypes.AppDomainZone.domain,
       route53Client: clients.app.route53(),
-      hostedZoneID: await hostedZoneID.app(),
+      hostedZoneID: appHostedZoneID,
     };
   }
   if (domainTypes.RootDomainZone.regex.test(alias)) {
+    if (!rootHostedZoneID){
+      rootHostedZoneID = await hostedZoneID.root()
+    }
     return {
       domain: domainTypes.RootDomainZone.domain,
       route53Client: clients.root.route53(),
-      hostedZoneID: await hostedZoneID.root(),
+      hostedZoneID: rootHostedZoneID,
     };
   }
   throw new UnrecognizedDomainTypeError(`unrecognized domain type for ${alias}`);

cf-custom-resources/lib/wkld-custom-domain.js

@@ -6,7 +6,7 @@ const ATTEMPTS_VALIDATION_OPTIONS_READY = 10;
 const ATTEMPTS_RECORD_SETS_CHANGE = 10;
 const DELAY_RECORD_SETS_CHANGE_IN_S = 30;
 
-let envHostedZoneID, appName, envName, serviceName, domainTypes, rootDNSRole, domainName;
+let rootHostedZoneID,appHostedZoneID,envHostedZoneID, appName, envName, serviceName, domainTypes, rootDNSRole, domainName;
 let defaultSleep = function (ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 };
@@ -157,6 +157,8 @@ exports.handler = async function (event, context) {
   const aliases = new Set(props.Aliases);
 
   // Initialize global variables.
+  rootHostedZoneID = props.RootHostedZoneId;
+  appHostedZoneID = props.AppHostedZoneId;
   envHostedZoneID = props.EnvHostedZoneId;
   envName = props.EnvName;
   appName = props.AppName;
@@ -444,17 +446,23 @@ async function domainResources(alias) {
     };
   }
   if (domainTypes.AppDomainZone.regex.test(alias)) {
+    if (!appHostedZoneID){
+      appHostedZoneID = await hostedZoneID.app()
+    }
     return {
       domain: domainTypes.AppDomainZone.domain,
       route53Client: clients.app.route53(),
-      hostedZoneID: await hostedZoneID.app(),
+      hostedZoneID: appHostedZoneID,
     };
   }
   if (domainTypes.RootDomainZone.regex.test(alias)) {
+    if (!rootHostedZoneID){
+      rootHostedZoneID = await hostedZoneID.root()
+    }
     return {
       domain: domainTypes.RootDomainZone.domain,
       route53Client: clients.root.route53(),
-      hostedZoneID: await hostedZoneID.root(),
+      hostedZoneID: rootHostedZoneID,
     };
   }
   throw new UnrecognizedDomainTypeError(`unrecognized domain type for ${alias}`);