From 5e73dd089360a999cd86920b6d42bf69b1c0ded1 Mon Sep 17 00:00:00 2001 From: "Kenta Goto (k.goto)" <24818752+go-to-k@users.noreply.github.com> Date: Thu, 12 Dec 2024 07:27:46 +0900 Subject: [PATCH] fix(route53-targets): deprecated method for dns name is used in userpool domain target (under feature flag) (#31403) ### Reason for this change The [PR](https://github.com/aws/aws-cdk/pull/31402) created a new method to get CloudFront DNS name in Cognito user pool domain. A custom resource is created in the old method, but is not in the new method. However, the `UserPoolDomainTarget` in the `route53-targets` module continues to use the old method. So we should change to use the new method. ### Description of changes The `bind` method in the `UserPoolDomainTarget` implements `IAliasRecordTarget` interface, so a new method instead of the `bind` cannot be created. Therefore, I take it using a feature flag. ### Description of how you validated changes Both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 137 ++++++++++ .../tree.json | 252 ++++++++++++++++++ .../userpool-domain-alias-target.assets.json | 19 ++ ...userpool-domain-alias-target.template.json | 121 +++++++++ ...efaultTestDeployAssert300E1214.assets.json | 19 ++ ...aultTestDeployAssert300E1214.template.json | 36 +++ .../integ.userpool-domain-alias-target.ts | 35 +++ .../lib/userpool-domain.ts | 9 +- .../test/userpool-domain.test.ts | 40 +++ packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md | 20 +- packages/aws-cdk-lib/cx-api/README.md | 21 +- packages/aws-cdk-lib/cx-api/lib/features.ts | 15 ++ 14 files changed, 733 insertions(+), 4 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpool-domain-alias-target.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpool-domain-alias-target.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/cdk.out new file mode 100644 index 0000000000000..bd5311dc372de --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/integ.json new file mode 100644 index 0000000000000..c761e0fe97996 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.5", + "testCases": { + "userpool-domain-alias-target-integ/DefaultTest": { + "stacks": [ + "userpool-domain-alias-target" + ], + "assertionStack": "userpool-domain-alias-target-integ/DefaultTest/DeployAssert", + "assertionStackName": "userpooldomainaliastargetintegDefaultTestDeployAssert300E1214" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/manifest.json new file mode 100644 index 0000000000000..6ac48d6c5fe54 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/manifest.json @@ -0,0 +1,137 @@ +{ + "version": "36.0.5", + "artifacts": { + "userpool-domain-alias-target.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "userpool-domain-alias-target.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "userpool-domain-alias-target": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "userpool-domain-alias-target.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2e025358babe54da3a4af9a7cbcc33007356442b7f6c6b780ad3f5822446276a.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "userpool-domain-alias-target.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "userpool-domain-alias-target.assets" + ], + "metadata": { + "/userpool-domain-alias-target/HostedZone/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "HostedZoneDB99F866" + } + ], + "/userpool-domain-alias-target/HostedZone/Alias/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "HostedZoneAlias40D2E006" + } + ], + "/userpool-domain-alias-target/UserPool/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "UserPool6BA7E5F2" + } + ], + "/userpool-domain-alias-target/UserPoolDomain/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "UserPoolDomain5479B217" + } + ], + "/userpool-domain-alias-target/AWSCloudFrontPartitionHostedZoneIdMap": [ + { + "type": "aws:cdk:logicalId", + "data": "AWSCloudFrontPartitionHostedZoneIdMap" + } + ], + "/userpool-domain-alias-target/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/userpool-domain-alias-target/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "userpool-domain-alias-target" + }, + "userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "userpooldomainaliastargetintegDefaultTestDeployAssert300E1214": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.assets" + ], + "metadata": { + "/userpool-domain-alias-target-integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/userpool-domain-alias-target-integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "userpool-domain-alias-target-integ/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/tree.json new file mode 100644 index 0000000000000..663dae59cc12b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/tree.json @@ -0,0 +1,252 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "userpool-domain-alias-target": { + "id": "userpool-domain-alias-target", + "path": "userpool-domain-alias-target", + "children": { + "HostedZone": { + "id": "HostedZone", + "path": "userpool-domain-alias-target/HostedZone", + "children": { + "Resource": { + "id": "Resource", + "path": "userpool-domain-alias-target/HostedZone/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::HostedZone", + "aws:cdk:cloudformation:props": { + "name": "test.public." + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Alias": { + "id": "Alias", + "path": "userpool-domain-alias-target/HostedZone/Alias", + "children": { + "Resource": { + "id": "Resource", + "path": "userpool-domain-alias-target/HostedZone/Alias/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "aliasTarget": { + "dnsName": { + "Fn::GetAtt": [ + "UserPoolDomain5479B217", + "CloudFrontDistribution" + ] + }, + "hostedZoneId": { + "Fn::FindInMap": [ + "AWSCloudFrontPartitionHostedZoneIdMap", + { + "Ref": "AWS::Partition" + }, + "zoneId" + ] + } + }, + "hostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "name": "test.public.", + "type": "A" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "UserPool": { + "id": "UserPool", + "path": "userpool-domain-alias-target/UserPool", + "children": { + "Resource": { + "id": "Resource", + "path": "userpool-domain-alias-target/UserPool/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "UserPoolDomain": { + "id": "UserPoolDomain", + "path": "userpool-domain-alias-target/UserPoolDomain", + "children": { + "Resource": { + "id": "Resource", + "path": "userpool-domain-alias-target/UserPoolDomain/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolDomain", + "aws:cdk:cloudformation:props": { + "domain": "domain-prefix", + "userPoolId": { + "Ref": "UserPool6BA7E5F2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "AWSCloudFrontPartitionHostedZoneIdMap": { + "id": "AWSCloudFrontPartitionHostedZoneIdMap", + "path": "userpool-domain-alias-target/AWSCloudFrontPartitionHostedZoneIdMap", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "userpool-domain-alias-target/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "userpool-domain-alias-target/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "userpool-domain-alias-target-integ": { + "id": "userpool-domain-alias-target-integ", + "path": "userpool-domain-alias-target-integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "userpool-domain-alias-target-integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "userpool-domain-alias-target-integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "userpool-domain-alias-target-integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "userpool-domain-alias-target-integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "userpool-domain-alias-target-integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpool-domain-alias-target.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpool-domain-alias-target.assets.json new file mode 100644 index 0000000000000..5c348dca4b3ca --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpool-domain-alias-target.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "2e025358babe54da3a4af9a7cbcc33007356442b7f6c6b780ad3f5822446276a": { + "source": { + "path": "userpool-domain-alias-target.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "2e025358babe54da3a4af9a7cbcc33007356442b7f6c6b780ad3f5822446276a.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpool-domain-alias-target.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpool-domain-alias-target.template.json new file mode 100644 index 0000000000000..05e28b31be4a5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpool-domain-alias-target.template.json @@ -0,0 +1,121 @@ +{ + "Resources": { + "HostedZoneDB99F866": { + "Type": "AWS::Route53::HostedZone", + "Properties": { + "Name": "test.public." + } + }, + "HostedZoneAlias40D2E006": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "AliasTarget": { + "DNSName": { + "Fn::GetAtt": [ + "UserPoolDomain5479B217", + "CloudFrontDistribution" + ] + }, + "HostedZoneId": { + "Fn::FindInMap": [ + "AWSCloudFrontPartitionHostedZoneIdMap", + { + "Ref": "AWS::Partition" + }, + "zoneId" + ] + } + }, + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "test.public.", + "Type": "A" + } + }, + "UserPool6BA7E5F2": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "UserPoolDomain5479B217": { + "Type": "AWS::Cognito::UserPoolDomain", + "Properties": { + "Domain": "domain-prefix", + "UserPoolId": { + "Ref": "UserPool6BA7E5F2" + } + } + } + }, + "Mappings": { + "AWSCloudFrontPartitionHostedZoneIdMap": { + "aws": { + "zoneId": "Z2FDTNDATAQYW2" + }, + "aws-cn": { + "zoneId": "Z3RFFRIM2A3IF5" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.assets.json new file mode 100644 index 0000000000000..a9038125fd223 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.js.snapshot/userpooldomainaliastargetintegDefaultTestDeployAssert300E1214.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.ts new file mode 100644 index 0000000000000..2b9c57b17915a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.userpool-domain-alias-target.ts @@ -0,0 +1,35 @@ +#!/usr/bin/env node +import * as route53 from 'aws-cdk-lib/aws-route53'; +import { App, Stack } from 'aws-cdk-lib'; +import { Construct } from 'constructs'; +import * as targets from 'aws-cdk-lib/aws-route53-targets'; +import { USER_POOL_DOMAIN_NAME_METHOD_WITHOUT_CUSTOM_RESOURCE } from 'aws-cdk-lib/cx-api'; +import { UserPool, UserPoolDomain } from 'aws-cdk-lib/aws-cognito'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +class TestStack extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + + const zone = new route53.PublicHostedZone(this, 'HostedZone', { zoneName: 'test.public' }); + const userPool = new UserPool(this, 'UserPool'); + const domain = new UserPoolDomain(this, 'UserPoolDomain', { + userPool, + cognitoDomain: { domainPrefix: 'domain-prefix' }, + }); + + new route53.ARecord(zone, 'Alias', { + zone, + target: route53.RecordTarget.fromAlias(new targets.UserPoolDomainTarget(domain)), + }); + } +} + +const app = new App({ + context: { [USER_POOL_DOMAIN_NAME_METHOD_WITHOUT_CUSTOM_RESOURCE]: true }, +}); +const stack = new TestStack(app, 'userpool-domain-alias-target'); +new IntegTest(app, 'userpool-domain-alias-target-integ', { + testCases: [stack], +}); +app.synth(); diff --git a/packages/aws-cdk-lib/aws-route53-targets/lib/userpool-domain.ts b/packages/aws-cdk-lib/aws-route53-targets/lib/userpool-domain.ts index a081716831d5e..e260fc1e0329b 100644 --- a/packages/aws-cdk-lib/aws-route53-targets/lib/userpool-domain.ts +++ b/packages/aws-cdk-lib/aws-route53-targets/lib/userpool-domain.ts @@ -1,6 +1,8 @@ import { CloudFrontTarget } from './cloudfront-target'; import { UserPoolDomain } from '../../aws-cognito'; import { AliasRecordTargetConfig, IAliasRecordTarget, IHostedZone, IRecordSet } from '../../aws-route53'; +import { FeatureFlags } from '../../core'; +import { USER_POOL_DOMAIN_NAME_METHOD_WITHOUT_CUSTOM_RESOURCE } from '../../cx-api'; /** * Use a user pool domain as an alias record target @@ -9,9 +11,12 @@ export class UserPoolDomainTarget implements IAliasRecordTarget { constructor(private readonly domain: UserPoolDomain) { } - public bind(_record: IRecordSet, _zone?: IHostedZone): AliasRecordTargetConfig { + public bind(record: IRecordSet, _zone?: IHostedZone): AliasRecordTargetConfig { + const dnsName = FeatureFlags.of(record).isEnabled(USER_POOL_DOMAIN_NAME_METHOD_WITHOUT_CUSTOM_RESOURCE) + ? this.domain.cloudFrontEndpoint + : this.domain.cloudFrontDomainName; return { - dnsName: this.domain.cloudFrontDomainName, + dnsName, hostedZoneId: CloudFrontTarget.getHostedZoneId(this.domain), }; } diff --git a/packages/aws-cdk-lib/aws-route53-targets/test/userpool-domain.test.ts b/packages/aws-cdk-lib/aws-route53-targets/test/userpool-domain.test.ts index 0a9f6b4ecd336..94460899e81e9 100644 --- a/packages/aws-cdk-lib/aws-route53-targets/test/userpool-domain.test.ts +++ b/packages/aws-cdk-lib/aws-route53-targets/test/userpool-domain.test.ts @@ -2,6 +2,7 @@ import { Template } from '../../assertions'; import { UserPool, UserPoolDomain } from '../../aws-cognito'; import { ARecord, PublicHostedZone, RecordTarget } from '../../aws-route53'; import { Stack } from '../../core'; +import { USER_POOL_DOMAIN_NAME_METHOD_WITHOUT_CUSTOM_RESOURCE } from '../../cx-api'; import { UserPoolDomainTarget } from '../lib'; test('use user pool domain as record target', () => { @@ -38,3 +39,42 @@ test('use user pool domain as record target', () => { }, }); }); + +test('can get dns name without custom resource if feature flag is set', () => { + // GIVEN + const stack = new Stack(); + stack.node.setContext(USER_POOL_DOMAIN_NAME_METHOD_WITHOUT_CUSTOM_RESOURCE, true); + const zone = new PublicHostedZone(stack, 'HostedZone', { zoneName: 'test.public' }); + const userPool = new UserPool(stack, 'UserPool'); + const domain = new UserPoolDomain(stack, 'UserPoolDomain', { + userPool, + cognitoDomain: { domainPrefix: 'domain-prefix' }, + }); + + // WHEN + new ARecord(zone, 'Alias', { + zone, + target: RecordTarget.fromAlias(new UserPoolDomainTarget(domain)), + }); + const template = Template.fromStack(stack); + + // THEN + template.hasResourceProperties('AWS::Route53::RecordSet', { + AliasTarget: { + DNSName: { + 'Fn::GetAtt': ['UserPoolDomain5479B217', 'CloudFrontDistribution'], + }, + HostedZoneId: { + 'Fn::FindInMap': [ + 'AWSCloudFrontPartitionHostedZoneIdMap', + { + Ref: 'AWS::Partition', + }, + 'zoneId', + ], + }, + }, + }); + template.resourceCountIs('AWS::Lambda::Function', 0); + template.resourceCountIs('Custom::UserPoolCloudFrontDomainName', 0); +}); diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index ed9e96757c561..040958bd0c5eb 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -83,6 +83,7 @@ Flags come in three types: | [@aws-cdk/aws-dynamodb:resourcePolicyPerReplica](#aws-cdkaws-dynamodbresourcepolicyperreplica) | When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas | 2.164.0 | (fix) | | [@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault](#aws-cdkaws-ec2bastionhostuseamazonlinux2023bydefault) | When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2. | 2.172.0 | (default) | | [@aws-cdk/core:aspectStabilization](#aws-cdkcoreaspectstabilization) | When enabled, a stabilization loop will be run when invoking Aspects during synthesis. | 2.172.0 | (config) | +| [@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource](#aws-cdkaws-route53-targetsuserpooldomainnamemethodwithoutcustomresource) | When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource. | V2NEXT | (fix) | @@ -153,7 +154,8 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true, "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true, "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true, - "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": true + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": true, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": true } } ``` @@ -1570,4 +1572,20 @@ When this feature flag is enabled, a stabilization loop is run to recurse the co | 2.172.0 | `true` | `true` | +### @aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource + +*When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource.* (fix) + +When this feature flag is enabled, a new method will be used to get the DNS Name of the user pool domain target. The old method +creates a custom resource internally, but the new method doesn't need a custom resource. + +If the flag is set to false then a custom resource will be created when using `UserPoolDomainTarget`. + + +| Since | Default | Recommended | +| ----- | ----- | ----- | +| (not in v1) | | | +| V2NEXT | `false` | `true` | + + diff --git a/packages/aws-cdk-lib/cx-api/README.md b/packages/aws-cdk-lib/cx-api/README.md index f90bcac9b4f13..5bba4c9198135 100644 --- a/packages/aws-cdk-lib/cx-api/README.md +++ b/packages/aws-cdk-lib/cx-api/README.md @@ -493,4 +493,23 @@ _cdk.json_ "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": false, }, } -``` \ No newline at end of file +``` + +* `@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource` + +When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource. + +When this feature flag is enabled, a new method will be used to get the DNS Name of the user pool domain target. The old method +creates a custom resource internally, but the new method doesn't need a custom resource. + +If the flag is set to false then a custom resource will be created when using `UserPoolDomainTarget`. + +_cdk.json_ + +```json +{ + "context": { + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": true + } +} +``` diff --git a/packages/aws-cdk-lib/cx-api/lib/features.ts b/packages/aws-cdk-lib/cx-api/lib/features.ts index 120e4a4a6b4d8..72ab65805054f 100644 --- a/packages/aws-cdk-lib/cx-api/lib/features.ts +++ b/packages/aws-cdk-lib/cx-api/lib/features.ts @@ -117,6 +117,7 @@ export const LAMBDA_NODEJS_SDK_V3_EXCLUDE_SMITHY_PACKAGES = '@aws-cdk/aws-lambda export const STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY = '@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy'; export const BASTION_HOST_USE_AMAZON_LINUX_2023_BY_DEFAULT = '@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault'; export const ASPECT_STABILIZATION = '@aws-cdk/core:aspectStabilization'; +export const USER_POOL_DOMAIN_NAME_METHOD_WITHOUT_CUSTOM_RESOURCE = '@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource'; export const FLAGS: Record = { ////////////////////////////////////////////////////////////////////// @@ -1284,6 +1285,20 @@ export const FLAGS: Record = { introducedIn: { v2: '2.172.0' }, recommendedValue: true, }, + + ////////////////////////////////////////////////////////////////////// + [USER_POOL_DOMAIN_NAME_METHOD_WITHOUT_CUSTOM_RESOURCE]: { + type: FlagType.BugFix, + summary: 'When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource.', + detailsMd: ` + When this feature flag is enabled, a new method will be used to get the DNS Name of the user pool domain target. The old method + creates a custom resource internally, but the new method doesn't need a custom resource. + + If the flag is set to false then a custom resource will be created when using \`UserPoolDomainTarget\`. + `, + introducedIn: { v2: 'V2NEXT' }, + recommendedValue: true, + }, }; const CURRENT_MV = 'v2';