feat: Add cross-account subdomain constructs

kamp-us · Nov 1, 2022 · 7ab855c · 7ab855c
1 parent 0d4aa50
commit 7ab855c
Show file tree

Hide file tree

Showing 5 changed files with 90 additions and 10 deletions.
diff --git a/src/cross-account-delegation-role.ts b/src/cross-account-delegation-role.ts
@@ -0,0 +1,35 @@
+import { Stack } from 'aws-cdk-lib';
+import { IRole, Role } from 'aws-cdk-lib/aws-iam';
+import { Construct } from 'constructs';
+
+export interface CrossAccountDelegationRoleProps {
+  readonly organizationAccountID: string;
+  readonly delegationResourceName: string;
+}
+
+export interface ICrossAccountDelegationRole {
+  readonly role: IRole;
+}
+
+export class CrossAccountDelegationRole extends Construct {
+  public readonly roleArn: string;
+  public readonly role: IRole;
+
+  constructor(
+    scope: Construct,
+    id: string,
+    props: CrossAccountDelegationRoleProps
+  ) {
+    super(scope, id);
+
+    this.roleArn = Stack.of(this).formatArn({
+      region: '',
+      service: 'iam',
+      account: props.organizationAccountID,
+      resource: 'role',
+      resourceName: props.delegationResourceName,
+    });
+
+    this.role = Role.fromRoleArn(this, 'DelegationRole', this.roleArn);
+  }
+}
diff --git a/src/cross-account-subdomain.ts b/src/cross-account-subdomain.ts
@@ -0,0 +1,48 @@
+import {
+  CertificateValidation,
+  Certificate,
+} from 'aws-cdk-lib/aws-certificatemanager';
+import {
+  PublicHostedZone,
+  CrossAccountZoneDelegationRecord,
+} from 'aws-cdk-lib/aws-route53';
+import { Construct } from 'constructs';
+import { ICrossAccountDelegationRole } from './cross-account-delegation-role';
+
+export interface CrossAccountSubdomainProps {
+  readonly organizationAccountID: string;
+  readonly subdomain: string;
+  readonly rootDomain: string;
+
+  readonly delegationRole: ICrossAccountDelegationRole;
+}
+
+export class CrossAccountSubdomain extends Construct {
+  public readonly hostedZone: PublicHostedZone;
+  public readonly certificate: Certificate;
+
+  constructor(scope: Construct, id: string, props: CrossAccountSubdomainProps) {
+    super(scope, id);
+
+    const domainName = `${props.subdomain}.${props.rootDomain}`;
+
+    this.hostedZone = new PublicHostedZone(this, 'HostedZone', {
+      zoneName: domainName,
+    });
+
+    new CrossAccountZoneDelegationRecord(
+      this,
+      'CrossAccountZoneDelegationRecord',
+      {
+        delegatedZone: this.hostedZone,
+        parentHostedZoneName: props.rootDomain,
+        delegationRole: props.delegationRole.role,
+      }
+    );
+
+    this.certificate = new Certificate(this, 'DomainCertificate', {
+      domainName: domainName,
+      validation: CertificateValidation.fromDns(this.hostedZone),
+    });
+  }
+}
diff --git a/src/index.ts b/src/index.ts
@@ -1,5 +1,2 @@
-export class Hello {
-  public sayHello() {
-    return 'hello, world!';
-  }
-}
+export * from './cross-account-subdomain';
+export * from './cross-account-delegation-role';
diff --git a/test/dummy.test.ts b/test/dummy.test.ts
@@ -0,0 +1,5 @@
+describe('dummy tests', () => {
+  it('works', () => {
+    expect(5).toBe(5);
+  });
+});
diff --git a/test/hello.test.ts b/test/hello.test.ts