Search code examples
amazon-web-servicesaws-cdk

CDK: How to set the TTL of the NS record for a Route53 PublicHostedZone?

Problem

I created a Route 53 zone with the following code:

this.apiV2Zone = new PublicHostedZone(this, "ApiV2", {
  zoneName: "api-v2.example.com"
});

The zone was created as expected, but I noticed the TTL attribute for the NS record was set to 172800 (2 days). This is a bit high at the moment, because I'm just experimenting - setting the TTL lower won't cost me much for now.

But, how do I go about seting the TTL of the NS record with the CDK?

What I've tried

I tried to force the NS record myself with:

let target = RecordTarget.fromValues(
  ...this.apiV2Zone.hostedZoneNameServers ?? [] );
const recordSet = new RecordSet(this, 'ApiV2Ns', {
  recordType: RecordType.NS,
  target,
  zone: this.apiV2Zone,
  deleteExisting: true,
  recordName: this.apiV2Zone.zoneName,
  ttl: cdk.Duration.minutes(10),
});

But that failed on deploy with:

 Received response status [FAILED] from custom resource. Message returned: InvalidChangeBatch
: [A HostedZone must contain at least one NS record for the zone itself.]

Also tried with deleteExisting: false but that failed too because it was duplicating the existing NS record.

Workaround

Set it manually in the AWS console. Doesn't seem to cause any change to be reported when I do a CDK diff.

Solution

  • Have a CDK custom resource construct modify the Record Set. Add a AwsCustomResource to your stack with the hosted zone. It runs arbitrary SDK calls during the stack lifecycle. Configure it to call the ChangeResourceRecordSets API. The parameters you pass are specific to the API call. The construct adds a lambda function to the stack. The lambda, invoked by CloudFormation on stack create, executes the SDK call to update the record TTL.

    import { custom_resources as cr } from "aws-cdk-lib";

new cr.AwsCustomResource(this, "ChangeResourceRecordSets", {
  installLatestAwsSdk: false, // if false, lambda uses the preinstalled SDK (faster)
  timeout: Duration.minutes(5), // default is 2 minutes - may need more time
  onCreate: {
    service: "Route53",
    action: "changeResourceRecordSets",
    parameters: {
      HostedZoneId: this.apiV2Zone.hostedZoneId,
      ChangeBatch: {
        Comment: "Set a 10 minute TTL",
        Changes: [
          {
            Action: "UPSERT",
            ResourceRecordSet: {
              Name: this.apiV2Zone.zoneName,
              Type: "NS",
              TTL: Duration.minutes(10).toSeconds(),
              ResourceRecords: [
                {
                  Value: this.apiV2Zone.zoneName,
                },
              ],
            },
          },
        ],
      },
    },
    physicalResourceId: cr.PhysicalResourceId.of(
      `ChangeResourceRecordSets-${this.apiV2Zone.hostedZoneId}`
    ),
  },
  policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
    resources: [this.apiV2Zone.hostedZoneArn],
  }),
});