Skip to content

Resource: awsRoute53Zone

Manages a Route53 Hosted Zone. For managing Domain Name System Security Extensions (DNSSEC), see the awsRoute53KeySigningKey and awsRoute53HostedZoneDnssec resources.

Example Usage

Public Zone

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.route53Zone.Route53Zone(this, "primary", {
  name: "example.com",
});

Public Subdomain Zone

For use in subdomains, note that you need to create a awsRoute53Record of type ns as well as the subdomain zone.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsRoute53ZoneDev = new aws.route53Zone.Route53Zone(this, "dev", {
  name: "dev.example.com",
  tags: {
    Environment: "dev",
  },
});
const awsRoute53ZoneMain = new aws.route53Zone.Route53Zone(this, "main", {
  name: "example.com",
});
new aws.route53Record.Route53Record(this, "dev-ns", {
  name: "dev.example.com",
  records: awsRoute53ZoneDev.nameServers,
  ttl: "30",
  type: "NS",
  zoneId: awsRoute53ZoneMain.zoneId,
});

Private Zone

\~> NOTE: Terraform provides both exclusive VPC associations defined in-line in this resource via vpc configuration blocks and a separate Zone VPC Association resource. At this time, you cannot use in-line VPC associations in conjunction with any awsRoute53ZoneAssociation resources with the same zone ID otherwise it will cause a perpetual difference in plan output. You can optionally use the generic Terraform resource lifecycle configuration block with ignoreChanges to manage additional associations via the awsRoute53ZoneAssociation resource.

\~> NOTE: Private zones require at least one VPC association at all times.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.route53Zone.Route53Zone(this, "private", {
  name: "example.com",
  vpc: [
    {
      vpcId: "${aws_vpc.example.id}",
    },
  ],
});

Argument Reference

The following arguments are supported:

  • name - (Required) This is the name of the hosted zone.
  • comment - (Optional) A comment for the hosted zone. Defaults to 'Managed by Terraform'.
  • delegationSetId - (Optional) The ID of the reusable delegation set whose NS records you want to assign to the hosted zone. Conflicts with vpc as delegation sets can only be used for public zones.
  • forceDestroy - (Optional) Whether to destroy all records (possibly managed outside of Terraform) in the zone when destroying the zone.
  • tags - (Optional) A map of tags to assign to the zone. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
  • vpc - (Optional) Configuration block(s) specifying VPC(s) to associate with a private hosted zone. Conflicts with the delegationSetId argument in this resource and any awsRoute53ZoneAssociation resource specifying the same zone ID. Detailed below.

vpc Argument Reference

  • vpcId - (Required) ID of the VPC to associate.
  • vpcRegion - (Optional) Region of the VPC to associate. Defaults to AWS provider region.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - The Amazon Resource Name (ARN) of the Hosted Zone.
  • zoneId - The Hosted Zone ID. This can be referenced by zone records.
  • nameServers - A list of name servers in associated (or default) delegation set. Find more about delegation sets in AWS docs.
  • primaryNameServer - The Route 53 name server that created the SOA record.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

Route53 Zones can be imported using the zoneId, e.g.,

$ terraform import aws_route53_zone.myzone Z1D633PJN98FT9