awslabs · biffgaut · Jan 12, 2022 · Nov 23, 2021 · Nov 23, 2021 · Nov 23, 2021
@@ -1,5 +1,4 @@
 lib/*.js
 test/*.js
 *.d.ts
-coverage
-test/lambda/index.js
+coverage
@@ -42,11 +42,18 @@ const ourHostedZone = route53.HostedZone.fromLookup(this, 'HostedZone', {
     domainName: "example.com",
   });
 
+const certificate = acm.Certificate.fromCertificateArn(
+    stack,
+    "fake-cert",
+    "arn:aws:acm:us-east-1:123456789012:certificate/11112222-3333-1234-1234-123456789012"
+  );
+
 // This construct can only be attached to a configured API Gateway.
 new Route53ToApigateway(this, 'Route53ToApigatewayPattern', {
     existingApiGatewayObj: existingRestApi,
     existingHostedZoneInterface: ourHostedZone,
-    publicApi: true
+    publicApi: true,
+    existingCertificateInterface: certificate
 });
 
 ```
@@ -67,23 +74,23 @@ _Parameters_
 
 This construct cannot create a new Public Hosted Zone, if you are creating a public API you must supply an existing Public Hosted Zone that will be reconfigured with a new Alias record. Public Hosted Zones are configured with public domain names and are not well suited to be launched and torn down dynamically, so this construct will only reconfigure existing Public Hosted Zones.
 
-This construct can create Private Hosted Zones. If you want a Private Hosted Zone, then you can either provide an existing Private Hosted Zone or a privateHostedZoneProps value with at least the Domain Name defined. A private Rest API already exists in a VPC, so that VPC must be provided in the existingVpc prop. There is no scenario where this construct can create a new VPC (since it can't create a new API), so the vpcProps property is not supported on this construct.
+This construct can create Private Hosted Zones. If you want a Private Hosted Zone, then you can either provide an existing Private Hosted Zone or a privateHostedZoneProps value with at least the Domain Name defined. If you are using privateHostedZoneProps, an existing wildcard certificate (*.example.com) must be issued from a previous domain to be used in the newly created Private Hosted Zone. New certificate creation and validation do not take place in this construct. A private Rest API already exists in a VPC, so that VPC must be provided in the existingVpc prop. There is no scenario where this construct can create a new VPC (since it can't create a new API), so the vpcProps property is not supported on this construct.
 
 | **Name**     | **Type**        | **Description** |
 |:-------------|:----------------|-----------------|
 | publicApi | boolean | Whether the construct is deploying a private or public API. This has implications for the Hosted Zone and VPC. |
 | privateHostedZoneProps? | [route53.PrivateHostedZoneProps](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-route53.PrivateHostedZoneProps.html) | Optional custom properties for a new Private Hosted Zone. Cannot be specified for a public API. Cannot specify a VPC, it will use the VPC in existingVpc or the VPC created by the construct. Providing both this and existingHostedZoneInterface is an error. |
 | existingHostedZoneInterface? | [route53.IHostedZone](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-route53.IHostedZone.html) | Existing Public or Private Hosted Zone (type must match publicApi setting). Specifying both this and privateHostedZoneProps is an error. If this is a Private Hosted Zone, the associated VPC must be provided as the existingVpc property.|
-| existingVpc? | [ec2.IVpc](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.IVpc.html) | An existing VPC in which to deploy the construct. Providing both this and vpcProps is an error.|
+| existingVpc? | [ec2.IVpc](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.IVpc.html) | An existing VPC in which to deploy the construct.|
 |existingApiGatewayInterface|[api.IRestApi](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.IRestApi.html)|The existing API Gateway instance that will be connected to the Route 53 hosted zone. *Note that Route 53 can only be connected to a configured API Gateway, so this construct only accepts an existing IRestApi and does not accept apiGatewayProps.*|
-| existingCertificateInterface? |[certificatemanager.ICertificate](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-certificatemanager.ICertificate.html)| An existing AWS Certificate Manager certificate for your custom domain name.|
+| existingCertificateInterface |[certificatemanager.ICertificate](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-certificatemanager.ICertificate.html)| An existing AWS Certificate Manager certificate for your custom domain name.|
 
 ## Pattern Properties
 
 | **Name**     | **Type**        | **Description** |
 |:-------------|:----------------|-----------------|
 |hostedZone|[route53.IHostedZone](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-route53.IHostedZone.html)|The hosted zone used by the construct (whether created by the construct or provided by the client) |
-| vpc? | [ec2.IVpc](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.IVpc.html) | The VPC used by the construct (whether created by the construct or provided by the client) |
+| vpc? | [ec2.IVpc](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.IVpc.html) | The VPC used by the construct. |
 |apiGateway|[api.RestApi](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.RestApi.html)|Returns an instance of the API Gateway REST API created by the pattern.|
 |certificate|[certificatemanager.ICertificate](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-certificatemanager.ICertificate.html)| THe certificate used by the construct (whether create by the construct or provided by the client)
 
@@ -95,10 +102,11 @@ Out of the box implementation of the Construct without any override will set the
 
 ### Amazon API Gateway
 * User provided API Gateway object is used as-is
+* Sets up custom domain name mapping to API
 
 ## Architecture
 
 ![Architecture Diagram](architecture.png)
 
 ***
-&copy; Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+&copy; Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
@@ -1,5 +1,5 @@
 /**
- *  Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
  *  with the License. A copy of the License is located at
@@ -48,14 +48,14 @@ export interface Route53ToApiGatewayProps {
    */
   readonly existingHostedZoneInterface?: route53.IHostedZone,
   /**
-   * An existing VPC. Providing both this and vpcProps is an error. If an existing
-   * Private Hosted Zone is provided, this value must be the VPC associated with those resources.
+   * An existing VPC. If an existing Private Hosted Zone is provided,
+   * this value must be the VPC associated with those resources.
    *
    * @default - None
    */
   readonly existingVpc?: ec2.IVpc,
   /**
-   * The existing API Gateway instance that will be protected with the WAF web ACL.
+   * The existing API Gateway instance that will be protected with the Route 53 hosted zone.
    *
    * @default - None
    */
@@ -65,7 +65,7 @@ export interface Route53ToApiGatewayProps {
    *
    * @defualt - None
    */
-  readonly existingCertificateInterface?: certificatemanager.ICertificate;
+  readonly existingCertificateInterface: certificatemanager.ICertificate;
 }
 
 /**
@@ -88,6 +88,11 @@ export class Route53ToApiGateway extends Construct {
     super(scope, id);
     defaults.CheckProps(props);
 
+    // Certificate must already be issued when the user is bringing an existing one
+    // If you are using privateHostedZoneProps, the certificate must already be issued
+    // from a previous domain in order to be used in the newly created Private Hosted Zone.
+    this.certificate = props.existingCertificateInterface;
+
     if (props.existingVpc) {
       this.vpc = props.existingVpc;
     }
@@ -107,26 +112,22 @@ export class Route53ToApiGateway extends Construct {
         throw new Error('Public APIs require an existingHostedZone be passed in the Props object.');
       } else {
         if (!props.privateHostedZoneProps) {
-          throw new Error('Must supply privateHostedZoneProps to create a private API');
+          throw new Error('Must supply privateHostedZoneProps to create a private API.');
         }
         if (props.privateHostedZoneProps.vpc) {
-          throw new Error('All VPC specs must be provided at the Construct level in Route53ToApiGatewayProps');
+          throw new Error('All VPC specs must be provided at the Construct level in Route53ToApiGatewayProps.');
+        }
+        if (!props.privateHostedZoneProps.zoneName) {
+          throw new Error('Must supply zoneName for Private Hosted Zone Props.');
+        }
+        if ( !this.vpc ) {
+          throw new Error('Must supply an existing VPC for Private Hosted Zone Props.');
         }
         const manufacturedProps: route53.PrivateHostedZoneProps = defaults.overrideProps(props.privateHostedZoneProps, { vpc: this.vpc });
         this.hostedZone = new route53.PrivateHostedZone(this, `${id}-zone`, manufacturedProps);
       }
     }
 
-    // Create certificate and validate CNAME Record with DNS
-    if (props.existingCertificateInterface) { // Certificate must already be issued if user is bringing an existing one
-      this.certificate = props.existingCertificateInterface;
-    } else {
-      this.certificate = new certificatemanager.Certificate(this, 'Certificate', {
-        domainName: this.hostedZone.zoneName,
-        validation: certificatemanager.CertificateValidation.fromDns(this.hostedZone),
-      });
-    }
-
     // Convert IRestApi to RestApi
     this.apiGateway = props.existingApiGatewayInterface as api.RestApi;
 

@@ -57,7 +57,6 @@
     "@aws-cdk/aws-apigateway": "0.0.0",
     "@aws-cdk/aws-certificatemanager": "0.0.0",
     "@aws-cdk/core": "0.0.0",
-    "@aws-cdk/aws-lambda": "0.0.0",
     "@aws-cdk/aws-route53": "0.0.0",
     "@aws-cdk/aws-route53-targets": "0.0.0",
     "@aws-solutions-constructs/core": "0.0.0",