feat(route53): add failover routing policy support

Author: 0xdsqr

packages/aws-cdk-lib/aws-route53/lib/record-set.ts

@@ -166,6 +166,24 @@ export enum RecordType {
   TXT = 'TXT',
 }
 
+/**
+ * The failvoer policy.
+ * @see https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-failover.html
+ */
+export enum Failover {
+  /**
+   * The primary resource record set determines how Route 53 responds to DNS queries when
+   * the primary resource is healthy.
+   */
+  PRIMARY = 'PRIMARY',
+
+  /**
+   * The secondary resource record set determines how Route 53 responds to DNS queries when
+   * the primary resource is unhealthy.
+   */
+  SECONDARY = 'SECONDARY',
+}
+
 /**
  * Options for a RecordSet.
  */
@@ -289,6 +307,20 @@ export interface RecordSetOptions {
    * @default - No CIDR routing configured
    */
   readonly cidrRoutingConfig?: CidrRoutingConfig;
+
+  /**
+   * Failover configuration for the record set.
+   *
+   * To configure failover, you add the Failover element to two resource record sets.
+   * For one resource record set, you specify PRIMARY as the value for Failover;
+   * for the other resource record set, you specify SECONDARY.
+   *
+   * You must also include the HealthCheckId element for PRIMARY configurations.
+   *
+   * @default - No failover configuration
+   * @see https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-failover.html
+   */
+  readonly failover?: Failover;
 }
 
 /**
@@ -353,6 +385,7 @@ export class RecordSet extends Resource implements IRecordSet {
   private readonly weight?: number;
   private readonly region?: string;
   private readonly multiValueAnswer?: boolean;
+  private readonly failover?: Failover;
 
   constructor(scope: Construct, id: string, props: RecordSetProps) {
     super(scope, id);
@@ -372,22 +405,36 @@ export class RecordSet extends Resource implements IRecordSet {
     if (props.multiValueAnswer && props.target.aliasTarget) {
       throw new ValidationError('multiValueAnswer cannot be specified for alias record', this);
     }
+    if (props.failover && props.multiValueAnswer) {
+      throw new ValidationError('Cannot use both failover and multiValueAnswer routing policies', this);
+    }
+    if (props.failover === Failover.PRIMARY && !props.healthCheck) {
+      Annotations.of(this).addWarningV2('@aws-cdk/aws-route53:primaryFailoverHealthCheck', 'PRIMARY failover record sets should include a health check for proper failover behavior');
+    }
+    if (props.failover && props.target.aliasTarget) {
+      const aliasTargetConfig = props.target.aliasTarget.bind(this, props.zone);
+      if (aliasTargetConfig && aliasTargetConfig.evaluateTargetHealth !== true) {
+        Annotations.of(this).addWarningV2('@aws-cdk/aws-route53:failoverAliasEvaluateTargetHealth', 'Failover alias record sets should include EvaluateTargetHealth = true for proper failover behavior.');
+      }
+    }
 
     const nonSimpleRoutingPolicies = [
       props.geoLocation,
       props.region,
       props.weight,
       props.multiValueAnswer,
       props.cidrRoutingConfig,
+      props.failover, // ADD THIS
     ].filter((variable) => variable !== undefined).length;
     if (nonSimpleRoutingPolicies > 1) {
-      throw new ValidationError('Only one of region, weight, multiValueAnswer, geoLocation or cidrRoutingConfig can be defined', this);
+      throw new ValidationError('Only one of region, weight, multiValueAnswer, geoLocation, cidrRoutingConfig, or failover can be defined', this);
     }
 
     this.geoLocation = props.geoLocation;
     this.weight = props.weight;
     this.region = props.region;
     this.multiValueAnswer = props.multiValueAnswer;
+    this.failover = props.failover;
 
     const ttl = props.target.aliasTarget ? undefined : ((props.ttl && props.ttl.toSeconds()) ?? 1800).toString();
     if (props.target.aliasTarget && props.ttl != undefined) {
@@ -415,6 +462,7 @@ export class RecordSet extends Resource implements IRecordSet {
       region: props.region,
       healthCheckId: props.healthCheck?.healthCheckId,
       cidrRoutingConfig: props.cidrRoutingConfig,
+      failover: props.failover,
     });
 
     this.domainName = recordSet.ref;
@@ -462,6 +510,11 @@ export class RecordSet extends Resource implements IRecordSet {
   }
 
   private configureSetIdentifier(): string | undefined {
+    if (this.failover) {
+      const idPrefix = `FAILOVER_${this.failover}_ID_`;
+      return this.createIdentifier(idPrefix);
+    }
+
     if (this.geoLocation) {
       let identifier = 'GEO';
       if (this.geoLocation.continentCode) {
@@ -1377,3 +1430,4 @@ export class CrossAccountZoneDelegationRecord extends Construct {
     }
   }
 }
+

packages/aws-cdk-lib/aws-route53/test/record-set.test.ts

@@ -1,5 +1,5 @@
 import { testDeprecated } from '@aws-cdk/cdk-build-tools';
-import { Annotations, Template } from '../../assertions';
+import { Annotations, Template, Match } from '../../assertions';
 import * as cloudfront from '../../aws-cloudfront';
 import * as origins from '../../aws-cloudfront-origins';
 import * as iam from '../../aws-iam';
@@ -1733,7 +1733,7 @@ describe('record set', () => {
       target: route53.RecordTarget.fromValues('zzz'),
       setIdentifier: 'uniqueId',
       ...props,
-    })).toThrow('Only one of region, weight, multiValueAnswer, geoLocation or cidrRoutingConfig can be defined');
+    })).toThrow('Only one of region, weight, multiValueAnswer, geoLocation, cidrRoutingConfig, or failover can be defined');
   });
 
   test('throw error for the definition of setIdentifier without weight, geoLocation or region', () => {
@@ -1803,4 +1803,115 @@ describe('record set', () => {
       multiValueAnswer: true,
     })).toThrow('multiValueAnswer cannot be specified for alias record');
   });
+
+  test('A record with PRIMARY failover and health check', () => {
+    // GIVEN
+    const stack = new Stack();
+    const zone = new route53.HostedZone(stack, 'HostedZone', { zoneName: 'myzone' });
+
+    const healthCheck = new route53.HealthCheck(stack, 'HealthCheck', {
+      type: route53.HealthCheckType.HTTP,
+      fqdn: 'example.com',
+    });
+
+    // WHEN
+    new route53.ARecord(stack, 'PrimaryFailover', {
+      zone,
+      recordName: 'www',
+      target: route53.RecordTarget.fromIpAddresses('1.2.3.4'),
+      failover: route53.Failover.PRIMARY,
+      healthCheck,
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties('AWS::Route53::RecordSet', {
+      Failover: 'PRIMARY',
+      HealthCheckId: stack.resolve(healthCheck.healthCheckId),
+      SetIdentifier: 'FAILOVER_PRIMARY_ID_PrimaryFailover',
+    });
+  });
+
+  test('A record with SECONDARY failover and no health check', () => {
+    // GIVEN
+    const stack = new Stack();
+    const zone = new route53.HostedZone(stack, 'HostedZone', { zoneName: 'myzone' });
+
+    // WHEN
+    new route53.ARecord(stack, 'SecondaryFailover', {
+      zone,
+      recordName: 'backup',
+      target: route53.RecordTarget.fromIpAddresses('5.6.7.8'),
+      failover: route53.Failover.SECONDARY,
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties('AWS::Route53::RecordSet', {
+      Failover: 'SECONDARY',
+      SetIdentifier: 'FAILOVER_SECONDARY_ID_SecondaryFailover',
+    });
+  });
+
+  test('warns when PRIMARY failover has no health check', () => {
+    // GIVEN
+    const stack = new Stack();
+    const zone = new route53.HostedZone(stack, 'HostedZone', { zoneName: 'myzone' });
+
+    // WHEN
+    new route53.ARecord(stack, 'PrimaryFailover', {
+      zone,
+      recordName: 'www',
+      target: route53.RecordTarget.fromIpAddresses('1.2.3.4'),
+      failover: route53.Failover.PRIMARY,
+    });
+
+    // THEN
+    Annotations.fromStack(stack).hasWarning(
+      '*',
+      Match.stringLikeRegexp('PRIMARY failover record sets should include a health check'),
+    );
+  });
+
+  test('warns when failover alias target does not set EvaluateTargetHealth=true', () => {
+    // GIVEN
+    const stack = new Stack();
+    const zone = new route53.HostedZone(stack, 'HostedZone', { zoneName: 'myzone' });
+
+    const target: route53.IAliasRecordTarget = {
+      bind: () => ({
+        hostedZoneId: 'Z111',
+        dnsName: 'alias.example.com',
+        evaluateTargetHealth: false,
+      }),
+    };
+
+    // WHEN
+    new route53.ARecord(stack, 'AliasFailover', {
+      zone,
+      recordName: 'www',
+      target: route53.RecordTarget.fromAlias(target),
+      failover: route53.Failover.PRIMARY,
+    });
+
+    // THEN
+    Annotations.fromStack(stack).hasWarning(
+      '*',
+      Match.stringLikeRegexp('Failover alias record sets should include EvaluateTargetHealth'),
+    );
+  });
+
+  test('throws when failover is combined with another routing policy', () => {
+    // GIVEN
+    const stack = new Stack();
+    const zone = new route53.HostedZone(stack, 'HostedZone', { zoneName: 'myzone' });
+
+    // THEN
+    expect(() => new route53.ARecord(stack, 'InvalidFailover', {
+      zone,
+      recordName: 'www',
+      target: route53.RecordTarget.fromIpAddresses('1.2.3.4'),
+      failover: route53.Failover.PRIMARY,
+      weight: 10,
+    })).toThrow('Only one of region, weight, multiValueAnswer, geoLocation, cidrRoutingConfig, or failover can be defined');
+  });
+
 });