fix: ssm path with too large response

src/ApiStage.ts

@@ -40,7 +40,7 @@ export class ApiStage extends Stage {
 
     // Only deploy DNSSEC on accp and prod
     if (props.branch != 'development') {
-      const dnssecStack = new DNSSECStack(this, 'dnssec-stack', { branch: props.branch, env: { region: 'us-east-1' } });
+      const dnssecStack = new DNSSECStack(this, 'dnssec-stack', { env: { region: 'us-east-1' } });
       dnssecStack.addDependency(dnsStack);
     }
 

src/DNSSECStack.ts

@@ -3,10 +3,6 @@ import { RemoteParameters } from 'cdk-remote-stack';
 import { Construct } from 'constructs';
 import { Statics } from './statics';
 
-export interface DNSSECStackProps extends StackProps {
-  branch: string;
-}
-
 export class DNSSECStack extends Stack {
   /**
      * Add DNSSEC using a new KMS key to the domain.
@@ -18,12 +14,12 @@ export class DNSSECStack extends Stack {
      * @param id stack id
      * @param props props object
      */
-  constructor(scope: Construct, id: string, props: DNSSECStackProps) {
+  constructor(scope: Construct, id: string, props: StackProps) {
     super(scope, id, props);
-    this.setDNSSEC(props);
+    this.setDNSSEC();
   }
 
-  setDNSSEC(props: DNSSECStackProps) {
+  setDNSSEC() {
 
     const parameters = new RemoteParameters(this, 'params', {
       path: Statics.ssmZonePath,
@@ -35,31 +31,15 @@ export class DNSSECStack extends Stack {
       hostedZoneId: zoneId,
     });
 
-    /**
-     * New ksk in prod only
-     */
-    if (props.branch === 'production') {
-      // Production KSK
-      const accountKmsKeyArnForDnsSec = SSM.StringParameter.valueForStringParameter(this, Statics.ssmAccountDnsSecKmsKey);
-      const dnssecKeySigningNew = new Route53.CfnKeySigningKey(this, 'dnssec-keysigning-key', {
-        name: 'irma_issue_key_signing_key',
-        status: 'ACTIVE',
-        hostedZoneId: zoneId,
-        keyManagementServiceArn: accountKmsKeyArnForDnsSec,
-      });
-      dnssec.node.addDependency(dnssecKeySigningNew);
-    } else {
-      // Acceptance KSK
-      const accountDnssecKmsKeyArn = SSM.StringParameter.valueForStringParameter(this, Statics.ssmAccountDnsSecKmsKey);
-      const dnssecKeySigning = new Route53.CfnKeySigningKey(this, 'dnssec-keysigning-key-2', {
-        name: 'irma_issue_ksk',
-        status: 'ACTIVE',
-        hostedZoneId: zoneId,
-        keyManagementServiceArn: accountDnssecKmsKeyArn,
-      });
-      dnssec.node.addDependency(dnssecKeySigning);
-    }
-
+    // KSK
+    const accountDnssecKmsKeyArn = SSM.StringParameter.valueForStringParameter(this, Statics.ssmAccountDnsSecKmsKey);
+    const dnssecKeySigning = new Route53.CfnKeySigningKey(this, 'dnssec-keysigning-key-2', {
+      name: 'irma_issue_ksk',
+      status: 'ACTIVE',
+      hostedZoneId: zoneId,
+      keyManagementServiceArn: accountDnssecKmsKeyArn,
+    });
+    dnssec.node.addDependency(dnssecKeySigning);
 
   }
 

src/statics.ts

@@ -79,9 +79,9 @@ export abstract class Statics {
    * Route53 Zone ID and name for the zone for IRMA issue app. decouples stacks to not pass
    * the actual zone between stacks. This param is set by DNSStack and should not be modified after.
    */
-  static readonly ssmZonePath: string = '/cdk/irma-issue-app/';
-  static readonly ssmZoneId: string = '/cdk/irma-issue-app/zone-id';
-  static readonly ssmZoneName: string = '/cdk/irma-issue-app/zone-name';
+  static readonly ssmZonePath: string = '/cdk/irma-issue-app/zone';
+  static readonly ssmZoneId: string = '/cdk/irma-issue-app/zone/id';
+  static readonly ssmZoneName: string = '/cdk/irma-issue-app/zone/name';
 
   static readonly certificatePath: string = '/cdk/irma-issue-app/certificates';
   static readonly certificateArn: string = '/cdk/irma-issue-app/certificates/certificate-arn';