From 99097882c7244ae7c38e7b4431cefd620b73b62f Mon Sep 17 00:00:00 2001 From: Marnix Dessing Date: Thu, 13 Oct 2022 13:43:26 +0200 Subject: [PATCH] fix: ssm path with too large response --- src/ApiStage.ts | 2 +- src/DNSSECStack.ts | 44 ++++++++++++-------------------------------- src/statics.ts | 6 +++--- 3 files changed, 16 insertions(+), 36 deletions(-) diff --git a/src/ApiStage.ts b/src/ApiStage.ts index 2f7079f4..180cacbf 100644 --- a/src/ApiStage.ts +++ b/src/ApiStage.ts @@ -40,7 +40,7 @@ export class ApiStage extends Stage { // Only deploy DNSSEC on accp and prod if (props.branch != 'development') { - const dnssecStack = new DNSSECStack(this, 'dnssec-stack', { branch: props.branch, env: { region: 'us-east-1' } }); + const dnssecStack = new DNSSECStack(this, 'dnssec-stack', { env: { region: 'us-east-1' } }); dnssecStack.addDependency(dnsStack); } diff --git a/src/DNSSECStack.ts b/src/DNSSECStack.ts index ca0ad256..a25dc639 100644 --- a/src/DNSSECStack.ts +++ b/src/DNSSECStack.ts @@ -3,10 +3,6 @@ import { RemoteParameters } from 'cdk-remote-stack'; import { Construct } from 'constructs'; import { Statics } from './statics'; -export interface DNSSECStackProps extends StackProps { - branch: string; -} - export class DNSSECStack extends Stack { /** * Add DNSSEC using a new KMS key to the domain. @@ -18,12 +14,12 @@ export class DNSSECStack extends Stack { * @param id stack id * @param props props object */ - constructor(scope: Construct, id: string, props: DNSSECStackProps) { + constructor(scope: Construct, id: string, props: StackProps) { super(scope, id, props); - this.setDNSSEC(props); + this.setDNSSEC(); } - setDNSSEC(props: DNSSECStackProps) { + setDNSSEC() { const parameters = new RemoteParameters(this, 'params', { path: Statics.ssmZonePath, @@ -35,31 +31,15 @@ export class DNSSECStack extends Stack { hostedZoneId: zoneId, }); - /** - * New ksk in prod only - */ - if (props.branch === 'production') { - // Production KSK - const accountKmsKeyArnForDnsSec = SSM.StringParameter.valueForStringParameter(this, Statics.ssmAccountDnsSecKmsKey); - const dnssecKeySigningNew = new Route53.CfnKeySigningKey(this, 'dnssec-keysigning-key', { - name: 'irma_issue_key_signing_key', - status: 'ACTIVE', - hostedZoneId: zoneId, - keyManagementServiceArn: accountKmsKeyArnForDnsSec, - }); - dnssec.node.addDependency(dnssecKeySigningNew); - } else { - // Acceptance KSK - const accountDnssecKmsKeyArn = SSM.StringParameter.valueForStringParameter(this, Statics.ssmAccountDnsSecKmsKey); - const dnssecKeySigning = new Route53.CfnKeySigningKey(this, 'dnssec-keysigning-key-2', { - name: 'irma_issue_ksk', - status: 'ACTIVE', - hostedZoneId: zoneId, - keyManagementServiceArn: accountDnssecKmsKeyArn, - }); - dnssec.node.addDependency(dnssecKeySigning); - } - + // KSK + const accountDnssecKmsKeyArn = SSM.StringParameter.valueForStringParameter(this, Statics.ssmAccountDnsSecKmsKey); + const dnssecKeySigning = new Route53.CfnKeySigningKey(this, 'dnssec-keysigning-key-2', { + name: 'irma_issue_ksk', + status: 'ACTIVE', + hostedZoneId: zoneId, + keyManagementServiceArn: accountDnssecKmsKeyArn, + }); + dnssec.node.addDependency(dnssecKeySigning); } diff --git a/src/statics.ts b/src/statics.ts index b26917cb..281dcb20 100644 --- a/src/statics.ts +++ b/src/statics.ts @@ -79,9 +79,9 @@ export abstract class Statics { * Route53 Zone ID and name for the zone for IRMA issue app. decouples stacks to not pass * the actual zone between stacks. This param is set by DNSStack and should not be modified after. */ - static readonly ssmZonePath: string = '/cdk/irma-issue-app/'; - static readonly ssmZoneId: string = '/cdk/irma-issue-app/zone-id'; - static readonly ssmZoneName: string = '/cdk/irma-issue-app/zone-name'; + static readonly ssmZonePath: string = '/cdk/irma-issue-app/zone'; + static readonly ssmZoneId: string = '/cdk/irma-issue-app/zone/id'; + static readonly ssmZoneName: string = '/cdk/irma-issue-app/zone/name'; static readonly certificatePath: string = '/cdk/irma-issue-app/certificates'; static readonly certificateArn: string = '/cdk/irma-issue-app/certificates/certificate-arn';