feat(route53-targets): enhance LoadBalancerTarget to support IPv4-only and dual-stack NLBs with appropriate DNS naming

Author: pahud

packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.nlb-alias-target.ts

@@ -0,0 +1,62 @@
+#!/usr/bin/env node
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
+import * as route53 from 'aws-cdk-lib/aws-route53';
+import * as cdk from 'aws-cdk-lib';
+import * as targets from 'aws-cdk-lib/aws-route53-targets';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'aws-cdk-nlb-integ');
+
+const vpc = new ec2.Vpc(stack, 'VPC', {
+  maxAzs: 2,
+  restrictDefaultSecurityGroup: false,
+});
+
+// IPv4-only NLB (default)
+const ipv4Nlb = new elbv2.NetworkLoadBalancer(stack, 'IPv4NLB', {
+  vpc,
+  internetFacing: true,
+  // ipAddressType defaults to IPv4
+});
+
+// Dual-stack NLB
+const dualStackNlb = new elbv2.NetworkLoadBalancer(stack, 'DualStackNLB', {
+  vpc,
+  internetFacing: true,
+  ipAddressType: elbv2.IpAddressType.DUAL_STACK,
+});
+
+const zone = new route53.PublicHostedZone(stack, 'HostedZone', { zoneName: 'test.public' });
+
+// IPv4-only NLB alias record (should NOT have dualstack prefix)
+new route53.ARecord(zone, 'IPv4NLBAlias', {
+  zone,
+  recordName: 'ipv4-nlb',
+  target: route53.RecordTarget.fromAlias(new targets.LoadBalancerTarget(ipv4Nlb)),
+});
+
+// Dual-stack NLB alias record (should have dualstack prefix)
+new route53.ARecord(zone, 'DualStackNLBAlias', {
+  zone,
+  recordName: 'dualstack-nlb',
+  target: route53.RecordTarget.fromAlias(new targets.LoadBalancerTarget(dualStackNlb)),
+});
+
+// IPv4-only NLB with health check
+new route53.ARecord(stack, 'IPv4NLBAliasWithHealthCheck', {
+  zone,
+  recordName: 'ipv4-nlb-health',
+  target: route53.RecordTarget.fromAlias(
+    new targets.LoadBalancerTarget(ipv4Nlb, {
+      evaluateTargetHealth: true,
+    }),
+  ),
+});
+
+new IntegTest(app, 'nlb-alias-target', {
+  testCases: [stack],
+});
+
+app.synth();

packages/aws-cdk-lib/aws-route53-targets/lib/load-balancer-target.ts

@@ -11,8 +11,32 @@ export class LoadBalancerTarget implements route53.IAliasRecordTarget {
   public bind(_record: route53.IRecordSet, _zone?: route53.IHostedZone): route53.AliasRecordTargetConfig {
     return {
       hostedZoneId: this.loadBalancer.loadBalancerCanonicalHostedZoneId,
-      dnsName: `dualstack.${this.loadBalancer.loadBalancerDnsName}`,
+      dnsName: this.getDnsName(),
       evaluateTargetHealth: this.props?.evaluateTargetHealth,
     };
   }
+
+  private getDnsName(): string {
+    // Check if this is a Network Load Balancer with IPv4-only addressing
+    if (this.isNetworkLoadBalancer() && this.isIpv4Only()) {
+      // IPv4-only NLB - no dualstack prefix needed
+      return this.loadBalancer.loadBalancerDnsName;
+    }
+    
+    // For ALBs and dual-stack NLBs, use dualstack prefix for backward compatibility
+    return `dualstack.${this.loadBalancer.loadBalancerDnsName}`;
+  }
+
+  private isNetworkLoadBalancer(): boolean {
+    // Check if this has the NLB-specific properties/methods
+    // NLBs have addListener method that returns NetworkListener, ALBs return ApplicationListener
+    // We'll use a duck-typing approach by checking the constructor name
+    return this.loadBalancer.constructor.name === 'NetworkLoadBalancer' || 
+           this.loadBalancer.constructor.name === 'LookedUpNetworkLoadBalancer';
+  }
+
+  private isIpv4Only(): boolean {
+    const ipAddressType = (this.loadBalancer as any).ipAddressType;
+    return ipAddressType === elbv2.IpAddressType.IPV4 || ipAddressType === undefined;
+  }
 }

packages/aws-cdk-lib/aws-route53-targets/test/load-balancer-target.test.ts

@@ -65,3 +65,93 @@ test('use ALB as record target with health check', () => {
     },
   });
 });
+
+test('use IPv4-only NLB as record target', () => {
+  // GIVEN
+  const stack = new Stack();
+  const vpc = new ec2.Vpc(stack, 'VPC', {
+    maxAzs: 2,
+  });
+  const lb = new elbv2.NetworkLoadBalancer(stack, 'NLB', {
+    vpc,
+    internetFacing: true,
+    ipAddressType: elbv2.IpAddressType.IPV4,
+  });
+
+  const zone = new route53.PublicHostedZone(stack, 'HostedZone', { zoneName: 'test.public' });
+
+  // WHEN
+  new route53.ARecord(zone, 'Alias', {
+    zone,
+    recordName: '_foo',
+    target: route53.RecordTarget.fromAlias(new targets.LoadBalancerTarget(lb)),
+  });
+
+  // THEN - IPv4-only NLB should NOT use dualstack prefix
+  Template.fromStack(stack).hasResourceProperties('AWS::Route53::RecordSet', {
+    AliasTarget: {
+      DNSName: { 'Fn::GetAtt': ['NLB55158F82', 'DNSName'] },
+      HostedZoneId: { 'Fn::GetAtt': ['NLB55158F82', 'CanonicalHostedZoneID'] },
+    },
+  });
+});
+
+test('use dual-stack NLB as record target', () => {
+  // GIVEN
+  const stack = new Stack();
+  const vpc = new ec2.Vpc(stack, 'VPC', {
+    maxAzs: 2,
+  });
+  const lb = new elbv2.NetworkLoadBalancer(stack, 'NLB', {
+    vpc,
+    internetFacing: true,
+    ipAddressType: elbv2.IpAddressType.DUAL_STACK,
+  });
+
+  const zone = new route53.PublicHostedZone(stack, 'HostedZone', { zoneName: 'test.public' });
+
+  // WHEN
+  new route53.ARecord(zone, 'Alias', {
+    zone,
+    recordName: '_foo',
+    target: route53.RecordTarget.fromAlias(new targets.LoadBalancerTarget(lb)),
+  });
+
+  // THEN - Dual-stack NLB should use dualstack prefix
+  Template.fromStack(stack).hasResourceProperties('AWS::Route53::RecordSet', {
+    AliasTarget: {
+      DNSName: { 'Fn::Join': ['', ['dualstack.', { 'Fn::GetAtt': ['NLB55158F82', 'DNSName'] }]] },
+      HostedZoneId: { 'Fn::GetAtt': ['NLB55158F82', 'CanonicalHostedZoneID'] },
+    },
+  });
+});
+
+test('use default NLB as record target (should be IPv4-only)', () => {
+  // GIVEN
+  const stack = new Stack();
+  const vpc = new ec2.Vpc(stack, 'VPC', {
+    maxAzs: 2,
+  });
+  const lb = new elbv2.NetworkLoadBalancer(stack, 'NLB', {
+    vpc,
+    internetFacing: true,
+    // ipAddressType not specified - defaults to IPv4
+  });
+
+  const zone = new route53.PublicHostedZone(stack, 'HostedZone', { zoneName: 'test.public' });
+
+  // WHEN
+  new route53.ARecord(zone, 'Alias', {
+    zone,
+    recordName: '_foo',
+    target: route53.RecordTarget.fromAlias(new targets.LoadBalancerTarget(lb)),
+  });
+
+  // THEN - Default NLB should NOT use dualstack prefix
+  Template.fromStack(stack).hasResourceProperties('AWS::Route53::RecordSet', {
+    AliasTarget: {
+      DNSName: { 'Fn::GetAtt': ['NLB55158F82', 'DNSName'] },
+      HostedZoneId: { 'Fn::GetAtt': ['NLB55158F82', 'CanonicalHostedZoneID'] },
+    },
+  });
+});