fix(route53resolver): FirewallDomainList throws with wildcard domains (…

…#16538) Closes #16527 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Sep 21, 2021 · 643e5ee · 643e5ee
1 parent cdbd65d
commit 643e5ee
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/packages/@aws-cdk/aws-route53resolver/lib/firewall-domain-list.ts b/packages/@aws-cdk/aws-route53resolver/lib/firewall-domain-list.ts
@@ -45,8 +45,8 @@ export abstract class FirewallDomains {
    */
   public static fromList(list: string[]): FirewallDomains {
     for (const domain of list) {
-      if (!/^[\w-.]+$/.test(domain)) {
-        throw new Error(`Invalid domain: ${domain}. Valid characters: A-Z, a-z, 0-9, _, -, .`);
+      if (!/^([\w-.]{1,255}|\*[\w-.]{1,254})$/.test(domain)) {
+        throw new Error(`Invalid domain: ${domain}. Domain can optionally start with *. Max length of 255. Valid characters: A-Z, a-z, 0-9, _, -, .`);
       }
     }
 

diff --git a/packages/@aws-cdk/aws-route53resolver/test/firewall-domain-list.test.ts b/packages/@aws-cdk/aws-route53resolver/test/firewall-domain-list.test.ts
@@ -12,14 +12,19 @@ beforeEach(() => {
 test('domain list from strings', () => {
   // WHEN
   new FirewallDomainList(stack, 'List', {
-    domains: FirewallDomains.fromList(['first-domain.com', 'second-domain.net']),
+    domains: FirewallDomains.fromList([
+      'first-domain.com',
+      'second-domain.net',
+      '*.wildcard.com',
+    ]),
   });
 
   // THEN
   Template.fromStack(stack).hasResourceProperties('AWS::Route53Resolver::FirewallDomainList', {
     Domains: [
       'first-domain.com',
       'second-domain.net',
+      '*.wildcard.com',
     ],
   });
 });