From 643e5ee519095968a758942220f1e3a6c20f54b3 Mon Sep 17 00:00:00 2001
From: Jonathan Goldwasser <jogold@users.noreply.github.com>
Date: Tue, 21 Sep 2021 19:45:27 +0200
Subject: [PATCH] fix(route53resolver): FirewallDomainList throws with wildcard
 domains (#16538)

Closes #16527


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 .../aws-route53resolver/lib/firewall-domain-list.ts        | 4 ++--
 .../aws-route53resolver/test/firewall-domain-list.test.ts  | 7 ++++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/packages/@aws-cdk/aws-route53resolver/lib/firewall-domain-list.ts b/packages/@aws-cdk/aws-route53resolver/lib/firewall-domain-list.ts
index a6303b2c78114..80f211ab07f66 100644
--- a/packages/@aws-cdk/aws-route53resolver/lib/firewall-domain-list.ts
+++ b/packages/@aws-cdk/aws-route53resolver/lib/firewall-domain-list.ts
@@ -45,8 +45,8 @@ export abstract class FirewallDomains {
    */
   public static fromList(list: string[]): FirewallDomains {
     for (const domain of list) {
-      if (!/^[\w-.]+$/.test(domain)) {
-        throw new Error(`Invalid domain: ${domain}. Valid characters: A-Z, a-z, 0-9, _, -, .`);
+      if (!/^([\w-.]{1,255}|\*[\w-.]{1,254})$/.test(domain)) {
+        throw new Error(`Invalid domain: ${domain}. Domain can optionally start with *. Max length of 255. Valid characters: A-Z, a-z, 0-9, _, -, .`);
       }
     }
 
diff --git a/packages/@aws-cdk/aws-route53resolver/test/firewall-domain-list.test.ts b/packages/@aws-cdk/aws-route53resolver/test/firewall-domain-list.test.ts
index 3806a59c670ba..5eaef3352d702 100644
--- a/packages/@aws-cdk/aws-route53resolver/test/firewall-domain-list.test.ts
+++ b/packages/@aws-cdk/aws-route53resolver/test/firewall-domain-list.test.ts
@@ -12,7 +12,11 @@ beforeEach(() => {
 test('domain list from strings', () => {
   // WHEN
   new FirewallDomainList(stack, 'List', {
-    domains: FirewallDomains.fromList(['first-domain.com', 'second-domain.net']),
+    domains: FirewallDomains.fromList([
+      'first-domain.com',
+      'second-domain.net',
+      '*.wildcard.com',
+    ]),
   });
 
   // THEN
@@ -20,6 +24,7 @@ test('domain list from strings', () => {
     Domains: [
       'first-domain.com',
       'second-domain.net',
+      '*.wildcard.com',
     ],
   });
 });