in cli/src/pcluster/templates/slurm_builder.py [0:0]
def _add_private_hosted_zone(self):
if self._condition_custom_cluster_dns():
hosted_zone_id = self.config.scheduling.settings.dns.hosted_zone_id
cluster_hosted_zone = CustomDns(ref=hosted_zone_id, name=self.cluster_dns_domain.value_as_string)
else:
cluster_hosted_zone = route53.CfnHostedZone(
self.stack_scope,
"Route53HostedZone",
name=self.cluster_dns_domain.value_as_string,
vpcs=[route53.CfnHostedZone.VPCProperty(vpc_id=self.config.vpc_id, vpc_region=self._stack_region)],
)
# If Headnode InstanceRole is created by ParallelCluster, add Route53 policy for InstanceRole
if self.managed_head_node_instance_role:
_, policy_name = add_cluster_iam_resource_prefix(
self.config.cluster_name, self.config, "parallelcluster-slurm-route53", iam_type="AWS::IAM::Policy"
)
iam.CfnPolicy(
self.stack_scope,
"ParallelClusterSlurmRoute53Policies",
policy_name=policy_name or "parallelcluster-slurm-route53",
policy_document=iam.PolicyDocument(
statements=[
iam.PolicyStatement(
sid="Route53Add",
effect=iam.Effect.ALLOW,
actions=["route53:ChangeResourceRecordSets"],
resources=[
self._format_arn(
service="route53",
region="",
account="",
resource=f"hostedzone/{cluster_hosted_zone.ref}",
),
],
),
]
),
roles=[self.managed_head_node_instance_role.ref],
)
cleanup_route53_lambda_execution_role = None
if self.cleanup_lambda_role:
cleanup_route53_lambda_execution_role = add_lambda_cfn_role(
scope=self.stack_scope,
config=self.config,
function_id="CleanupRoute53",
statements=[
iam.PolicyStatement(
actions=["route53:ListResourceRecordSets", "route53:ChangeResourceRecordSets"],
effect=iam.Effect.ALLOW,
resources=[
self._format_arn(
service="route53",
region="",
account="",
resource=f"hostedzone/{cluster_hosted_zone.ref}",
),
],
sid="Route53DeletePolicy",
),
get_cloud_watch_logs_policy_statement(
resource=self._format_arn(
service="logs",
account=self._stack_account,
region=self._stack_region,
resource=get_lambda_log_group_prefix("CleanupRoute53-*"),
)
),
],
has_vpc_config=self.config.lambda_functions_vpc_config,
)
cleanup_route53_lambda = PclusterLambdaConstruct(
scope=self.stack_scope,
id="CleanupRoute53FunctionConstruct",
function_id="CleanupRoute53",
bucket=self.bucket,
config=self.config,
execution_role=(
cleanup_route53_lambda_execution_role.attr_arn
if cleanup_route53_lambda_execution_role
else self.config.iam.roles.lambda_functions_role
),
handler_func="cleanup_resources",
).lambda_func
self.cleanup_route53_custom_resource = CfnCustomResource(
self.stack_scope,
"CleanupRoute53CustomResource",
service_token=cleanup_route53_lambda.attr_arn,
)
self.cleanup_route53_custom_resource.add_property_override("ClusterHostedZone", cluster_hosted_zone.ref)
self.cleanup_route53_custom_resource.add_property_override("Action", "DELETE_DNS_RECORDS")
self.cleanup_route53_custom_resource.add_property_override("ClusterDNSDomain", cluster_hosted_zone.name)
CfnOutput(
self.stack_scope,
"ClusterHostedZone",
description="Id of the private hosted zone created within the cluster",
value=cluster_hosted_zone.ref,
)
return cluster_hosted_zone