route53: Add Support for HTTPSRecord

[WtfJoke]

Describe the feature

A construct for creating HTTPS DNS Record (like we have for ARecord).

Instead of (forced) fallbacking to the L1 (Cfn) Construct

new CfnRecordSet(this, "FavorHttp3HttpsRecord", {
            comment: "Favor HTTP/3.",
            hostedZoneId: someHostedZoneId,
            name: someDomainName,
            type: "HTTPS",
            resourceRecords: ['1 . alpn="h2,h3"'],
            ttl: Duration.days(1).toSeconds().toString(),
});

We could have an assisted L2 Construct

new HttpsRecord(this, "FavorHttp3HttpsRecord", {
            comment: "Favor HTTP/3.",
            hostedZoneId: someHostedZoneId,
            name: someDomainName,
            svc: { // could also be svcPriority and svcParams instead of nesting
              prority: 1,
              params: {
                  alpn: [ALPN.HTTP2, ALPN.HTTP3]
              }
            },
            ttl: Duration.days(1).toSeconds().toString(),
});

Use Case

To improve performance of website, we can use HTTP3. When enabled HTTP3, browsers still make the first connection (or many in case of parallel requests) to the server with a lower protocol version like HTTP/2 since they don't know if HTTP/3 is supported. The server then announces the support with an Alt-Svc response header. Only subsequent requests will happen via HTTP/3. This is unnecessary and introduces latency, see also here for a nice description.
The HTTPS DNS Resource Record (as special form of the SVCB RR) is an official standard by now (RFC 9460 Sec. 9). The record looks like this:

Proposed Solution

new HttpsRecord(this, "FavorHttp3HttpsRecord", {
            comment: "Favor HTTP/3.",
            hostedZoneId: someHostedZoneId,
            name: someDomainName,
            svc: { // could also be svcPriority and svcParams instead of nesting
              prority: 1,
              params: {
                  alpn: [ALPN.HTTP2, ALPN.HTTP3]
              }
            },
            ttl: Duration.days(1).toSeconds().toString(),
});

Other Information

Possible svcparams: https://www.iana.org/assignments/dns-svcb/dns-svcb.xhtml

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

AWS CDK Library version (aws-cdk-lib)

2.193.0

AWS CDK CLI version

2.1013.0

Environment details (OS name and version, etc.)

windows 11, wsl ubuntu

[ykethan]

Hey @WtfJoke, thank you for reaching and providing this detailed information.
From the following document the feature would make a great addition to CDK.

• AWS Route 53 HTTPS Record Documentation
• AWS CloudFormation Route53 RecordSet
• RFC 9460 - Service Binding and Parameter Specification
• CDK Route53 Module README

with AWS Route 53 CloudFormation does appear to support - HTTPS is listed as valid for:

• Basic resource record sets: A | AAAA | CAA | CNAME | DS | MX | NAPTR | NS | PTR | SOA | SPF | SRV | TXT | TLSA | SSHFP | SVCB | HTTPS
• Weighted, latency, geolocation, failover routing: HTTPS
• Multivalue answer routing: HTTPS

We welcome community contributions. If you are interested in implementing this do refer to the CDK contribution readme for additional information.

[dennis-grunert]

Please also support the new aliasing feature to CloudFront for the HTTPS record that AWS announced yesterday.