feat(route53): add SVCB and HTTPS resource record classes

[Tietew]

Issue # (if applicable)

Closes #34673.

Reason for this change

Route53 supports SVCB and HTTPS resource records and CDK also supports via route53.RecordType.SVCB and route53.RecordType.HTTPS.
https://aws.amazon.com/about-aws/whats-new/2024/10/amazon-route-53-https-sshfp-svcb-tlsa-dns-support/

HTTPS record can be an alias to CloudFront.
https://aws.amazon.com/about-aws/whats-new/2025/07/amazon-cloudfront-https-dns-records/

It's useful to make a resource class for HTTPS record like ARecord etc to ensure generating correct record values.

Currently, most common usage is to create an HTTPS ServiceMode record with ALPN parameter.

// Before
new route53.RecordSet(this, 'HttpsRecord', {
  zone,
  recordType: route53.RecordType.HTTPS,
  target: route53.RecordTarget.fromValues('1 . alpn="h3,h2"')],
});

// After
new route53.HttpsRecord(this, 'HttpsRecord', {
  zone,
  values: [route53.HttpsRecordValue.service({ alpn: [route53.Alpn.H3, route53.Alpn.H2] })],
});

SVCB and HTTPS have same representation format.
Therefore I added both record classes to share implementation.

Description of changes

Added SvcbRecord and HttpsRecord resource classes and corresponding types.
HttpsRecord also supports CloudFront alias target.

Usage

declare const zone: route53.IHostedZone;
declare const distribution: cloudfront.IDistribution;

// AliasMode (priority = 0)
new route53.HttpsRecord(this, 'HTTPS-AliasMode', {
  zone,
  values: [route53.HttpsRecordValue.alias('service.example.com')],
});

// ServiceMode (priority >= 1)
new route53.HttpsRecord(this, 'HTTPS-ServiceMode', {
  zone,
  values: [route53.HttpsRecordValue.service({ // All props are optional
    // SvcPriority - defaults to 1
    priority: 1,
    // TargetName - defaults to '.'
    targetName: '.',
    // SvcParam
    mandatory: [...],
    alpn: [...],
    port: ...,
    ipv4hint: [...],
    ipv6hint: [...],
  }),
});

// CloudFront alias target
new route53.HttpsRecord(this, 'HTTPS-CloudFrontAlias', {
  zone,
  target: route53.RecordTarget.fromAlias(new route53_targets.CloudFrontTarget(distribution)),
});

To define SVCB record, just replace Https to Svcb.
For details of each parameter, see RFC 9460.

Describe any new or updated permissions being added

N/A

Description of how you validated changes

Unit tests and integ test.

I've confirmed Route53 rejects undefined SvcParam keys such as key65444=ex2.

$ aws route53 change-resource-record-sets --hosted-zone-id XXXXXXXX --change-batch '{"Changes":[{"Action":"CREATE","ResourceRecordSet":{"Name":"example.com","Type":"SVCB","ResourceRecords":[{"Value":"1 . key65444=ex2"}],"TTL":1800}}]}'

An error occurred (InvalidChangeBatch) when calling the ChangeResourceRecordSets operation: [SVCB does not support undefined parameters.]

$ aws route53 change-resource-record-sets --hosted-zone-id XXXXXXXX --change-batch '{"Changes":[{"Action":"CREATE","ResourceRecordSet":{"Name":"example.com","Type":"HTTPS","ResourceRecords":[{"Value":"1 . key65444=ex2"}],"TTL":1800}}]}'

An error occurred (InvalidChangeBatch) when calling the ChangeResourceRecordSets operation: [HTTPS does not support undefined parameters.]

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[mwebber]

@Tietew it looks like this PR is pending for some reason. Are you able to re-run the checks (I guess if you rebase on main that will trigger it).

[Tietew]

CloudFront now supports HTTPS record
https://aws.amazon.com/about-aws/whats-new/2025/07/amazon-cloudfront-https-dns-records/
https://aws.amazon.com/blogs/networking-and-content-delivery/boost-application-performance-amazon-cloudfront-enables-https-record/

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 3accc4a
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[kumsmrit]

Thank you for your contribution

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

This pull request has been removed from the queue for the following reason: pull request branch update failed.

The pull request can't be updated.

You should update or rebase your pull request manually. If you do, this pull request will automatically be requeued once the queue conditions match again.
If you think this was a flaky issue, you can requeue the pull request, without updating it, by posting a @mergifyio requeue comment.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

Pull request has been modified.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.