fix(route53): delete old NS records on cross-account delegation renaming (#21249) (#27523)

…ing (#21249)

Improve the `CustomResource` implementation that manages the `Route53`'s `NS` Records on the Account that host the parent `HostedZone` to consider renaming cases in which updates and deletes are both required.

Closes #21249.

This is related to #25285

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: garciparedes

packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a/__entrypoint__.js renamed to packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.5f9b7d5ffbc596240b39dea7604f015f4d3a569311376cd1d6542ced29be4f87/__entrypoint__.js

@@ -103,7 +103,7 @@
    "Properties": {
     "Code": {
      "S3Bucket": "cdk-hnb659fds-assets-234567890123-af-south-1",
-     "S3Key": "8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a.zip"
+     "S3Key": "5f9b7d5ffbc596240b39dea7604f015f4d3a569311376cd1d6542ced29be4f87.zip"
     },
     "Timeout": 900,
     "MemorySize": 128,

packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.5f9b7d5ffbc596240b39dea7604f015f4d3a569311376cd1d6542ced29be4f87/index.js

@@ -103,7 +103,7 @@
    "Properties": {
     "Code": {
      "S3Bucket": "cdk-hnb659fds-assets-234567890123-us-east-1",
-     "S3Key": "8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a.zip"
+     "S3Key": "5f9b7d5ffbc596240b39dea7604f015f4d3a569311376cd1d6542ced29be4f87.zip"
     },
     "Timeout": 900,
     "MemorySize": 128,

packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a/index.js

@@ -0,0 +1,158 @@
+{
+ "Resources": {
+  "NewSubZone1DFF192F": {
+   "Type": "AWS::Route53::HostedZone",
+   "Properties": {
+    "Name": "new.uniqueexample.com."
+   }
+  },
+  "delegatecrossaccountzonedelegationhandlerrolePolicychildstackdelegatecrossaccountzonedelegationhandlerroleCB13E48E86169197": {
+   "Type": "AWS::IAM::Policy",
+   "Properties": {
+    "PolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Resource": "arn:aws:iam::12345678:role/MyUniqueDelegationRole"
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "PolicyName": "PolicychildstackdelegatecrossaccountzonedelegationhandlerroleCB13E48E",
+    "Roles": [
+     {
+      "Fn::Select": [
+       1,
+       {
+        "Fn::Split": [
+         "/",
+         {
+          "Fn::Select": [
+           5,
+           {
+            "Fn::Split": [
+             ":",
+             {
+              "Fn::GetAtt": [
+               "CustomCrossAccountZoneDelegationCustomResourceProviderRoleED64687B",
+               "Arn"
+              ]
+             }
+            ]
+           }
+          ]
+         }
+        ]
+       }
+      ]
+     }
+    ]
+   }
+  },
+  "delegateCrossAccountZoneDelegationCustomResource23BD590B": {
+   "Type": "Custom::CrossAccountZoneDelegation",
+   "Properties": {
+    "ServiceToken": {
+     "Fn::GetAtt": [
+      "CustomCrossAccountZoneDelegationCustomResourceProviderHandler44A84265",
+      "Arn"
+     ]
+    },
+    "AssumeRoleArn": "arn:aws:iam::12345678:role/MyUniqueDelegationRole",
+    "ParentZoneName": "uniqueexample.com",
+    "DelegatedZoneName": "new.uniqueexample.com",
+    "DelegatedZoneNameServers": {
+     "Fn::GetAtt": [
+      "NewSubZone1DFF192F",
+      "NameServers"
+     ]
+    },
+    "TTL": 172800
+   },
+   "DependsOn": [
+    "delegatecrossaccountzonedelegationhandlerrolePolicychildstackdelegatecrossaccountzonedelegationhandlerroleCB13E48E86169197"
+   ],
+   "UpdateReplacePolicy": "Delete",
+   "DeletionPolicy": "Delete"
+  },
+  "CustomCrossAccountZoneDelegationCustomResourceProviderRoleED64687B": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Version": "2012-10-17",
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "lambda.amazonaws.com"
+       }
+      }
+     ]
+    },
+    "ManagedPolicyArns": [
+     {
+      "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+     }
+    ]
+   }
+  },
+  "CustomCrossAccountZoneDelegationCustomResourceProviderHandler44A84265": {
+   "Type": "AWS::Lambda::Function",
+   "Properties": {
+    "Code": {
+     "S3Bucket": "cdk-hnb659fds-assets-234567890123-us-east-1",
+     "S3Key": "5f9b7d5ffbc596240b39dea7604f015f4d3a569311376cd1d6542ced29be4f87.zip"
+    },
+    "Timeout": 900,
+    "MemorySize": 128,
+    "Handler": "__entrypoint__.handler",
+    "Role": {
+     "Fn::GetAtt": [
+      "CustomCrossAccountZoneDelegationCustomResourceProviderRoleED64687B",
+      "Arn"
+     ]
+    },
+    "Runtime": "nodejs18.x"
+   },
+   "DependsOn": [
+    "CustomCrossAccountZoneDelegationCustomResourceProviderRoleED64687B"
+   ]
+  }
+ },
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}