I'm having real difficulty in getting the environments setup on 2 AWS accounts which are related to each other by the virtue of Organisation Hierarchy. My root DNS provider is GoDaddy which is hosting DNS record for example.com. We have multiple services which needs to be hosted on subdomain services.example.com. My setup is like:
GoDaddy -> Root DNS provider for example.com. Has NS record entries for services.example.com pointing to AWS Prod Account's Hosted Zone
AWS Prod Account -> Has Hosted Zone as services.example.com. Within this hosted zone I have A Records for production services service1.services.example.com, service2.services.example.com, etc.
AWS Dev Account -> Need a way to host environments such as test, uat, release on Prod account subodmain as:
Service 1:
test.service1.services.example.com
uat.service1.services.example.com
release.service1.services.example.com
Service 2:
test.service2.services.example.com
uat.service2.services.example.com
release.service2.services.example.com
Is there any way that I can achieve this. I have attached an image for visually simplifying this setup.
Create a hosted zone for service1.services.example.com in Acc 2.
Note the 4 name servers that Route 53 assigns to it the new hosted zone.
Back in the services.example.com (master zone) on Acc 1, create a new resource record, with hostname service1 using record type NS, and enter the 4 name servers that Route 53 assigned, in the box below.
You just delegated the service1.services.example.com subdomain, and any hosts and subdomains in it, to a different hosted zone, which you can now break to your heart's content, without impacting the the other records.
And just can just repeat the same process for all other services you want to delegate as well. You will end up with a new hosted zone for each service, but that is a totally fine way of doing so.
The hosted zone for the subdomain can be in the same account or a different account.
Related
I am playing with hosted zone creation and domain name servers.
Everything I have has been created in AWS (the registered domain and the hosted zone).
I am not sure about DNS when I create a hosted zone.
1 - Do I copy the DNS records from the Route 53 hosted zone that I created for the domain and add them to the DNS list where it domain is registered (which is also in AWS under Route53/registered domains) .
or
2 - Do I copy the DNS records listed from the registered domains page and replace the DNS addresses that are into the route 53 domains hosted zone?
Does it matter? Can I do it either way and it is ok as long as they both match with the same DNS servers?
Eventually I am going to need to create hosted zones for subdomains in a different AWS account than what the domain and hosted zone is registered in and wondering what the best way to handle this would be.
AWS account A - This is where the domain is registered and where the domain has its hosted zone created. - Lets call the domain ernie.com (not the actual domain I am playing with)
AWS account B - This is where I want to created the hosted zone qa.ernie.com
Since we might also want to create more subdomains later on, it just seems easier to be able to get the list of the four DNS servers from the registered domain and use them every time we create a subdomain hosted zone. That would be instead of appending the DNS list of the registered domain with each subdomains DNS list - I assume that list could get pretty long then.
I have played a bit and no know matter which way I try it I am not seeing my domains DNS when I look at the domain with a dns look up website so I am wondering what might have happened there.
FYI - This will all be done with Terraform once I figure it all out - in case some has a great example for me to look at with Terraform IAC.
We purchased a domain "company.com" through GoDaddy(managed by my company) and configured the DNS for same domain in my aws account aws-dev.
I created a sub-domain in aws-dev, "sales.dev.company.com" using a public hosted zone and configured required Route 53 entries.
I am to able to access this sub-domain successfully.
Now we have got another aws account aws-test, and we want to transfer the DNS (for company.com) to this account
but want to keep sub-domain/hosted zone for sales.dev.company.com in aws-dev only as services are running in this account.
Is there a way i can transfer the dns for company.com to aws-test and whenever
a request comes in for sales.dev.company.com, it gets routed to another aws account aws-dev in this case which hosts mapped service and otherwise all requests for company.com will be serviced from aws-test account ? If yes how this can be achieved ?
After searching around this solution worked for me:
Created hosted zone company.com in aws-test
Updated GoDaddy to replace DNS servers to new dns servers from step-1
Deleted company.com hosted zone from aws-dev.
Create sales.dev.company.com hosted zone in aws-dev.
Update ns records from step-4 in company.com in aws-test.
In simple terms this is what happens - whenever a request is being made to sales.dev.company.com, it first go to GoDaddy which forward it to aws-test which own company.com and now because aws-test knows where sales.dev.company.com lives, it gets forwarded to aws-dev.
I have foo.com as a Hosted Zone with an A, NS, SOA, TXT and MX Record Sets. It works fine. Now I want a separate test.foo.com with an A entry but I want it in a separate Hosted Zone. Is it possible?
If I put an A record in foo.com's Hosted Zone with the value test.foo.com it works but I want it in a separate Hosted Zone.
I want it like so in order to have a clear separation between the test and prod. This way I can break the test but the prod is still up.
Thank you!
Create a hosted zone for test.example.com.
Note the 4 name servers that Route 53 assigns to it the new hosted zone.
Back in the master zone, create a new resource record, with hostname "test" using record type NS, and enter the 4 name servers that Route 53 assigned, in the box below.
You just delegated the "test.example.com" subdomain, and any hosts and subdomains in it, to a different hosted zone, which you can now break to your heart's content, without impacting the production records.
The hosted zone for the subdomain can be in the same account or a different account.
I've been having issues in linking a static website hosted on S3 bucket in one AWS account to a custom domain name regsitered on Route53 on another AWS account. Is it not possible to do such types of linking, where the S3 bucket and the Route53 are on two different AWS accounts? If so, what could be the solution for my case!
Thanks in advance.
An A-record alias is needed at the zone apex (e.g. example.com) but not for subdomains (e.g. www.example.com, because here, you can use a CNAME instead) when hosting a site on S3, and this doesn't work across AWS accounts.
However... there's one word in your question that leads me to believe the following solution may be useful. The word is "registered."
custom domain name regsitered on Route53 on another AWS account
If the domain is registered by the Route 53 registrar under one AWS account, you can still create a Route 53 hosted zone on a different AWS account -- the one with the bucket -- and then change the authoritative nameservers in the Route 53 console in the first account. This delegates operational control to the second account.
Create a hosted zone for the domain in account 2 (the same one as the bucket). Make a note of the 4 NS records that Route 53 assigns to the hosted zone. Do not change them. Just note what they are. Configure this hosted zone with the appropriate A record alias pointing to the bucket.
Then, in account 1 (where you registered the domain) in the Route 53 console, click "Registered Domains."
Select your domain.
Choose "add/edit name servers."
Enter the values for the Route 53 name servers that were assigned by Route 53 for the new hosted zone in account 2.
Wait a few minutes.
Test.
It will probably take at least 15 minutes for this to start working (it can theoretically take 48 hours but this is very unlikely), and after this, you can remove the hosted zone from account 1. Its configuration is ignored, anyway, if you don't.
Route 53 will continue to bill account 1 for the annual registration, but will bill account 2 for the hosted zone. Neither account will be charged for the DNS queries, but account 2 will be billed $0.00 for them, since the queries are against an alias pointing to S3, and in such cases, queries are free.
This should work just fine. It doesn't matter that the Route 53 entry points to a bucket in a different account.
You should follow these directions: Example: Setting Up a Static Website Using a Custom Domain with a few changes...
Basically:
Create a bucket with a name that matches your domain name (eg images.example.com) and activate Static Website Hosting
Copy the Endpoint presented. It will look like: images.example.com.s3-website.amazonaws.com
In Route 53 (in any account), create a Hosted Zone for your domain (eg example.com)
Within the Hosted Zone, create a Record Set for images.example.com of type CNAME. Then enter the Static Website Hosting Endpoint that was copied above.
Then test the domain. For example, images.example.com/foo.jpg should return the foo.jpg file from your bucket.
It is not possible to use Alias=YES for a Static Website in a different account.
I'm trying to set up a top-level hosted zone in AWS Route53 in a master account which acts as a proxy for 3 other (production, staging, development) accounts. The aim of the final set up is as follows:
www.foo.com -> production account
foo.com -> re-directs to www.foo.com
stage.foo.com -> staging account
dev.foo.com -> development account
To clarify, there are 4 accounts:
Master
Production
Staging
Development
Master Account
So far, 3 and 4 are working ok. The root account has the following:
Hosted Zone (foo.com)
- foo.com NS (4 name servers) - default
- foo.com SOA - default
Record Sets I've added:
dev.foo.com NS (added 4 name servers of dev account NS default record)
stage.foo.com NS (added 4 name servers of stage account NS default record)
Staging Account
Hosted Zone (stage.foo.com)
stage.foo.com NS (4 name servers) - default
stage.foo.com SOA - default
Record Sets I've added:
stage.foo.com A Record (ALIAS) -> AWS ELB
Development Account
Hosted Zone (dev.foo.com) - Same as Stage
dev.foo.com NS (4 name servers) - default
dev.foo.com SOA - default
Record Sets I've added:
dev.foo.com A Record (ALIAS) -> AWS ELB
The problem I'm facing is how to set up the www. and naked url for the production account.
If I repeat the same steps as stage and dev, by creating and delegating the Name Servers of www.foo.com to the production account with a hosted zone of www.foo.com - what can I do about handling the naked url foo.com.
Should this be handled in the Master account or Production account?
Another idea is to have nothing in the Master account, and handle everything in the production account. This would have the naked A Alias record pointing to the www A Alias record, which in turn points to the AWS ELB, and then hand off the Name Servers for staging and dev to their own accounts.
Another twist would be to keep it as it is mentioned above but have the naked A Alias record pointing to the www A IP address of the Production AWS ELB.
Would either of these be a better approach or is it possible to handle it all in the Master account?
Put the example.com hosted zone in the production account, and create all the production records in there.
Delegate stage and dev to their respective hosted zones, as you have done, in order to maintain structural separation and help prevent inadvertent production changes. Remember that sometimes these queries will cause 2 requests -- one hitting the global domain to find the delegation, and another to find the actual record from the subdomain. Not a big deal, since these should have relatively low volume.
But, which "account" (referring, I assume, to consolidated billing accounts) you put the hosted zones in will be a matter of convenience. Resources can be accessed across account boundaries with correct configuration, but not crossing account boundaries is always easier, with less to configure. There's no technical reason why they couldn't all go in the master account. They could all go in the same hosted zone for that matter -- hostname 'foo.dev' in the 'example.com' hosted zone will be used to resolve 'foo.dev.example.com' if you don't do the delegation -- but separation is good.