I bought a domain not from AWS and setted it up using route 53 with amazon. The ec2 instance is just running from 2 days without any server running on it (I'm still working on the coding part) but I setted up route 53. Today in my billing I saw this:
How does it work? I'm still in free tier so I'm not sure if it was covered or not. Even if it was, how did AWS charged 50 cents for 2 days routing when no one visited my site and nothing was running on the ec2 instance? Can somebody explain?
Most likely the minimum charge for DNS queries or/and for your hosed zones. If you go to billing dashboard, you will clearly see the itemized charges under Route53. I see the following itemized charges in my billing dashboard. Even if your dig your DNS, it is considered as a query.
Route53 charge you for creating a Hosted Zone (Which is essential to use Route53 Service) which is not under the free tier category. It seems, you were charged for the Hosted Zone created, which is a monthly recurring charge of $0.5 per month, per hosted zone.
Additionally Route53 charges for data transfer as well and for detailed pricing, check this link.
Related
I would like to monitor all outgoing DNS queries originating from resources within my VPC. For example, i would like to log all DNS queries originating from a specific EC2 instance. Is this possible?
I have looked into Route53 (early beginner to AWS), and from what i understand - using this i can only monitor my private domains, for incoming queries. Is it possible to monitor outgoing queries?
As far as I know, AWS doesn't have this as a feature right now. One solution that I've worked with before is having dnsmasq (a lightweight DNS cache/proxy) installed on every instance, configuring the machine to forward requests to dnsmasq first, and then consolidating your machines' dnsmasq logs in one place.
Currently there isn't any way.
.2 VPC DNS server queries don't log into VPC flow logs so you can't see there anything.
From AWS annoucement on 27th of August, 2020
https://aws.amazon.com/blogs/aws/log-your-vpc-dns-queries-with-route-53-resolver-query-logs/
"The Amazon Route 53 team has just launched a new feature called Route 53 Resolver Query Logs, which will let you log all DNS queries made by resources within your Amazon Virtual Private Cloud (VPC). Whether it’s an Amazon Elastic Compute Cloud (Amazon EC2) instance, an AWS Lambda function, or a container, if it lives in your Virtual Private Cloud and makes a DNS query, then this feature will log it; you are then able to explore and better understand how your applications are operating."
Therefore, if you use AmazonProvidedDNS (Amazon Route 53 Resolver) for DNS, then now you can use above option. The log contains a "srcaddr" field to find the source (e.g. EC2) of DNS lookup.
My ec2 instance is getting charged for data transfer from almost every available AWS region (Tokyo, Seoul, Singapore, Paris, London, Germany, Ireland, Ohio, Oregon, Sydney, Canada Central, Sao Paulo, Cloud Front, INCLUDING AWS GovCloud (US)). our 99.99% users are from India. As per recommendations of AWS representative have checked no other script are running on our instance and have changed rules for security group inbound rule having only SSH connection on port 22 to static IP. But still, there is data transfer of almost 600GB+. And the documentation for security group doesn't help much is there any other way to stop this data transfer?
Please note that EC2 instance runs the php code and java api tomcat7 service & RDS is on other instance.
First, your question looks like you mention data transfer to other EC2 instances in another region. Perhaps you meant traffic to internet users in other regions?
Second, according to pricing you'll be billed for Data Transfer OUT From Amazon EC2 To Internet whichever region you are and regardless whether the endpoint is in internet or AWS region. So, even if you have users in Mumbai you'll be billed for outbound traffic anyway.
Third, if you want to block transfer on country basis use CDN with proper capability, e.g. CloudFlare.
Please elaborate your question if you meant something else.
We have an AWS RDS Multi AZ deployment and one of our teams is using a subdomain (rds1.company.com) to access it. The subdomain uses an ALIAS record to point to the AWS endpoint and when I replaced the instance with a restored snapshot last week, it took at least an hour to refresh and point to the new instance.
Since the idea of a Multi AZ deployment is so that the endpoint can point to the fallback server whenever needed, isn't a custom domain a bad idea? I was told by our network admin that the ALIAS record refreshes once an hour.
Route53 ALIAS records have a fixed TTL of 60 seconds. This is stated in the Route53 FAQ. Public Internet DNS servers often times ignore the TTL.
Route53 ALIAS records do not support RDS, so you are most likely using a CNAME with a TTL of 3600 seconds. The TTL (expiration) can be set as short as 1 second but Amazon recommends a minimum TTL of 10 seconds.
Multi-AZ RDS endpoint will failover automatically in less than 60 seconds with Aurora and as fast as 30 seconds with MariaDB Connector/J. Other instance types can take from one to two minutes. This is covered in the RDS FAQ.
Make sure that the Route53 CNAME record is using the RDS DNS Name (endpoint) and not the IP address. You can set the CNAME TTL to be a small as you need.
Amazon Route 53 FAQ
Amazon RDS FAQs
I have an ec2 instance under the free tier of aws and I am using route 53 hosting with it. In my bills, I am seeing charges for DNS-queries. But I don't get these on other servers I own on other accounts. Is it because I have configured it wrong? Please help
If you are using an A-record, then there is a charge ($0.40 per million queries).
However, as per the Route 53 pricing page:
Queries to Alias records that are mapped to Elastic Load Balancers, Amazon CloudFront distributions, AWS Elastic Beanstalk environments, and Amazon S3 website buckets are free.
To use this, select "Alias = Yes" and point to one of those resources. (But it appears an EC2 instance is not one of them, unless fronted by a Load Balancer.)
Worst case... pay the 40c!
I have worked with several godaddy domains in the past. But, for the new project infrastructure I wish to setup, I am planning on registering domain names from the new Amazon's Route 53 - Domain Registration.
My question is do I also need to pay for their DNS Service?
In the past I used to configure hosted zones (CNAME records) from the GoDaddy Console, but never payed anything extra.
How will relying on Amazon effect me in terms of cost and maintenance?
Update: Alright, looks like Amazon doesn't charge for DNS queries routed to their own internal services. Refer here: Route 53 Docs - DNS Service
If somebody is using Amazon Route 53 - Domain Name and their DNS, please let me know if/how you got charged for using their DNS Service.
From the documentation, notice the final step listed in registering a domain, when you want to use an external DNS hosting provider:
(Optional) Delete the hosted zone that Amazon Route 53 created automatically when you registered your domain. This prevents you from being charged for a hosted zone that you aren't using. (emphasis added)
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-register.html
Regarding other providers' pricing practices:
In the past I used to configure hosted zones (CNAME records) from the GoDaddy Console, but never payed anything extra.
That's fine, but you're looking at this situation upside-down. The two services -- domain registration and DNS hosting -- are separate services, but GoDaddy and many other registrars don't give you an option not to pay for DNS hosting, even if you don't use it -- it's built into their domain registration pricing. AWS tends to unbundle service components so that you only pay for the components you use.
If you are hosting services in AWS, using S3, CloudFront, or Elastic Load Balancer, you will find that Route 53's DNS hosting is the preferable option, because of the way resource records work at the apex of a domain due to the design of DNS itself. Route 53 is integrated with the other services to allow failover and redundant DNS configuration in a way that can't be accomplished with most external DNS providers.
Yes, you can use third party DNS service with domains registered in Route53 (you just have to add appropriate Name Servers)
About the pricing, it is all explained in detail here. Keep in mind that although queries to Alias records that are mapped to Elastic Load Balancers, Amazon CloudFront distributions, AWS Elastic Beanstalk environments, and Amazon S3 website buckets are free, that does bot apply to other AWS resources, including Amazon EC2 instances and Amazon RDS databases.
Also you will be charged fixed monthly amount for each hosted zone.