AWS/Route53 private zone assosiate with other account
< AWS
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
If you try to resolve private hosted zone records in a VPC that does not belong to the same account you need to create authorization to make this work.
# In account 'A', this is where the private zone is hosted
aws route53 list-hosted-zones
{
"Id": "/hostedzone/Z01111111RWDJEEXAMPLE",
"Name": "acme.private.",
"CallerReference": "PrivateDN-HostedZo-S11QC11ELX11",
"Config": {
"Comment": "acme.private - private DNS zone not accessible from the internet",
"PrivateZone": true
},
VPCID_ACCOUNT_B=vpc-11111111
aws route53 create-vpc-association-authorization --hosted-zone-id <hosted-zone-id> --vpc VPCRegion=<region>,VPCId=<vpc-id>
aws route53 create-vpc-association-authorization --hosted-zone-id Z01111111RWDJEEXAMPLE --vpc VPCRegion=eu-west-1,VPCId=vpc-11111111
{
"HostedZoneId": "Z01111111RWDJEEXAMPLE",
"VPC": {
"VPCRegion": "eu-west-1",
"VPCId": "vpc-11111111"
}
}
# In account 'B', where is your VPC that ec2 instances you wish to resolve the dns name/zone
aws route53 associate-vpc-with-hosted-zone --hosted-zone-id <hosted-zone-id> --vpc VPCRegion=<region>,VPCId=<vpc-id>
aws route53 associate-vpc-with-hosted-zone --hosted-zone-id Z01111111RWDJEEXAMPLE --vpc VPCRegion=eu-west-1,VPCId=vpc-11111111
{
"ChangeInfo": {
"Id": "/change/C011111111XJESOAZRMKM",
"Status": "PENDING",
"SubmittedAt": "2020-09-11T13:59:34.280Z",
"Comment": ""
}
}
# In account 'A', delete association authorization. Optional good practice.
$ aws route53 list-vpc-association-authorizations --hosted-zone-id Z01111111RWDJEEXAMPLE --output text
Z01111111RWDJEEXAMPLE
VPCS vpc-11111111 eu-west-1
aws route53 delete-vpc-association-authorization --hosted-zone-id Z01111111RWDJEEXAMPLE --vpc VPCRegion=eu-west-1,VPCId=vpc-11111111
# -> no-output
```