Route 53 cross account alias records

 
 

As you already know, a multi-account AWS environment enables you to use the cloud to move faster and build differentiated products and services, all while ensuring you do so in secure, scalable and resilient manner. Therefore, you set up AWS Organizations in your main account, created several core accounts for security, logging and other centralized services and deployed your applications into different workload accounts. You probably also created your main Route 53 Hosted Zone in one of the core accounts. But what do you do, if someone wants you to add a record there, which points to their CloudFront distribution or Elastic Load Balancer.

CNAME

Just create a CNAME record, which points to the domain name.

CloudFormation
Resources:
Record:
      Type: AWS::Route53::RecordSet
      Properties:
      HostedZoneId : GLOBALDATANET
      Name: aws.globaldatanet.com.
      ResourceRecords:
  - '1234567890.eu-central-1.elb.amazonaws.com'
      TTL: '3600'
      Type: CNAME
Terraform
resource "aws_route53_record" "aws" {
  name    = "aws"
  records = [
    "1234567890.eu-central-1.elb.amazonaws.com"
  ]
  ttl     = 3600
  type    = "CNAME"
  zone_id = "GLOBALDATANET"
}

Alias

A CNAME record works great as long as you don't want to add a record to your domain apex. In this case you can leverage the AWS provided alias records, and they even work cross account 🚀.

Route 53 cross account alias record
Route 53 cross account alias record

CloudFormation
Resources:
  Record:
    Type: AWS::Route53::RecordSet
    Properties:
      AliasTarget:
        HostedZoneId: Z2FDTNDATAQYW2  # <-- this is the well-known Hosted Zone ID of CloudFront
        DNSName: 1234567890.cloudfront.net.
      HostedZoneId : GLOBALDATANET
      Name: globaldatanet.com.
      Type: A
Terraform
resource "aws_route53_record" "apex" {
  name    = "globaldatanet.com"
  type    = "A"
  zone_id = "GLOBALDATANET"

  alias {
    name    = "1234567890.cloudfront.net"
    zone_id = "Z2FDTNDATAQYW2"  # <-- this is the well-known Hosted Zone ID of CloudFront
  }
}


      

DevOps tools you should have on your belt

A collection of tools that will help you to improve your daily work.

 

Nov 10th 2020

 

David Krohn

Share your ACM Private CA cross-account

How to automate AWS RAM to share your ACM Private CA cross-account

 

Sep 3rd 2020

 

David Krohn

App Mesh and ECS with shared Meshes

Step by Step Tutorial on how to use App Mesh on ECS with cross account ressource sharing (shared meshes)

 

Jul 25th 2020

 

Yassine Berrada Touati