Pio2pio: Created page with "If you try to resolve private hosted zone records in a VPC that does not belong to the same account you need to create authorization to make this work. # In..."

2020-09-13T14:16:40Z

Created page with "If you try to resolve private hosted zone records in a VPC that does not belong to the same account you need to create authorization to make this work. <source lang=bash> # In..."

New page

If you try to resolve private hosted zone records in a VPC that does not belong to the same account you need to create authorization to make this work.
<source lang=bash>
# In account 'A', this is where the private zone is hosted
aws route53 list-hosted-zones
{
"Id": "/hostedzone/Z01111111RWDJEEXAMPLE",
"Name": "acme.private.",
"CallerReference": "PrivateDN-HostedZo-S11QC11ELX11",
"Config": {
"Comment": "acme.private - private DNS zone not accessible from the internet",
"PrivateZone": true
},

VPCID_ACCOUNT_B=vpc-11111111
aws route53 create-vpc-association-authorization --hosted-zone-id <hosted-zone-id> --vpc VPCRegion=<region>,VPCId=<vpc-id>
aws route53 create-vpc-association-authorization --hosted-zone-id Z01111111RWDJEEXAMPLE --vpc VPCRegion=eu-west-1,VPCId=vpc-11111111
{
"HostedZoneId": "Z01111111RWDJEEXAMPLE",
"VPC": {
"VPCRegion": "eu-west-1",
"VPCId": "vpc-11111111"
}
}

# In account 'B', where is your VPC that ec2 instances you wish to resolve the dns name/zone
aws route53 associate-vpc-with-hosted-zone --hosted-zone-id <hosted-zone-id> --vpc VPCRegion=<region>,VPCId=<vpc-id>
aws route53 associate-vpc-with-hosted-zone --hosted-zone-id Z01111111RWDJEEXAMPLE --vpc VPCRegion=eu-west-1,VPCId=vpc-11111111
{
"ChangeInfo": {
"Id": "/change/C011111111XJESOAZRMKM",
"Status": "PENDING",
"SubmittedAt": "2020-09-11T13:59:34.280Z",
"Comment": ""
}
}

# In account 'A', delete association authorization. Optional good practice.
$ aws route53 list-vpc-association-authorizations --hosted-zone-id Z01111111RWDJEEXAMPLE --output text
Z01111111RWDJEEXAMPLE
VPCS vpc-11111111 eu-west-1

aws route53 delete-vpc-association-authorization --hosted-zone-id Z01111111RWDJEEXAMPLE --vpc VPCRegion=eu-west-1,VPCId=vpc-11111111
# -> no-output
```
</source>
= References =
*[https://aws.amazon.com/premiumsupport/knowledge-center/private-hosted-zone-different-account/ How do I associate a Route 53 private hosted zone with a VPC on a different AWS account?] AWS Blog

AWS/Route53 private zone assosiate with other account - Revision history

Pio2pio: Created page with "If you try to resolve private hosted zone records in a VPC that does not belong to the same account you need to create authorization to make this work. # In..."