Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Will Route53 private hosted zone work over AWS VPC Peering in two account

I have similar question as Will Route53 private hosted zone work over AWS VPC Peering but with one difference.

Is it possible to setup same scenario when these two VPCs are in different Accounts? So hosted zone is in one Account with one VPC and there is second VPC but in different account (connected via VPC Peering).

like image 646
Patrik Votoček Avatar asked May 22 '17 14:05

Patrik Votoček


People also ask

Can I have the same hosted zone in two AWS accounts?

Public hosted zones with the same name in two accountsYou can create more than one hosted zone with the same name and add different records to each hosted zone. Route 53 assigns four name servers to every hosted zone, and the name servers are different for each hosted zone.

Can I associate multiple VPC with single hosted zone?

If you want to associate multiple VPCs that you created with one account with a hosted zone that you created with a different account, you must submit one authorization request for each VPC. When you authorize the association, you must specify the hosted zone ID, so the private hosted zone must already exist.


1 Answers

Yes, it is possible to share a private route53 hosted zone with a different account.

If you want to associate a VPC that you created with one AWS account with a private hosted zone that you created with a different account, perform the following procedure:

To associate an Amazon VPC and a private hosted zone that you created with different AWS accounts

Using the account that created the hosted zone, authorize the association of the VPC with the private hosted zone by using one of the following methods:

AWS SDK or AWS Tools for Windows PowerShell – See the applicable documentation on the AWS Documentation page AWS CLI – See the route53 page in the AWS Command Line Interface Reference Amazon Route 53 API – See CreateVPCAssociationAuthorization in the Amazon Route 53 API Reference Note the following:

If you want to associate multiple VPCs that you created with one account with a hosted zone that you created with a different account, you must submit one authorization request for each VPC.

When you authorize the association, you must specify the hosted zone ID, so the private hosted zone must already exist. You can't use the Amazon Route 53 console either to authorize the association of a VPC with a private hosted zone or to make the association. Using the account that created the VPC, associate the VPC with the hosted zone. As with authorizing the association, you can use the AWS SDK, Tools for Windows PowerShell, the AWS CLI, or the Amazon Route 53 API. If you're using the API, use the AssociateVPCWithHostedZone action.

Optional but recommended – Delete the authorization to associate the VPC with the hosted zone. Deleting the authorization does not affect the association, it just prevents you from reassociating the VPC with the hosted zone in the future. If you want to reassociate the VPC with the hosted zone, you'll need to repeat steps 1 and 2 of this procedure.

Note For the limit on the number of authorizations that you can create, see Limits on Entities.

http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zone-private-associate-vpcs-different-accounts.html

like image 154
strongjz Avatar answered Sep 30 '22 19:09

strongjz