Workshop AWS Account Setup > Shared Services Account > Setting up a DNS zone in Route53

Setting up a DNS zone in Route53

Setting up the Zone

Enhance the Makefile in the infrastructure git project with the following content:

AWS_REGION              := eu-central-1
HOSTED_ZONE_DOMAIN      := aws.myorg.com

###############################################################################################

.PHONY: shared-services-dns
shared-services-dns:
	aws cloudformation deploy \
		--no-fail-on-empty-changeset \
		--template-file shared-services/dns.yml \
		--stack-name dns \
		--parameter-overrides HostedZoneDomain=$(HOSTED_ZONE_DOMAIN) \
		--region $(AWS_REGION)

Make sure to use the correct domain in the HOSTED_ZONE_DOMAIN variable.

Create a new cloudformation template in shared-services/dns.yml and define the hosted zone in there:

---
AWSTemplateFormatVersion: 2010-09-09
Description: DNS Zone for AWS services

Parameters:
  HostedZoneDomain:
    Type: String
    Description: Domain of the hosted zone
Resources:
  HostedZone:
    Type: AWS::Route53::HostedZone
    Properties:
      Name: !Ref HostedZoneDomain
      HostedZoneConfig:
        Comment: !Sub "The hosted zone for the domain ${HostedZoneDomain}"

Create the Cloudformation stack with the following command in the shared-services AWS account

AWS_PROFILE=myorg-shared-services make shared-services-dns

Setting up zone delegation in the parent zone

In order to make zone delegation you have to assign the nameservers for your new Route53 zone in the parent zone.

First get the id of your hosted zone from Route53:

AWS_PROFILE=myorg-shared-services aws route53 list-hosted-zones-by-name --dns-name aws.myorg.com --query 'HostedZones[].Id' --output text

Then get the assigned nameservers of your new Route53 zone:

AWS_PROFILE=myorg-shared-services aws route53 get-hosted-zone --id ${HOSTED_ZONE_ID}

Use the nameservers to set up delegation in your parent zone, eg.:

TYPE  NAME                  VALUE                    TTL
NS    aws.myorg.com  ns-1065.awsdns-05.org    300 
NS    aws.myorg.com  ns-437.awsdns-54.com     300 
NS    aws.myorg.com  ns-712.awsdns-25.net     300 
NS    aws.myorg.com  ns-1659.awsdns-15.co.uk  300

Use a TTL of 86400 (1 day) when you are sure the setup is correct and won’t be changed in the next days.

Validate your setup with dig, eg.

dig SOA aws.myorg.com

You should receive the SOA record of Route53, eg.

;; ANSWER SECTION:
aws.myorg.com. 899 IN	SOA ns-1065.awsdns-05.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400