I have two AWS accounts. The master account with example.com
as a Hosted Zone, this then has a number of record sets (i.e. api.example.com and kibana.example.com).
A second account will be managing testing.example.com
as a Hosted Zone, with the same set of record sets (i.e. api.testing.example.com and kibana.testing.example.com).
How to I tell the master account to refer requests for .testing.example.com
down to the child account.
I don't want to change the master account as I want to use the same Cloud Formation templates in both 'Live' and 'Test'.
I've set the two up as above and it does not work (api.testing.example.com
does not resolve). I've also tried setting the testing.example.com ns record in the master account to the one specified in the child account(1). Alas this is not something I've done before and Google searches are not returning anything.
1) I messed this up, and this is the answer. See below.
Best Answer
The requests are referred, not pushed, but you can achieve the desired outcome by delegating the subdomain to a different set of Route 53 servers from those that host the parent zone.
Look at the new hosted zone you created for testing.example.com. This can be in the same AWS account, a different AWS account... any AWS account. There's nothing here that is "account" related. This uses standard DNS configuration. The whole of DNS is a hierarchy. The global root can tell you where to find
com
, and thecom
servers can tell you where to findexample.com
, and it's nothing materially different forexample.com
to tell you where to findtesting.example.com
instead of giving you a direct answer.Note the 4 name servers that Route 53 assigned to the testing.example.com hosted zone. Verify that they are all different than the ones assigned to the example.com hosted zone. (For any of them to be the same should be impossible, but verify this.)
Now, back in the example.com zone, create a new resource record, with hostname
testing
, using record typeNS
, and enter the 4 name servers that Route 53 assigned totesting.example.com
, in the box below.Now, when a request for testing.example.com and anything below it arrives at one of the Route 53 servers handling example.com, the reply will not be the answer from testing.example.com -- the reply will provide the requester with the 4 NS records associated with testing.example.com and an answer equivalent to "I don't know, but try asking one of these guys."
That's how it's done.