How to Add Static Entries to AWS Route53 Auto Naming Hosted Zone

amazon-ecsamazon-route53amazon-web-servicesdomain-name-system

I am running some of our backend REST services with Amazon ECS (Docker) and they change their public IP on every restart.

I'm using AWS Route 53 Auto Naming (aka servicediscovery) to register new A records on the DNS when a new backend instance spins up.

Everything works fine except the backends are using HTTP.
I wish to secure them with HTTPS and I was looking to Let's Encrypt/Certbot and here comes the issue.

I wish to obtain a wildcard certificate for all names in the hosted zone, let's say *.aws.example.com, but I need to add a verification TEXT record on the Hosted Zone, and it is not possible.

The error message I get is:

The resource hostedzone/Z1R8P3NTRAIWDS can only be managed through servicediscovery.amazonaws.com (arn:aws:servicediscovery:eu-west-1:263810592360:namespace/ns-cuqs46hqusim4jih)

How can I add some static records to my Hosted Zone managed by service discovery?

Best Answer

I finally managed to resolve my issue using the procedure on section "Using Service Discovery with an Existing Hosted Zone" from documentation page: https://docs.aws.amazon.com/Route53/latest/APIReference/overview-service-discovery.html

Basically:

  1. create with autodiscovery a namespace unrelated from the previously existant public Route53 hosted zone
  2. link the autodiscovery record into the public Route53 hosted zone with the following aws-cli command aws route53 change-resource-record-sets --hosted-zone-id existing-hosted-zone-id --change-batch file://path-to-text-file

The text file is composed this way:

{
  "Changes": [
    {
      "Action": "UPSERT", 
      "ResourceRecordSet": {
        "Type":"A", 
        "Name":"record-name-in-existing-hosted-zone", 
        "AliasTarget": {
          "DNSName":"record-name-in-new-hosted-zone", 
          "HostedZoneId":"service-discovery-hosted-zone-id", 
          "EvaluateTargetHealth":true
        }
      }
    }
  ]
}
Related Topic