How to manage VPC association to Route53 hosted zone using CloudFormation

amazon-route53amazon-vpcamazon-web-services

I wrote a CloudFormation template which creates a vpc, subnets, routes, asg's and instances.

I want CloudFormation to handle the association of the newly created vpc with an existing Route53 hosted zone but I can't find how to do it in CloudFormation.

Using the aws cli, this can be achieved by running (in the user_data script):

aws route53 associate-vpc-with-hosted-zone --hosted-zone-id AAZZZ123AA --vpc VPCRegion=us-west-2,VPCId=$vpcid

But I want CloudFormation to manage these associations so when the stack is deleted then the vpc association will be deleted as well.

I couldn't find online how it can be achieved with CloudFormation, so does anybody know if it can be done?

Best Answer

I couldn't find how to associate a VPC to a Route53 hosted zone, so I've added to the user_data script the following code:

aws route53 get-hosted-zone --id XXXAAA12345 | grep -q $vpcid
if [[ ! $? -eq 0 ]]; then
  aws route53 associate-vpc-with-hosted-zone --hosted-zone-id XXXAAA12345 --vpc VPCRegion=us-west-2,VPCId=$vpcid
else
  echo "VPC $vpcid is already associated to hosted zone company-private"
fi

vpcid variable is inherited from the CloudFormation template:

{ "Fn::Join": [ "=", [ "vpcid", { "Ref": "VPC" } ] ] },

Then, I realized that when a VPC is deleted, it's association to the Route53 hosted zone remains.

In order to make sure that old associations are removed, I've added the following code to the user_data script:

defaultvpc="vpc-20AAAA4b"
vpc_array=()
for vpc in $(aws route53 get-hosted-zone --id XXXAAA12345 | grep vpc | awk '{print $2}' | tr -d '\"|,'); do
  vpc_array+=($vpc)
done
for i in ${!vpc_array[@]}; do
  if [[ ! ${vpc_array[$i]} = $vpcid && ! ${vpc_array[$i]} = $defaultvpc ]] ; then
    echo "VPC ${vpc_array[$i]} doesnt exist anymore - removing association to Route53 hosted zone"
    aws route53 disassociate-vpc-from-hosted-zone --hosted-zone-id XXXAAA12345 --vpc VPCRegion=us-west-2,VPCId=${vpc_array[$i]}
  fi
done

Related Solutions

Amazon Route 53 – How to Create a Zone Apex Alias for Elastic Load Balancer

A engineer on the Route 53 team informed me that creating the proprietary alias can be created in the Route 53 Console (the GUI).

Here are the steps.

click create record set
for zone apex record just leave the name field blank
select the type of alias you want to make A or AAAA (all steps after this are the same for both types)
Select the yes radio button.
Open the EC2 console in another tab and navigate to the list of your load balancers.
Click on the load balancer and look at the description tab in the pane below the list. Sample output below

DNS Name: new-balancer-751654286.us-east-1.elb.amazonaws.com (A Record)
ipv6.new-balancer-751654286.us-east-1.elb.amazonaws.com (AAAA Record)
dualstack.new-balancer-751654286.us-east-1.elb.amazonaws.com (A or AAAA Record)

Note: Because the set of IP addresses associated with a LoadBalancer can change over time, you should never create an “A” record with any specific IP address. If you want to use a friendly DNS name for your LoadBalancer instead of the name generated by the Elastic Load Balancing service, you should create a CNAME record for the LoadBalancer DNS name, or use Amazon Route 53 to create a hosted zone. For more information, see the Using Domain Names With Elastic Load Balancing at http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/DeveloperGuide/using-domain-names-with-elb.html.

Status: 0 of 0 instances in service

Port Configuration: 80 (HTTP) forwarding to 80 (HTTP)

Stickiness: Disabled(edit)

Availability Zones: us-east-1b

Source Security Group: amazon-elb-sg

Owner Alias: amazon-elb

Hosted Zone ID: Z3DZXD0Q79N41H

Now copy the Hosted zone ID in the above case ‘ Z3DZXD0Q79N41H’ and paste it into the field labeled ‘Alias Hosted Zone ID:’
Now copy the DNS Name in the above case ‘ new-balancer-751654286.us-east-1.elb.amazonaws.com‘ and paste into the field ‘ Alias DNS Name:’ -Just an FYI this DNS name is the same for both A and AAAA alias records. (do not use ‘ ipv6.new-balancer-751654286.us-east-1.elb.amazonaws.com‘)
Click create record set or at this time you can select yes to weight the record and provide a weight between 0-255 and a setID such as ‘my load balancer’

How to Delegate a subdomain to Route53

It looks like you're trying to set up a zone transfer which you can't do, as ChrisV said.

To do a delegation for a sub domain you need only create NS records for the sub in the parent's zone.

So in starshine.org's zonefile:

aws    IN  NS    ns-1494.awsdns-58.org.
aws    IN  NS    ns-773.awsdns-32.net.
aws    IN  NS    ns-1751.awsdns-26.co.uk.
aws    IN  NS    ns-111.awsdns-13.com.

Then you define all your records for the aws.starshine.org. zone in the route 53 name servers.

Best Answer

Related Solutions

Amazon Route 53 – How to Create a Zone Apex Alias for Elastic Load Balancer

How to Delegate a subdomain to Route53

Related Topic