0

To do any ops work on our servers, we first need to ssh into a DMZ server with a public IP, before ssh-ing on to the app servers, with ips such as 172.16.3.239. I would rather have memorable hostnames, to do something like ssh app.staging, but I am unsure how this works on AWS. I have only setup DNS for globally accessible ips with my registrar, and since the AWS private subnet is for a private range of addresses, this will not work, of course.

I am also sure if I can use any random hostname (that does not clash with a "real" public hostname), or if it would need to resolve to something that would be globally unique (outside of my private subnet).

oligofren
  • 641
  • 2
  • 8
  • 23
  • Nothing about the DNS prevents you from creating address records with RFC1918 addresses. You do it the same way as any other address record. – Michael Hampton Aug 01 '21 at 13:02
  • So you are suggesting I just create the dns entries with my local provider? That's fine. But is it possibly to create dns entries in AWS that are "short-hand", like `app-staging` that would only apply in AWS when I ssh around? – oligofren Aug 01 '21 at 13:04
  • If you have a small number of servers it would be easier to put them in your hosts file, but that won't scale to many servers / operations staff. – Tim Aug 01 '21 at 19:03
  • Have you looked into a private hosted DNS zone and Route53 Resolver? – Oscar De León Aug 01 '21 at 21:11
  • @Tim Might well be the most cost/time effective solution :D – oligofren Aug 02 '21 at 11:39
  • @OscarDeLeón No. Or more like: this is Greek to me. I am not very well versed in AWS infra. What do you mean by "private hosted DNS zone"? Like setting up BIND myself? – oligofren Aug 02 '21 at 11:40

1 Answers1

0

Two options are:

  • AWS Route 53 is a hosted DNS service. Create a hosted zone (DNS service) for your servers with the private IPs. You can also create a private hosted zone (private DNS) but then you will need to delegate DNS to the AWS name servers. This is especially useful if you're using load balancers who's IPs change regularly.
  • Hard code the server names in your computer(s) hosts files. This won't scale well to large numbers of servers, large numbers of operations staff, or if IPs change regularly
oligofren
  • 641
  • 2
  • 8
  • 23
Tim
  • 31,888
  • 7
  • 52
  • 78
  • Not sure about that first option, since the terms were unknown, but I found some context to fill in the blanks: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html – oligofren Aug 02 '21 at 22:52