1

I have several apex domains that all point to the same website. I am migrating it to AWS, and I need to figure out how to route requests to my ELB. I know I can't create a CNAME, but what are my other options?

What I really need looks like this:

foo.com -> prd.us-east-1.foo.com
prd.foo.com -> prd.us-east-1.foo.com
stg.foo.com -> stg.us-east-1.foo.com
tst.foo.com -> tst.us-east-1.foo.com

(whatever).us-east-1 all represent different ELB's. Given that AWS doesn't have Elastic IP's for ELB's, what other options do I have? Brainstorm for me.

DrStrangepork
  • 578
  • 1
  • 8
  • 19

2 Answers2

1

No brainstorming required, since AWS has a no-brainer solution for exactly this circumstance. Refer to the Route 53 (AWS's DNS hosting service) documentation for "alias" resource record sets, which do exactly what you want, including at the zone apex, by leveraging the fact that Route 53 has internal knowledge of the IP addresses "behind" the ELB hostnames, and can do internal lookups and return those same values when a query references an alias that's tied to ELB (or some other services that are equally difficult but often necessary to integrate at the zone apex).

Instead of an IP address or a domain name, an alias resource record set contains a pointer to a CloudFront distribution, an Elastic Load Balancing load balancer, an Amazon S3 bucket that is configured as a static website, or another Amazon Route 53 resource record set in the same hosted zone.

http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingAliasRRSets.html

Michael - sqlbot
  • 22,658
  • 2
  • 63
  • 86
-1

Technically, this can be done, but it violates RFC 1033 and 1034 and therefore should not be done. Specifically, "an alias resource record set contains a pointer to ... another Amazon Route 53 resource record set in the same hosted zone" is a direct violation of those RFC's. The only way this would work in AWS and not violate RFC is to have Elastic IPs configured for the instances and have Route 53 serve those static IP's.

DrStrangepork
  • 578
  • 1
  • 8
  • 19
  • This is simply incorrect. An alias is an *internal data structure* inside Route 53 which allows Route 53 to return, essentially, the answer to a different question. It does not require complicity of the client, and violates no standard, because it's all done within Route 53. – Michael - sqlbot Apr 30 '15 at 09:43
  • Your comment is incorrect. It IS a violation - please read the RFC's I cited - and it is NOT done within Route 53, and I worked directly with AWS Support to setup what I needed to get done, specifically because AWS does not allow it because it violates those RFC's. – DrStrangepork May 05 '15 at 18:51
  • I am entirely familiar with those RFCs. Alias records were specifically created to allow behavior similar to what a `CNAME` can do, while not violating the RFCs. Aliases do not *return* a pointer; they use the pointer to return the intended answer. You're telling me that the service doesn't do what the documentation says (even though I use it for *exactly* this application in hundreds of domains hosted in Route 53, with dozens of ELBs, CloudFront, and S3), or that it shouldn't be used for it's intended purpose? – Michael - sqlbot May 05 '15 at 22:37
  • If you aren't using Route 53 to host your DNS, then, yes, you have a complicated problem and may well have had to involve AWS support, because without Route 53, you're correct -- this can't be done (or, if you have a badly behaving DNS host that lets you do it in spite of the violation, it *shouldn't* be done. With Route 53 as your authoritative DNS host, it's trivial, and violates nothing. http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html – Michael - sqlbot May 05 '15 at 22:39
  • No, the domains in question are all hosted in Route 53. When I posted this question, the example I gave was not an option in Route 53, as in the console would generate an error when attempting to set a CNAME of foo.bar to ANYTHING, because it was a apex-level domain. I opened a ticket with AWS Support and was told that the console generated the error specifically because of those RFC violations. My text in italics was copied and pasted directly from the email they sent me explaining the violation. – DrStrangepork May 07 '15 at 00:12
  • If things have changed since I posted this question, then this answer no longer applies. I certainly wish this had been the case at the time, because it would have been much easier to manage these domains had CNAMEs been allowed on apex-level domains. – DrStrangepork May 07 '15 at 00:13
  • `CNAME`s are not allowed at the apex, because as you have pointed out (and I agree), *that* violates the standards. `ALIAS` records are not necessarily `CNAME`s -- they can be, and (for me) usually are, `A` records, and as such they are allowed anywhere in the zone, including the apex, and provide an equivalent effect, but use a different mechanism, avoiding that violation. – Michael - sqlbot May 07 '15 at 03:28
  • Maybe my original answer should have included some additional background... You start out in Route 53 like you're going to create an `A` record at the apex (or for any hostname you enter), but then click "Yes" next to "Alias." Then you either enter or select the ELB/S3/Cloudfront *hostname* in the box (which will eventually auto-populate itself with all valid choices, but it's usually a little slow the first time). Now what you have is an `ALIAS` `A` record, but no visible/editable static value. Route 53 answers queries for this with the answer from the target, which it internally knows. – Michael - sqlbot May 07 '15 at 03:33