2

I have a cloudformation script in AWS that creates an EC2 instance, with some firewall rules, S3 mappings and other stuff.. and I create a DNS record in route53 for the public ip of the instance, this works well.

Now I need to create another record in DNS of the internal ip of the host (for internal use, so that other instances can talk to this instance without going via the public ip).

I have not found a way to do this. is it possible? does anyone have an example cloudformation script?

Sverre
  • 753
  • 2
  • 12
  • 23

3 Answers3

5

It is possible, but you need to setup a "Private Hosted Zone", as described in this article Access an Internal Version of your Website Using the Same Domain Name | Amazon AWS Support then adapt the following cloudformation to meet your needs

"myDNSRecord2" : {
    "Type" : "AWS::Route53::RecordSet",
    "Properties" : {
        "HostedZoneId" : "Z3DG6IL3SJCGPX",
        "Name" : "mysite.example.com.",
        "Type" : "A",
        "TTL" : "900",
        "ResourceRecords" : [{
            "Fn::GetAtt" : [ "MyInstance", "PrivateIp" ]
        }]
    }
}
David Filiatrault
  • 543
  • 3
  • 9
  • the thing is that I do not know what my private ip will be yet, it depends, after the cloud formation script is done. – Sverre Jan 24 '18 at 13:58
  • You can replace the hardcoded "192.168.0.x" occurrences with Cloudformation references which return the PrivateIPs of the instances/resources created by Cloudformation. – David Filiatrault Jan 25 '18 at 15:02
  • yes, I found out how to do that eventually, thanks for you help. I give you an upvote also for partial help. – Sverre Jan 26 '18 at 17:07
1

Create a Private Hosted zone in a separate Cloudformation script and output the Route53 Zone ID.

Use that Private zone ID as a param in the EC2 creation Cloudformation script. Create a Resource record type, with the Zone ID as a param, and Ref the Private IP address of the EC2 Instance.

Same thing can be done with the Public, but I would create an ENI for that if you are not going to use an ELB.

Creating a resource record with CFN

strongjz
  • 832
  • 4
  • 7
0

after a few days of asking, testing, and trying, I came across a solution from a nice guy at Reddit. the complete solution to my problem is the following:

    "myInternalIPHostRecord": {
        "Type": "AWS::Route53::RecordSet",
        "Properties": {
            "HostedZoneId": {
                "Ref" : "HostedZoneId"
            },
            "Comment": "Internal DNS name for my instance.",  
            "Name": {
                "Fn::Join": [
                    "",
                    [
                        "internal",
                        ".",
                        {
                            "Ref": "DNSEnvironment"
                        },
                        ".",
                        {
                            "Ref": "HostedZoneName"
                        },
                        "."
                    ]
                ]
            },
            "Type": "A",
            "TTL": "120",
            "ResourceRecords": [
                {
                    "Fn::GetAtt" : [ "MyInstance", "PrivateIp" ]
                }
            ]
        }
    }

the new part for me was the Fn::GetAtt to retrieve the "PrivateIP" from my instance, I did not find a way to do that before I got some help. otherwise this was exactly like the public ip record was created (and which is well documented before for example here: (and I see now that it uses Fn::getAtt, not sure why I did not get this myself).

Sverre
  • 753
  • 2
  • 12
  • 23