5

I have a route53 reusable delegation set in my AWS account A.

I want to use it now to create a route53 hosted zone in my AWS account B.

I can't figure out how to achieve this. Eventually I want to do it with terraform, but an aws-sdk or aws console example would also be fine, as long as it can be done.

Basically it comes down to how to use cross account aws resources.

AWS Account A

  • reusable delegation set (name-servers for example.com.)
  • hosted zone (with record sets for example.com and www.example.com)

AWS Account B

  • hosted zone (with record sets for customer.example.com)

Can anybody please help me?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Christine
  • 3,014
  • 2
  • 24
  • 34

1 Answers1

0

I don't really have an answer on the delegation set piece (and I'm not sure of your reasoning for this), but I think you'd have to create a new delegation set under the AWS account B with the same name servers that you have in AWS Account A.

Ultimately, I don't know what you're trying to achieve necessarily, but you could also create subdomains across accounts by creating customer.example.com as a hosted zone in AWS Account B, then take the name servers from that hosted zone and create a name server record in AWS Account A for customer.example.com. This allows you to manage the customer.example.com records in AWS Account B without having to assume a role in AWS Account A. AWS has documentation on this under creating a sub-domain without migrating the parent domain reference

You can definitely do this in terraform, but you'd also need to employ provider profiles in terraform or find another way to assume a role in account B (assuming your user ID is in Account A), I use a npm module assume-role (sorry I can't link it too I don't have enough reputation points) since terraform doesn't have native support for this outside of running terraform in an AWS instance.

This is also assuming you're going to want to create a number of records at customer.example.com. If you're only wanting to create an a-record for customer.example.com this is overkill.

Eric
  • 11
  • 2
  • Thanks @Eric. I would like to avoid having multiple delegation sets and rather find a way of using only the one in Account A in all other Accounts. I will have a look into assume-role, but would love you to explain a bit more about this option if you could. – Christine Aug 17 '16 at 19:37
  • What exactly are you hoping to accomplish with sharing the delegation set across accounts? The main reason for doing this is to maintain the same name servers across hosted zones. The other solution only makes sense If you're planning to create more than the client.example.com DNS Record (ie. you're trying to namespace specific records for a particular client, purely judging by the domain name), but you'd start by creating the client.example.com hosted domain in AWS Account B, then use the name servers for that domain to create a name server record under your example.com hosted domain in A. – Eric Aug 18 '16 at 15:16