How to create a subdomain Hosted Zone using Cloud Formation

Question

I'd like to create a Route53 Hosted Zone for a subdomain and NS record to parent domain.

Let's say I have:

example.com

and I want a hosted zone for subdomain:

build.example.com

Hosted Zone creation works:

ClusterHostedZone:
  Type: "AWS::Route53::HostedZone"
  Properties:
    Name: !Ref DomainName
    HostedZoneConfig:
      Comment: Managed by Cloud Formation
    HostedZoneTags:
      - Key: KubernetesCluster
        Value: !Ref KubernetesCluster

Delegating responsibility for the subdomain don't:

ParentHostedZoneClusterRecord:
  Type: "AWS::Route53::RecordSet"
  Properties:
    Name: !Ref DomainName
    Comment: Managed by Cloud Formation
    HostedZoneId: !Ref ParentHostedZoneID
    TTL: 30
    Type: NS
    ResourceRecords: !GetAtt ClusterHostedZone.NameServers

This is not implemented and I don't know how to get this information:

ResourceRecords: !GetAtt ClusterHostedZone.NameServers

Is this simple feature just missing in Cloud Formation?

Would RecordSetGroup be a solution? http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordsetgroup.html — masterforker, Dec 09 '16 at 21:39
Sorry, but I fail to see how that would help. Could you elaborate? — Paweł Prażak, Dec 09 '16 at 22:36
am I correct in understanding that you want to associate a bunch of aliases under your hosted zone? — masterforker, Dec 09 '16 at 23:22
As is stated in the title, I'm creating a hosted zone for a subdomain, a very common user case — Paweł Prażak, Dec 10 '16 at 15:02
Thanks for the clarifying edit but I still don't understand your question completely. Is the `example.com` Hosted Zone in Route53, or is it somewhere else? If Route53, what is your use-case for needing a separate hosted zone for `build.example.com` with matching name servers, rather than simply using the `example.com` Hosted Zone? Also, in the example code, what are the values of `DomainName` (`build.example.com`, or `example.com`, or something else) and `ParentHostedZoneID`? You might be able to accomplish what you need with DelegationSets via Custom Resources but it's not entirely clear. — wjordan, Jan 23 '17 at 16:01
I was aiming for this: http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingNewSubdomain.html — Paweł Prażak, Jan 23 '17 at 17:17

Chemary · Accepted Answer · 2017-07-10T14:12:08.387

6

This is working for my, maybe your template is not working because you do not specify DependsOn and resources are not created in order.

stagingHostedZone:
    Type: 'AWS::Route53::HostedZone'
    Properties:
        HostedZoneConfig:
            Comment: Hosted zone for staging environment
        Name: staging.example.com

nsRootHostedZoneRecordSet:
    Type: 'AWS::Route53::RecordSet'
    Properties:
        HostedZoneId: Z25*********
        Name: staging.example.com.
        Type: NS
        TTL: '900'
        ResourceRecords: !GetAtt stagingHostedZone.NameServers
    DependsOn:
        stagingHostedZone

edited Jul 10 '17 at 14:12

answered Jul 10 '17 at 12:47

Chemary

1,304
12
18

look like AWS added features since January – Paweł Prażak Aug 04 '17 at 06:54
This fails with "Attribute 'NameServers' does not exist". – Rich C Sep 30 '20 at 19:31
[Docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-hostedzone.html#aws-resource-route53-hostedzone-return-values-fn--getatt) show a GetAtt call should work. – Rich C Sep 30 '20 at 20:05

Paweł Prażak · Answer 2 · 2017-09-22T11:02:03.617

2

I confirmed with an AWS employee it was not possible around January 2017.

Even with a custom lambda it was not possible until April due to:

~~In AWS CloudFormation, you can't create records of type NS or SOA.~~

Now it looks like the behavior is different:

Specifically, you can't create or delete NS or SOA records for the root domain of your hosted zone, but you can create them for subdomains to delegate.

Getting name servers from a hosted zone is [now possible], I've tested it.(http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-hostedzone.html#w2ab2c21c10d825c11)

The only limitation I was not able to overcome was cross-account Hosted Zones relations/modifications, but it should be doable with enough CF/Lambda magic.

edited Sep 22 '17 at 11:02

answered Jan 23 '17 at 13:42

Paweł Prażak

3,091
1
27
42

This is false. The link above does NOT say you can't create NS records, it specifically says you CAN create them for subdomains: "In AWS CloudFormation, you cannot modify the NS and SOA records for a hosted zone created automatically by Amazon Route 53. Specifically, you can't create or delete NS or SOA records for the root domain of your hosted zone, but you can create them for subdomains to delegate. For example, for hosted zone mydomain.net, you cannot create an NS record for mydomain.net but you can create an NS record for nnnn.mydomain.net for delegation." – Fo. Jul 27 '17 at 15:45
If you could provide an example stack, that would be appreciated – Paweł Prażak Jul 27 '17 at 15:49
Have a look at this stack: https://github.com/ConradIrwin/aws-name-server/blob/master/cloudformation-template.json – Fo. Jul 27 '17 at 16:26
@Fo. this is a entirely different use case, in your example the NS record values are taken from EC2 instance, that's not applicable in my use case – Paweł Prażak Aug 04 '17 at 06:33
@Fo. second thing is that it looks like the implementation and documentation changed slightly, I'll edit to correct that – Paweł Prażak Aug 04 '17 at 06:35

wjordan · Answer 3 · 2016-12-22T19:01:53.903

To add a Hosted Zone for a subdomain, you should be able to create it similar to the existing Hosted Zone described, just changing the Name property to the subdomain.

However, based on your question it sounds like you're actually trying to add a Record Set for a subdomain (so build.[DomainName] resolves to your cluster), not a separate Hosted Zone.

To add a Record Set for a subdomain, you want to specify 'build.[DomainName]' as the Name of your subdomain's RecordSet, and use an A record specifying the target IP address for your subdomain (or a CNAME specifying the 'canonical' domain name), not an NS record:

ParentHostedZoneClusterRecord:
  Type: "AWS::Route53::RecordSet"
  Properties:
    Name:
      Fn::Join: [".", ["build", !Ref DomainName]]
    Comment: Managed by Cloud Formation
    HostedZoneId: !Ref ParentHostedZoneID
    TTL: 30
    Type: A
    ResourceRecords: [!Ref KubernetesClusterIp]

I want to add `NS` record to parent domain, Hosted Zone creation is simple, it's the parent-to-child delegation that I can't do with CF — Paweł Prażak, Jan 19 '17 at 17:58

How to create a subdomain Hosted Zone using Cloud Formation

3 Answers3