How to manually add dns entries to hosted zone managed by AWS ECS service discovery?

Question

I am using service discovery for containers in AWS ECS, for a private hosted zone staging.example.com..

Now, next to containers I would like to map an AWS RDS database to db.staging.example.com. However, I cannot modify the Route53 hosted zone, as AWS denies me access because the zone is managed by service discovery

AccessDenied: The resource hostedzone/*** can only be managed through servicediscovery.amazonaws.com (***)

Any advice on how I can accomplish my custom subdomain is greatly appreciated. There is also Cloud Map and App Mesh as AWS services with similar goals regarding dns management, but I could not find any documentation regarding my scenario.

Answer 1

It turns out, AWS Service Discovery uses Cloud Map API to fulfill its service. It registers containers in the hosted zone by adding SRV entries, which refer to A entries and specific ports. This means, your clients need to understand those SRV entries as they will not get A entries straight away when performing dns lookups. Curl, for example, does not understand SRV entries.

Therefore, I returned to using ECS with automatic load balancer registration. Then, ECS will register new services in a target group which was previously mapped in a load balancer's listener. DNS entries are then managed completely independent, by adding some alias entries which point to the load balancer, while others like the db.staging.example.com entry aliases the RDS databases endpoint.

Since you can have ECS services register themselves in multiple target groups, you can also use multiple load balancers, e.g. one for public access and one only accessible within your VPC.