1

I have been using AWS Route-53 as dns service for my application and say in my code, for every http request I have a requirement of creating some dynamic sub-domains and point it to the new ec2 instance that gets created on fly.

Any one should now be able to use the newly created sub-domain to make requests to the newly created ec2 instance.

I knew I could use wildcard dns record, but does it not just point to one single IP?

How could I make every sub-domain that was created to always point to the new ec2 instance?

Jaykishan
  • 21
  • 1
  • 4

2 Answers2

1

traefik is exactly what I needed. I configured traefik with etcd as it's provider and just by making entries to etcd server, I could achieve what I wanted.

Now I just have a wild card domain mapped to an ec2 instance on which I run traefik which watches etcd server for any new entries with /traefik/ as it's prefix. It then dynamically generates new configuration and takes care of routing any request to the destination server based on the HOST header.

Jaykishan
  • 21
  • 1
  • 4
0

Create an A record of *.example.com and assign the value to the IP address.

If any sub domain does not have an explicit record it will default to this record.

Possible solutions for auto adding DNS record.

  • When creating an EC2 instance add a tag of the domain name(s) that should be assigned to resolve to this instance. Have CloudWatch event detect "StartInstance", then trigger a Lambda to add DNS record via API.
  • Write a proxy that can determine the IP address to use for each subdomain. Or instead have it manually added through some kind of automation (SSM/Ansible).
Chris Williams
  • 32,215
  • 4
  • 30
  • 68
  • 1
    So, in my code every time I create a new ec2 instance, should I also create a new explicit record of the sub-domain with the IP of the new ec2 instance? – Jaykishan Jun 03 '20 at 21:04
  • Yes that would be needed for additional hosts – Chris Williams Jun 03 '20 at 21:10
  • 1
    I was hoping to just make a wild card dns entry with a ec2 instance (IP address), lets call is X to match any sub-domain, and somehow figure what's the correct IP for the requested sub-domain inside X. Is there anyway by which we can achieve this? – Jaykishan Jun 03 '20 at 21:16
  • This would not be native to any DNS. solution. You'd have a couple of possible solutions, I have added these to the comment. – Chris Williams Jun 04 '20 at 06:08
  • 1
    Could you please elaborate more on the 2nd solution? – Jaykishan Jun 04 '20 at 17:27
  • For this solution you'd want to look at proxy software such envoy, haproxy or nginx. Dependant on your choice you'd want to use an automation tool such SSM executing an ansible playbook to generate the configuration of your domain name to ec2 ip mapping on your proxy host. – Chris Williams Jun 04 '20 at 17:30
  • 1
    Are you suggesting to have let's say a nginx as proxy for the wildcard dns, and have ansible playbooks to add server block configurations with the new sub-domain and instance ip address as proxy_pass to the nginx.conf file? – Jaykishan Jun 04 '20 at 17:46
  • Yes this would be the alternative to get a wildcard domain workng – Chris Williams Jun 04 '20 at 17:49
  • No problem glad I could help – Chris Williams Jun 04 '20 at 17:53
  • I am having trouble in getting this done. Let's say I have created sub domain and a A-record that maps the domain to the new ec2 instance, now I have to worry about having to enable ssl termination on it. It wouldn't be wise to enable ssl on every newly created ec2 instance. So I was hoping to use aws load balancer to serve this purpose, but how does the load balancer know what ec2 instance to route this request to given a domain name? – Jaykishan Jun 08 '20 at 20:06
  • If you're using a load balancer you'd create a seperate target group for each host, and use advanced routing to route the target request. Howevere there are limits to rule evaluation based on how many unique hosts: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html – Chris Williams Jun 08 '20 at 20:12
  • What would be the best practice to make this happen? I meant enabling ssl for every new domain that is added dynamically. – Jaykishan Jun 08 '20 at 20:18
  • You’d have to add the SSL to the ACM certificate for load balancer, the add it to the listener. But you’re limited to 10 domains on a single ACM cert I believe – Chris Williams Jun 08 '20 at 20:53
  • Can we not just create one ssl cert for all subdomains? – Jaykishan Jun 09 '20 at 13:37
  • If they're all subdomains then yes, you can use `*.example.com`. I misunderstood that they were seperate domains :) – Chris Williams Jun 09 '20 at 13:38
  • Do I still have to create a target group for each sub-domain? or is there any work arounds for that? – Jaykishan Jun 09 '20 at 14:32
  • Well its a target group per routable traffic, everything in the target group will have the same traffic forwarded to it. – Chris Williams Jun 09 '20 at 14:44