Delegate Subdomain between two AWS Accounts using Route 53
Step-by-step guide on how to delegate Subdomain between two AWS Accounts using Route 53
This is specifically useful for Last9 BYOC deployments
Assumptions
- AWS Account A is the Primary Account
- AWS Account B is the Sub Account
example.comis an arbitrary domain used purely for easy understanding- You have enough permissions granted by your AWS Admin to add/modify Route53
Premise
To set up subdomain.example.com as a hosted zone in AWS Account B and extend it for internal usage (e.g., internal.subdomain.example.com), you need to delegate authority for the subdomain from AWS Account A to AWS Account B.
This process involves creating a new hosted zone in Account B for the subdomain and then updating the parent hosted zone in Account A to delegate DNS resolution to the nameservers for the subdomain in Account B.
Step-by-Step Procedure
Step 1: Create a Hosted Zone for the Subdomain in Account B
- Sign in to the AWS Management Console for Account B
- Create a Hosted Zone:
- Navigate to the Route 53 console
- Click on “Hosted zones” in the left navigation pane
- Click the “Create hosted zone” button
- Enter
subdomain.example.comas the domain name - Choose the type as “Public hosted zone” (or Private hosted zone for Amazon VPC if it's for internal usage)
- Click Create hosted zone
- Note the Nameservers:
- After the hosted zone is created, note the nameservers (NS records) provided by Route 53 for the new hosted zone. You will need these nameservers to delegate the subdomain from Account A
Step 2: Delegate the Subdomain from Account A to Account B
- Sign in to the AWS Management Console for Account A
- Navigate to the Hosted Zone for
example.com:- Go to the Route 53 console
- Click on Hosted zones in the left navigation pane
- Click on the hosted zone for
example.com
- Create NS Record for the Subdomain:
- Click Create record
- Choose Simple routing and click Next
- For Record name, enter
subdomain(to delegatesubdomain.example.com) - Choose Record type as NS - Name Server
- In the Value field, enter the nameservers for
subdomain.example.comprovided by Account B - Click Create records
Step 3: Create a Hosted Zone for Internal Usage in Account B
- Sign in to the AWS Management Console for Account B
- Create a Hosted Zone for
internal.subdomain.example.com:- Navigate to the Route 53 console
- Click on Hosted zones in the left navigation pane
- Click the Create hosted zone button
- Enter
internal.subdomain.example.comas the domain name - Choose the type as Private hosted zone for Amazon VPC
- Select the appropriate VPCs
- Click Create hosted zone
Verification
Public Subdomain Delegation:
-
You can verify that
subdomain.example.comis correctly delegated by using thedigornslookupcommands:dig ns subdomain.example.com
Internal Subdomain Resolution:
- For
internal.subdomain.example.com, ensure that your VPC's DNS settings are configured correctly and that Route 53 resolver endpoints are set up if necessary
Summary
- Create a hosted zone for
subdomain.example.comin Account B and note the nameservers - Delegate the subdomain from Account A to Account B by creating an NS record in the
example.comhosted zone in Account A pointing to the nameservers forsubdomain.example.comin Account B - (Optional) Create a hosted zone for
internal.subdomain.example.comin Account B for internal DNS resolution
Troubleshooting
Please get in touch with us on Discord or Email if you have any questions.