This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Using Route53

Using Route53

Eucalyptus Route53 is an integrated Domain Name System (DNS) web service. Route53 allows end users to access your cloud resources using names that you control.

Route53 seamlessly connects user requests to Eucalyptus controlled infrastructure – including EC2 instances, Elastic Load Balancers, and S3 buckets – it can also be used to route users to external infrastructure.

1 - Route53 Concepts

This section describes the important concepts for the Route53 service and for Domain Name System (DNS)

Public and Private Hosted Zones

A public hosted zone describes how to route traffic for a public domain, such as example.com, and its subdomains. Information in a public hosted zone is available to anyone that can connect to your Eucalyptus deployment.

A private hosted zone describes how to route traffic for a domain and its subdomains within a VPC managed using Eucalyptus EC2 VPC service. Private zones are useful for repeatable deployments using well-known names.

Resource Record Sets

After you create a hosted zone for your domain, such as example.com, you create resource record sets to tell the Domain Name System (DNS) how to route traffic for that domain.

For example you would create an A record to map the name resource.example.com to the public IP address of an EC2 instance.

DNS Concepts

Important concepts related to underlying DNS functionality are:

  • Alias : An alias connects a name to a cloud resource such as an Elastic Load Balancer
  • CName : A CNAME resource record redirects to another name. CNAMES are often used with S3 buckets.
  • IP Address : An A resource record maps a name to an IP address used to access a resource such as an EC2 instance.
  • TTL : The Time To Live (TTL) of a resource record is important for controlling how long clients can cache DNS information.

2 - Route53 Usage

This section describes some options for access to the Route53 service and shows some example usage.

Using the AWS CLI

The AWS CLI can be used to access Route53. Use of the Eucalyptus AWS CLI plug-in is assumed in these examples.

To list hosted zones:

# aws route53 list-hosted-zones
HOSTEDZONES	e001e659-32ac-4fd5-b45a-f7e6d6420f9b	/hostedzone/ZAAW4ODX2K7WOL	subdomain.example.com.	3
CONFIG	Private zone for subdomain.example.com in vpc-837bc081de161f8c0	True

To list resource records for a hosted zone:

# aws route53 list-resource-record-sets --hosted-zone-id ZAAW4ODX2K7WOL
RESOURCERECORDSETS	alias.subdomain.example.com.	0	A
RESOURCERECORDSETS	cname.subdomain.example.com.	300	CNAME
RESOURCERECORDS	name.subdomain.example.com
RESOURCERECORDSETS	name.subdomain.example.com.	300	A
RESOURCERECORDS	10.20.30.43

The AWS CLI can be used to create and delete hosted zones and to change resource record sets.

Using CloudFormation

A CloudFormation template can be used to manage Route53 resources. The following template is an example showing the:

  • AWS::Route53::HostedZone
  • AWS::Route53::RecordSet
  • AWS::Route53::RecordSetGroup

CloudFormation resources:

AWSTemplateFormatVersion: 2010-09-09
Description: >-
    Route53 private HostedZone

Parameters:

  Vpc:
    Description: The VPC to create the Zone for
    Type: String

  Zone:
    Description: The zone to create
    Type: String
    Default: example.com

Resources:

  MyHostedZone:
    Type: AWS::Route53::HostedZone
    Properties:
      Name: !Ref Zone
      HostedZoneConfig:
        Comment: !Sub "Private zone for ${Zone} in ${Vpc}"
      VPCs:
        - VPCId: !Ref Vpc
          VPCRegion: !Ref AWS::Region
      HostedZoneTags:
        - Key: example-tag
          Value: !Ref Zone

  MyRecordSet:
    Type: AWS::Route53::RecordSet
    DependsOn: MyHostedZone
    Properties:
      HostedZoneName: !Ref Zone
      Name: !Sub "name.${Zone}"
      ResourceRecords:
        - "10.20.30.43"
      TTL: 300
      Type: A

  MyRecordSetGroup:
    Type: AWS::Route53::RecordSetGroup
    DependsOn: MyHostedZone
    Properties:
      HostedZoneName: !Ref Zone
      RecordSets:
        - Name: !Sub "cname.${Zone}"
          ResourceRecords:
          - !Sub "name.${Zone}"
          TTL: 300
          Type: CNAME
        - Name: !Sub "alias.${Zone}"
          Type: A
          AliasTarget:
            DNSName: !Sub "name.${Zone}"
            EvaluateTargetHealth: no
            HostedZoneId: !Ref MyHostedZone

Outputs:

  HostedZoneId:
    Description: The identifier for the private hosted zone
    Value: !Ref MyHostedZone

The output for the stack will show the identifier for the hosted zone.

3 - Route53 Delegated Subdomain

When using Route53 the Hosted Zone is often a subdomain for a domain managed using external DNS. In this case the external DNS must be updated to delegate management of the subdomain to your hosted zones name servers.

Hosted Zone Name Servers

When you create a public Hosted Zone in Eucalyptus it will be allocated some nameservers. You can use the AWS CLI to determine the Name Servers for your zone:

# aws route53 list-hosted-zones
HOSTEDZONES	87a20e2b-f835-4775-a6ad-16f14033668a	/hostedzone/ZAAKJGJPMUHV32	subdomain.example.com.	2
CONFIG	False
#
# aws route53 list-resource-record-sets --hosted-zone-id ZAAKJGJPMUHV32 --query "ResourceRecordSets[?Type == 'NS']"
subdomain.example.com.	900	NS
RESOURCERECORDS	ns1.mycloud.example.com.

To discover the nameservers, first list the hosted zone to find the identifer and then pass the identifer to list-resource-record-sets. The example above uses a query to output only the NS information.

External Name Server records

The external DNS should be updated to add a Name Server NS record and a corresponding A record to map that name to an IP address:

subdomain.example.com	    NS	ns1.mycloud.example.com.
ns1.mycloud.example.com	A	1.X.Y.123