This article explains how to migrate a Route 53 hosted zone between AWS accounts automatically, filling the gap left by the lack of a native solution. The solution handles all constraints and replicates the manual migration process with precision.
Introduction
In today's cloud-driven world, DNS is key to directing traffic, ensuring availability, and enabling service discovery across distributed systems. Efficient DNS management is essential for maintaining operational excellence and agility in cloud infrastructure.
Whether consolidating resources after a merger, separating environments, or reorganizing AWS accounts, migrating Route 53 hosted zones can be complex due to the need for accurate DNS record export and import, precise JSON manipulation, handling record limits, reformatting incompatible records like traffic policies, and updating ALIAS records.
To overcome these challenges at scale, we developed a solution that simplifies the process by leveraging AWS SDK and CLI tools to automate the transfer of hosted zones and records, ensuring precision and reducing the risk of human error.
You can access the solution on the AWS Samples GitHub repository for immediate use.
This article explains how and why to use this solution, helping you efficiently transfer Route 53 hosted zones.
Why Use the Amazon Route 53 Hosted Zone Migrator?
- Automation: The solution automates hosted zone migration, saving time and effort when managing multiple DNS records or large-scale movements.
- Error reduction: Manual migrations are susceptible to errors, especially with record types like ALIAS or traffic policies. This solution automates handling these records, boosting accuracy.
- Supports both Public and Private Zones: Whether dealing with public or private hosted zones, the solution manages both seamlessly, handling VPC and region associations for private zones.
How to Use the Amazon Route 53 Hosted Zone Migrator
Here’s a step-by-step guide on using the solution, along with the required setup.
Prerequisites
Before running the solution, ensure the following:
-
AWS CLI: Installed or upgraded following the AWS CLI User Guide.
-
jq: Installed for JSON manipulation, you can download it from the official website.
-
AWS CLI Profiles: Configured for both source and destination accounts.
-
Permissions: Ensure appropriate permissions in both accounts to access and modify Route 53 hosted zones.
You can use the AmazonRoute53ReadOnlyAccess managed policy on the source account and the AmazonRoute53FullAccess managed policy in the destination account.
If you are working on private hosted zones, you will also need to ensure the appropriate VPC-related permissions (such as AmazonVPCFullAccess) are available in the destination account to associate the private zone with a VPC.
Migration Process Overview
The Amazon Route 53 Hosted Zone Migrator automates the following steps:
- Export Hosted Zone records: The solution exports DNS records from the source hosted zone into a JSON file.
- Create a new Hosted Zone: It creates an empty hosted zone in the destination account.
- Modify the exported JSON:
- Removes SOA and NS records, as these are automatically generated in the new hosted zone.
- Updates ALIAS records with the new HostedZoneID.
- Removes traffic policy instance records, saving them to a separate file for later reference.
- Split the JSON if needed: If the DNS records exceed AWS API limits (more than 1000 records or 32,000 bytes in total), the JSON file is split into parts.
- Check DNSSEC configuration: if the original hosted zone has DNSSEC enabled, the solution will notify you to disable it for safe migration.
- Import the records: The modified records are imported into the new hosted zone in the destination account.
- Update nameservers: For public zones, the solution outputs the new nameservers. You will need to update these in your domain registrar to activate the new hosted zone.
Example Usage
You can explore example usage by visiting the AWS Samples GitHub repository.
Handling Traffic Policy Instances
If your hosted zone contains traffic policy records, the solution will remove them from the import file and save them separately. You can manually recreate these records post-migration.
Dry Run Option
You can perform a dry run before executing the actual migration by using the following command:
% sh r53_migrator.sh —dry-run
This allows you to preview the migration steps without making any changes.
We strongly recommend that you perform a dry run and carefully examine the output migration steps before performing the actual migration.
Post-Migration Steps
After completing the migration, update the nameservers in your domain’s registrar for public hosted zones. This ensures DNS traffic is routed correctly to the new hosted zone.
Conclusion
The Amazon Route 53 Hosted Zone Migrator simplifies the process of migrating hosted zones between AWS accounts.
By automating the export, modification, and import of DNS records, the solution saves time and reduces errors.
You can download and start using the tool directly from the GitHub repository here: Route53 HostedZone Migrator
For further details, refer to the official Amazon Route 53 documentation.
Your feedback is invaluable, please feel free to share any thoughts or suggestions in the comments below or in the GitHub repository!