- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Hi, To configure Amazon Route 53 to resolve DNS records from a private hosted zone in an AWS VPN configuration involving several accounts, follow these steps:
- In Account B, where the private hosted zone is created, use the AWS CLI, SDK, or API to approve the association of the VPC in Account A with the private hosted zone. To do this, use the create-vpc-association-authorization command or the CreateVPCAssociationAuthorization action.
- In Account A, where the VPN endpoint is configured, use the AWS CLI, SDK, or API to associate the VPC with the private hosted zone. To do this, use the associate-vpc-with-hosted-zone command or the AssociateVPCWithHostedZone action.
- Configure the VPN endpoint in Account A to utilize the DNS IP address of the VPC in Account B as a custom DNS server. This enables VPN clients to resolve DNS entries from Account B's private hosted zone.
- After the association is complete, remove the authorisation to associate the VPC with the private hosted zone in Account B. This will prevent the VPC from being associated with the private hosted zone in the future. To do this, use the delete-vpc-association-authorization command or the DeleteVPCAssociationAuthorization action.
You can visit these resources for better clarity: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zone-private-associate-vpcs-different-accounts.html https://aws.amazon.com/blogs/architecture/using-route-53-private-hosted-zones-for-cross-account-multi-region-architectures/
Configure your vpn client dns server to be the VPC CIDR +.2 so that you are using your vpns vpc of which your client endpoints connect.
Then on each peering connection ensure cross peering DNS resolution is enabled. (Used for aws dns names like rds instances if needed)
Then for each private hosted zone in each account you want to resolve, you have to associate the phz to the vpn vpc.
https://repost.aws/knowledge-center/route53-private-hosted-zone
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor einem Jahr
Thanks for the information. I have four AWS accounts with private hosted zone. The question is what DNS IP address do I configure on the VPN endpoint?