How does the Route 53 Resolver share endpoints across multiple accounts and VPCs?


I want to use Amazon Route 53 as my DNS for both AWS and on-premises (both inbound and outbound). I have multiple accounts and VPCs. Does setting up the Route 53 Resolver for my use case require creating multiple endpoints, that is 1/2 per each VPC on each account?

I see the following on the Route 53 pricing page:

A Route 53 resolver endpoint includes one or more IP addresses. Each IP address corresponds to one elastic network interface (ENI). A single endpoint can be shared by multiple VPCs across multiple accounts within the same region.

How is a single endpoint shared across multiple accounts? Is this related to private hosted zones and VPC associations? What's the best practice that I can follow for my use case?

asked 5 years ago3377 views
1 Answer
Accepted Answer

In most cases, you need only a single set of outbound and inbound endpoints between multiple accounts or VPCs. You need to use RAM for the sharing process. You don't actually share the endpoints themselves, but rather the Resolver rules and the ability to use outbound endpoint to forward requests defined by those rules to on-premises. The inbound endpoint is not shared. For the inbound endpoint, you just need to make sure that the VPC that hosts the endpoint has connectivity to on-premises. If you have a private hosted zone that needs to be resolved from on-premises, you need to associate that zone with the same VPC that hosts the inbound endpoints.

answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions