- Newest
- Most votes
- Most comments
The only way to do this is to chain two cdk deploys. One to create the alb in gov cloud, capture the dns name of the alb and use this url as an input in the next deploy to create a CloudFront distribution in the standard AWS account.
The caveat is that the TLS handshake through CloudFront is failing. I can access the alb directly but curling the distribution throws a handshake failure. Tried with TLS 1.2 and TLS 1.1
Private hosted zones can not be resolved over the internet.
Private hosted zones can only be resolved internally within the VPC it’s attached to.
If you need to be able to resolve the records externally (the internet) outside of the VPC then the zone needs to be public.
Of course with your delegated tracing you will be able to resolve the NS records you have defined for the subdomain however you will not resolve the records from the subdomain as the zone is private.
Relevant content
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
This article:
https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/setting-up-route53.html
describes a procedure to link a public hosted zone to resources in govcloud. By definition, all resources in govcloud are in private hosted zones, to expose these a cross account public hosted zone is required.
Itv seems that delegation is not allowed and hardwiring across route53 of albs is the only way to go
Your correct. You will need to create all the records in a public zone in your account to resolve to resources in The gov resource account. You can’t delegate a subdomain for gov domain
The CDK has the option to set the domain zone for the ALB. If govcloud resources need create a record in a public hosted zone in another account. How does this happen from CDK?
CrossAccountZoneDelegationRecord reads like useful but I am not sure how ApplicationLoadBalancedFargateService can use this construct if it only takes a hosted zone in the domainZone method of the builder.