Questions tagged with Amazon Route 53
Content language: English
Sort by most recent
Hi,
I am trying to setup Lambda functions with API Gateway as the trigger. I'll be making external API calls from the functions and I need my IP to be allowlist with the provider, so it should be static. I also need to provide them the hostname from where the API calls will originate from, so the API gateway will be using custom domain. I have the domain registered on Godaddy and for this API Gateway, I want to use a subdomain.
At the moment, what I have done is:
1. Created a VPC Endpoint with subnets in all the availability zones in the region.
2. Created a private Rest API and assigned the above VPCE to it.
3. Created the same number of Elastic IPs as the availability zones.
4. Requested a new certificate from ACM for the subdomain, put the CNAME records on GoDaddy and got the certificate issued.
5. Created a Target Group with IP as target type, TLS as protocol and HTTPS as health check protocol and registered the default subnet's IPs of each availability zone. I used 403 as the health check status expected as this will be the status when the API will be invoked using NLB's DNS for health checks. The health check comes out to be positive.
5. Created Internet Facing, IPv4 Network Load Balancer. The listener was setup with TLS as the protocol. I assigned the above created EIPs to this load balancer and the above generated certificate too.
At this point, I am successfully able to invoke the private API Gateway using the NLBs domain. However, I get a security warning because the domain for which the certificate was issued for is not being used to invoke the API. I created a Custom domain for the API and assigned the same certificate to it as well. But still, I get the same warning on the client side. And if I try to invoke the API with the custom domain name, I get no response at all because the name does not get resolved.
If I had my domain registered on AWS Route 53, I would've been able to create an Alias record that pointed to the NLB. Can I still do this with external registrar and will this even do anything for me?
Can somebody please guide me what needs to be done to get this working? Really appreciate it & thanks in advance.
PS. Sorry for the long detail if it's unnecessary.
I moved my domain to a service outside of AWS. I deleted the Route53 Hosted Zone with the DNS entries for my domain. However when I do a DNS Lookup on the domain, it still resolves to the two Amazon IPs that contain it in an A record. It's been a few days now and the TTL is set to 600 seconds but AWS won't release those DNS entries. Does anyone have any idea why this is happening? I have zero resources related to that domain that exist anymore.
Any ideas why these are still populated?
nslookup my-domain.com
Server: 172.17.160.1
Address: 172.17.160.1#53
Non-authoritative answer:
Name: my-domain.com
Address: 15.X.X.X (AWS IP)
Name: my-domain.com
Address: 3.X.X.X (AWS IP)
I have registered a domain name through Amazon and set up a public hosted zone in Route53. Was able to query records successfully over the internet but that has stopped. My zone is still in Route53 and appears to have the correct records. I followed the diagnostics suggested [here](https://aws.amazon.com/premiumsupport/knowledge-center/route-53-fix-dns-record-resolution/) and see that the whois records correctly indicate that Amazon is the registrar and there is a match between the whois and Route53 the name server records but when I run a `dig +trace privatedataservices.com` the connection between the .com nameservers and amazon is absent.
I don't believe I've done anything wrong but my Route53 zone isn't queryable. How should I proceed?
I have a duplicate website the www. and the nacked version. I would like to redirect all traffic to the nacked link www to non-www traffic. I have updated the .htaccess file but it doesn't work.
Coding used:
RewriteEngine Enabled
RewriteRule ^(.*)$ http://www.example.com [NC]
RewriteCond %{HTTP_HOST} ^example.com/$1 [L,R=301]
It seems that changes to the .htaccess in Apache are handled differently... And the edits are not applied.
Could you advise me on how to handle the www to non-www redirection?
Hello all,
I transferred a registered domain from bluehost to aws and its worked smoothly, but seems i cannot move the zone into a route 53 hosted zone!, i created one, changed the nameserver on registered domain section in route53 to use aws ns, but seems its still resolving from bluehost, how can i make sure that my registered dns is using 53 hosted zone, not the blue host dns ? , thanks.
Hello there; I'm a
I'm a student at bootcamp and I need this domain to follow the topics, I guess it didn't allow me to protect my account. Can you help me open and get a domain name? my english is not good please help me i have class on the weekend she has to catch up
Thank you
"This site can’t be reached " -> Using Lightsail with a wordpress instance and a Route53 Domain Name
Hi all,
Firstly wordpress is running fine on the static ip assigned but I cannot get my Route53 Domain to point successfully at the static ip - I am stuck in Name Server difficulties.
Ive actually spent nearly 3 days trying to figure this out, watching videos, checking support, looking at stack overflow and am actually pretty sick of it all
Im still very confused here are the steps I am taking
* USING a Domain name which was registered by Route53
* No Hosted Zones in Route 53
* Created Lightsail DNS Zone
* Copied 4 Lightsail DNS Name Servers
* Pasted 4 Lightsail DNS Name Servers in the Registered Domain Name Servers
* Assigned Static ip currently running wordpress instance
* Checked both http and https and www, and root Domain
* Response is This site can’t be reached / DNS_PROBE_FINISHED_NXDOMAIN
All help gratefully received
Hello there; I'm a
I'm a student at bootcamp and I need this domain to follow the topics, I guess it didn't allow me to protect my account. Can you help me open and get a domain name? Thank you
# Problem
I created a Route 53 zone with the following code:
```lang-ts
this.apiV2Zone = new PublicHostedZone(this, "ApiV2", {
zoneName: "api-v2.example.com"
});
```
The zone was created as expected, but I noticed the `TTL` attribute for the `NS` record was set to `172800` (2 days).
This is a bit high at the moment, because I'm just experimenting - setting the `TTL` lower won't cost me much for now.
But, how do I go about seting the `TTL` of the `NS` record with the CDK?
---
# What I've tried
I tried to force the `NS` record myself with:
```lang-ts
let target = RecordTarget.fromValues(
...this.apiV2Zone.hostedZoneNameServers ?? [] );
const recordSet = new RecordSet(this, 'ApiV2Ns', {
recordType: RecordType.NS,
target,
zone: this.apiV2Zone,
deleteExisting: true,
recordName: this.apiV2Zone.zoneName,
ttl: cdk.Duration.minutes(10),
});
```
But that failed on deploy with:
```
Received response status [FAILED] from custom resource. Message returned: InvalidChangeBatch
: [A HostedZone must contain at least one NS record for the zone itself.]
```
Also tried with `deleteExisting: false` but that failed too because it was duplicating the existing `NS` record.
---
# Workaround
Set it manually in the AWS console. Doesn't seem to cause any change to be reported when I do a CDK `diff`.
---
https://stackoverflow.com/questions/75217593/cdk-how-to-set-the-ttl-of-the-ns-record-for-a-route53-publichostedzone
I have read every ounce of documentation I could find related to this topic. I've been using the boto3 Python client to work with AWS to register a new domain and verify it to be used with the AWS Simple Email Service (SES).
This is an entirely painless task in just a few clicks with the GUI:
And I thought, reading the [SES boto3 documentation](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ses.html), I could achieve the same thing via API with the Python client.
But nothing happens. I get no error. No indication appears in the GUI that the verification is pending (the way it does when done through the GUI). Even after 72 hours, nothing changes. But when I do it in the GUI, it works pretty quickly, so presumably I just missed some important API step.
%pip install boto3 # a Jupyter-ism
import boto3
import time
class Domain:
# AWS Route 53 Domains Documentation:
# https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/route53domains.html#Route53Domains.Client.get_operation_detail
def __init__(self, static_domain=False): # identity: Identity
self.client = boto3.client('route53domains')
if static_domain:
domain_list_response = self.client.list_domains()
print(domain_list_response)
domain_owned = False
for domain in domain_list_response['Domains']:
if domain['DomainName'] == static_domain:
domain_owned = True
if domain_owned:
print('Domain already owned...')
self.name = static_domain
else:
availability_response = self.client.check_domain_availability(
DomainName=static_domain
)
first_name = 'First' # identity.fname
last_name = 'Last' # identity.lname
org_name = 'Testing123' # identity.org
address = '123 Testing Drive' # idenity.addr
city = 'TestingCity' # identity.city
state = 'TestingState' # identity.state_code
country = 'US' # identity.country_code
zip_code = '12345' # identity.zip_code
phone = '+1.1234567890' # identity.phone
email = f'admin@{static_domain}'
if availability_response['Availability'] == 'AVAILABLE':
print('Domain available...')
registration_response = self.client.register_domain(
DomainName=static_domain,
DurationInYears=1,
AutoRenew=False,
AdminContact={
'FirstName': first_name,
'LastName': last_name,
'ContactType': 'PERSON',
'OrganizationName': org_name,
'AddressLine1': address,
'City': city,
'State': state,
'CountryCode': country,
'ZipCode': zip_code,
'PhoneNumber': phone,
'Email': email
},
RegistrantContact={
'FirstName': first_name,
'LastName': last_name,
'ContactType': 'PERSON',
'OrganizationName': org_name,
'AddressLine1': address,
'City': city,
'State': state,
'CountryCode': country,
'ZipCode': zip_code,
'PhoneNumber': phone,
'Email': email
},
TechContact={
'FirstName': first_name,
'LastName': last_name,
'ContactType': 'PERSON',
'OrganizationName': org_name,
'AddressLine1': address,
'City': city,
'State': state,
'CountryCode': country,
'ZipCode': zip_code,
'PhoneNumber': phone,
'Email': email
},
PrivacyProtectAdminContact=False,
PrivacyProtectRegistrantContact=False,
PrivacyProtectTechContact=False
)
print(registration_response)
operation_id = registration_response['OperationId']
print(operation_id)
operation_detail_response = self.client.get_operation_detail(
OperationId=operation_id
)
print(operation_detail_response)
while operation_detail_response['Status'] == 'IN_PROGRESS':
time.sleep(10)
operation_detail_response = self.client.get_operation_detail(
OperationId=operation_id
)
print(operation_detail_response)
if operation_detail_response['Status'] == 'IN_PROGRESS':
print('Domain registration in progress...')
else:
print('Domain registration successful...')
else:
print('dynamic domain generation not yet supported')
class Inbox:
def __init__(self, domain, username: str):
self.client = boto3.client('ses')
self.domain = domain
self.username = username
self.address = f'{self.username}@{self.domain.name}'
print(f'Inbox ({self.domain.name}) ready...')
verify_domain_id_response = self.client.verify_domain_identity(
Domain=self.domain.name
)
print('verify_domain_id_response[\'VerificationToken\']', verify_domain_id_response['VerificationToken'])
print('')
domain_verified = False
while domain_verified == False:
get_identity_verification_attributes_response = self.client.get_identity_verification_attributes(
Identities=[
self.domain.name,
]
)
print('get_identity_verification_attributes_response', get_identity_verification_attributes_response)
print('')
for identity in get_identity_verification_attributes_response['VerificationAttributes']:
status = get_identity_verification_attributes_response['VerificationAttributes'][identity]['VerificationStatus']
if status == 'Success':
domain_verified = True
else:
print('Domain verification status:', status)
print('This could take up to 72 hours. Feel free to close this notebook and re-execute the code from this cell later. The process is happening on AWS\'s end and will not be interrupted. Once verified, re-executing the code won\'t reset the status, don\'t worry.')
time.sleep(100)
verify_domain_dkim_response = self.client.verify_domain_dkim(
Domain=self.domain.name
)
print('verify_domain_dkim_response[\'DkimTokens\']', verify_domain_dkim_response['DkimTokens'])
print('')
enable_id_dkim_response = self.client.set_identity_dkim_enabled(
Identity=self.domain.name,
DkimEnabled=True
)
print('enable_id_dkim_response', enable_id_dkim_response)
print('')
# ... snip ... code to create actual inboxes + send & receive emails
# from domain
print('Inbox verified...')
domain = Domain(static_domain='testing.com')
inbox = Inbox(domain=domain, username='admin')
Output:
{'Domains': [{'DomainName': '... snip ...', 'AutoRenew': False, 'TransferLock': False, 'Expiry': datetime.datetime(2024, 1, 21, 16, 51, 56, tzinfo=tzlocal())}], 'ResponseMetadata': {'RequestId': '... snip ...', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '... snip ...', 'content-type': 'application/x-amz-json-1.1', 'content-length': '104', 'date': 'Mon, 23 Jan 2023 02:31:27 GMT'}, 'RetryAttempts': 0}}
Domain already owned...
Inbox (... snip ...) ready...
verify_domain_id_response['VerificationToken'] ... snip ...
get_identity_verification_attributes_response {'VerificationAttributes': {'... snip ...': {'VerificationStatus': 'Pending', 'VerificationToken': '... snip ...'}}, 'ResponseMetadata': {'RequestId': '... snip ...', 'HTTPStatusCode': 200, 'HTTPHeaders': {'date': 'Mon, 23 Jan 2023 02:31:27 GMT', 'content-type': 'text/xml', 'content-length': '639', 'connection': 'keep-alive', 'x-amzn-requestid': '... snip ...'}, 'RetryAttempts': 0}}
Domain verification status: Pending
This could take up to 72 hours. Yes, really. Feel free to close this notebook and re-execute the code from this cell later. The process is happening on AWS's end and will not be interrupted. Once verified, re-executing the code won't reset the status, don't worry.
What am I missing here? Is what I'm trying to do a simple matter of something I missed in the documentation? Or is this not even viable purely via API in AWS? I suspect the former.
Maybe I need to handle the record assignment process manually with the Route53 API? I'd really appreciate an example of what that would like if so. Otherwise just a hint that this is a requirement, and that SES will not do it automatically like with the GUI functionality, would be helpful to know.
I'm having a problem with Amazon Workmail, emails sent from an external domain takes about 30 mins to be received, and from gmail for example it is received instantly. Also, when im send an email between users from the same WorkMail domain i get and error with this message "An error occurred while trying to deliver the mail to the following recipients:"
I have no rules set and my domain was acquired through route 53 and all the DNS records were updated automatically by Amazon
While trying to get the Authorization (EPP) code for transferring a domain from Route 53 to another vendor.
Transfer lock is disabled.
Domain name status code does not have a value?
Error when clicking on 'Get code':
> Sorry, but an unexpected error has occurred while getting your auth code. Please retry again. See system status for more information on current system status.