To associate an Amazon Route 53 private hosted zone with a Virtual Private Cloud (VPC) that belongs to a different AWS account, you need to follow these steps:
- Sharing VPC with Another Account: The owner of the VPC (the account where the VPC is created) needs to share the VPC with the account that owns the private hosted zone. This is done through AWS Resource Access Manager (RAM). The owner of the VPC can initiate the sharing process from the AWS Management Console, AWS CLI, or AWS SDKs.
- Accepting VPC Share: The owner of the private hosted zone (the account that owns the hosted zone) needs to accept the shared VPC. This is also done through AWS RAM. The owner of the private hosted zone can accept the share from the AWS Management Console or programmatically using AWS SDKs.
- Updating Hosted Zone: Once the VPC is shared and accepted, the owner of the private hosted zone can update the hosted zone to associate it with the shared VPC. This can be done using the AWS Management Console or AWS CLI.
Here’s a more detailed guide:
Sharing VPC with Another Account
Owner Account (VPC Owner)
- Navigate to the AWS Resource Access Manager (RAM) console.
- Choose “Resource shares” from the sidebar.
- Click “Create resource share”.
- Select “VPC” as the resource type.
- Specify the VPC you want to share and provide the AWS account ID of the account you want to share it with.
- Review the settings and create the resource share.
Accepting VPC Share
Recipient Account (Private Hosted Zone Owner)
- Navigate to the AWS Resource Access Manager (RAM) console.
- Choose “Resource shares” from the sidebar.
- You should see the shared VPC in the list. Select it.
- Click “Accept resource share”.
Updating Hosted Zone
Recipient Account (Private Hosted Zone Owner)
- Navigate to the Route 53 console.
- Choose the hosted zone that you want to associate with the shared VPC.
- In the VPC associations section, click “Edit”.
- Add the shared VPC to the associations list.
- Save the changes.
Considerations
- Permissions: Ensure that IAM permissions are appropriately configured to allow the necessary actions for sharing resources and updating the hosted zone.
- Networking: Verify that the necessary networking configurations, such as DNS resolution settings and routing, are correctly set up within the VPC.
- Monitoring and Troubleshooting: Regularly monitor the configurations and troubleshoot any issues that may arise with DNS resolution or connectivity between resources in the shared VPC and the hosted zone.
Once these steps are completed, the private hosted zone should be associated with the shared VPC from the other AWS account. Make sure to adjust permissions and configurations as necessary to ensure proper access and functionality.
