Delegating Subdomain management in Route53

One of the common patterns in AWS setup is to use different “accounts” for different functions in the business.  These account then get “consolidated” when you’re charged (the exorbitant) the fees for your services.

This presents a problem when you need to have externally accessible services, that live under a single domain.

One way around this is to simply manage the domain from one account, and setup all the domains in that.  This has the downside of not being able to use “Aliases” which constantly update, and intrinsically linked to the resources in that account.

Another, would to simply CNAME the domain you want, onto one that the account controls.  This means you have yet another domain to manage, and pay for…

The answer? register your subdomain, and delegate the nameservers for that onto the subaccount.

This then allows you to delegate domains like test.mydomain.com, so the people you’ve been given access on the child account can create their own domain easily, such as http://site1.test.mydomain.com etc.

I’m going to assume that you host your top level domain in Route 53 for the purposes of this guide.

Step 1 – Create the hosted zone

create hosted zone

create domain

Step 2 – Find the Nameserver details

Once the hosted zone has been setup, it will be given some nameservers.  Click on the domain, and find the row that looks like this:nameserver list

You’ll need to copy the list of domains in the “Value” column for the NS type (in this case ns-602.aws…. and all the other lines).  PLEASE NOTE THAT THE TRAILING FULL STOP (period for you americans) IS REQUIRED.

Step 3 – Add the Nameserver details to the parent

This is the simple part.

Simply login to manage your domain, and add an NS record with all the above details for the subdomain that you want to delegate (in this case qa.example.com).

 

This now allows you to keep with the single domain model, and keep everything neat.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s