How do I associate a Route 53 health check from an account with a record set in a different account?

2 minute read
0

I want to associate an Amazon Route 53 health check from one AWS account with a record set in another account

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

To associate a Route 53 health check with a record set, run the change-resource-record-sets command in the AWS CLI. Use this command even if the health check and record set aren't in the same account. Use CREATE or UPSERT to add or update a record set, and specify the health check ID from the other account:

aws route53 change-resource-record-sets --hosted-zone-id Z1XYZ123XYZ --change-batch file://route53.json

Note: Replace Z1XYZ123XYZ with your hosted zone id value.

To confirm that the health check is available in the other account, complete the following steps:

  1. Open the Route 53 console.
  2. Choose Health Checks.
  3. Check the Health check ID column to confirm that the correct health check is in use in the route53.json file. To confirm that the correct health check is in use in the route53.json file, run the list-resource-record-sets command.

The route53.json file contains the following data:

{  
"Comment": "This is route53.json file",
  "Changes": [
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "abc.example.com",
        "Type": "A",
        "SetIdentifier": "primary-record",
        "Failover": "PRIMARY",
        "TTL": 60,
        "ResourceRecords": [
          {
            "Value": "1.1.1.1"
          }
        ],
        "HealthCheckId": "0385ed2d-####-4f63-a19b-2412a31ef431"
      }
    },
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "abc.example.com",
        "Type": "A",
        "SetIdentifier": "secondary-record",
        "Failover": "SECONDARY",
        "TTL": 60,
        "ResourceRecords": [
          {
            "Value": "2.2.2.2"
          }
        ]
      }
    }
  ]
}

Important: The Route 53 console doesn't show the associated health check on the RRSet because the health check belongs to a different account. However, use the following command through the AWS CLI to see the associated health check for the RRSet:

$ aws route53 list-resource-record-sets --hosted-zone-id Z1XYZ123XYZ --query "ResourceRecordSets[?Name == 'abc.example.com.']" --output json
[
  {
    "HealthCheckId": "0385ed2d-####-4f63-a19b-2412a31ef431",
    "Name": "abc.example.com.", 
    "Type": "A", 
    "Failover": "PRIMARY", 
  "ResourceRecords": [
      {
        "Value": "1.1.1.1"
  }
    ], 
    "TTL": 60, 
    "SetIdentifier": "primary-record"
  }, 
  {
  "Name": "abc.example.com.", 
    "Type": "A", 
    "Failover": "SECONDARY", 
    "ResourceRecords": [
  {
        "Value": "2.2.2.2"
      }
    ], 
  "TTL": 60, 
    "SetIdentifier": "secondary-record"
  }
]

Note: Replace the placeholders in the script with your values.

AWS OFFICIAL
AWS OFFICIALUpdated 8 months ago