How can I use AWS RAM to share Route 53 Resolver rules across multiple VPCs and AWS accounts?

Resolution

Create the Route 53 Resolver rules (if you don't already have rules)

Before you begin, consider the following:

• Route 53 Resolver is a Regional service. You can only share and associate VPCs in the same Region where you created the rules.
• You must have permissions to use the PutResolverRulePolicy action to share rules across AWS accounts.
• The account that you share rules with can't change or delete the shared rule.

In Account A, create Route 53 Resolver rules to share with other accounts and VPCs.

Share the Route 53 Resolver rules with AWS RAM

1. Open the Route 53 console in Account A.
2. In the navigation pane, choose Rules.
3. Select the rule that you want to share.
4. Choose Share.
5. For Name, enter a descriptive name for the resource share.
6. For Select Resource Type, choose Resolver Rules.
7. Select the Resolver Rule ID to share.
8. Specify the Principal to share. The Principal can be a single account or an organization.
9. (Optional) Complete the Tags section.

Accept the shared Route 53 Resolver rules in AWS RAM

1. Open the AWS RAM console.
2. In the navigation pane, choose Shared with me, Resource shares.
3. Select the resource share ID for the Route 53 Resolver rules.
4. Choose Accept resource share.

Associate the Route 53 Resolver rules with a VPC

1. Open the Route 53 console in Account B.
2. In the navigation pane, choose Rules.
3. Select the rule that you just shared.
4. Choose Associate VPC.
5. Select the VPC from the drop-down list, and then choose Add.

DNS queries from the VPC now use the outbound endpoint for the shared rule from Account A. AWS RAM manages connectivity between the VPC and the outbound endpoint for the rule from Account A.

Related information

Managing forwarding rules