CloudFront alias in Route 53 private hosted zone

Question

The [Route 53 documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_AliasTarget.html) says things like:

> You can't create a resource record set in a private hosted zone to route traffic to a CloudFront distribution.

[And](https://docs.aws.amazon.com/Route53/latest/APIReference/API_AliasTarget.html):

> Alias resource record sets for CloudFront can't be created in a private zone.

But they can! Try it. It works. (If the Route 53 console doesn't suggest the alias target, you can still write it yourself.)

It makes sense if, for example, you're using a split zone setup.

Is the documentation mistaken, or is this not intended or guaranteed to work?

(My private hosted zone is in us-east-2.)

Answer

As this is DNS related and without testing myself, technically what you say is most likely true.

Cloudfront usually is publicly facing but technically you could create a private record to resolve to a cloudfront resource.

I guess if you have a split horizon DNS you would have to create a record in the private zone if resources need to resolve it.

관련 콘텐츠