By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Route53 Alias to Gov Cloud resource

0

I can no longer create (or update existing) Route 53 records in standard account to point to Gov Cloud resources. This has always been the approach to route Internet DNS to Gov cloud resources; as Gov Cloud Route 53 only supports private VPC DNS. This approach is still the documented approach to create DNS records for Gov Cloud resources as described here: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/setting-up-route53.html, and specifically called out here from the document:

As you set up Route 53 to serve your AWS GovCloud (US) content with public hosted zones, keep the following in mind:

You must log in to the Route 53 console using your standard AWS credentials. Do not use your AWS GovCloud (US-West) or AWS GovCloud (US-East) credentials.
You will set up Route 53 to route end users to your AWS GovCloud (US-West) or AWS GovCloud (US-East) resources.

I have existing DNS records using this approach for years, and have created records as recently as the past month, but can no longer change, update or create Route 53 records to my Gov Cloud resources.

I have to assume this is a bug or unintended consequence of recent AWS changes, and could be potentially problematic to support any issues that arise until its fixed or a new documented solution for routing to Gov Cloud resources is published.

  • scopestar
    a year ago

    The way this has always previously worked, is from the Route53 Create Record form you could choose your resource type, choose gov-west or gov-east, and then paste in the DNS record for the Gov resource. The list of resources for the respective gov-west or gov-east would not populate (because they would be under a separate gov account) but you could choose region gov-west or gov-east, and then paste in resource records. Now gov-east and gov-west are not in the region dropdown, and if you choose a different region to paste in the DNS record you will get error that it is not a valid resource for that region.

Topics
Networking & Content DeliveryGovernment
Tags
Amazon Route 53Government
Language
English
profile picture
scopestar
asked a year ago645 views
1 Answer
0

Just closing the loop on this one. It appears there was a restriction in Route53 console that was preventing Gov Cloud region selection when creating alias records. My client opened a support ticket and the restriction/bug in the console was quickly resolved by AWS Support. Once again we are able to create/modify public Route53 alias records to Gov-Cloud resources.

profile picture
scopestar
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content