By using AWS re:Post, you agree to the Terms of Use

Managing Route53 at scale


We have about 30 AWS accounts at this point (application, development, devops, shared services, sandboxes) and we are using AWS Control Towers tied into AWS SSO. We have recently created a designated networking account where we host the STNO solution and have decided this will be our centralized network traffic solution for all of our business needs.

We are trying to figure out what the best practices are for managing DNS, private DNS zones in particular at scale. With using a central networking account, we can see the appeal of having all private zones in a single account so that we can get a complete picture of and monitor/manage the entire organization, but is this the current best practice?

Will centralizing our private zones create problems for individual teams? For example, we want to give our Devs the ability to manage their private zone ( without allowing them to edit other zones. Is this possible with cross-account, centralized, private zones?

Should we even allow our dev teams to manage their own private zone? If not, what is the current best practice for managing private zones within an org?

Just hoping to get an idea of how other companies are managing this, what worked for previous clients, what didn't.

1 Answer


Refer the below two blogs for best practices of AWS SSO & Control tower along with Route 53 and you can use the specific section from which you would want the particular setups. AWS Organizations is also something that you would want to look into.

Link- -- [1]

Link- -- [2]

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions