By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to allign the Name Servers of Route53 Public Hosted Zone and Registered Domains in CDK?

1

In my account is an "registered domain" with 4 nameservers assigned to it. To originally created Public Hosted Zone was deleted as I want it to be created with the CDK deployment.

When deploying the Route53 Public Hosted Zone it is each time creating a new set of Name Servers. Solution s then to update the Name Servers of the registered domain manually. This issue is described in the following link as well together with an manual fix: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-replace-hosted-zone.html

Problem: I don't want to change the Name Servers manually, but directly with CDK.

Question: How to create a Public Hosted Zone and link it to a registered Domain with both sharing the same Name Servers via CDK?

Code:

import * as route53 from 'aws-cdk-lib/aws-route53';
import { RemovalPolicy, Tags, Duration } from 'aws-cdk-lib';


const route53PublicHostedZone = new route53.PublicHostedZone(scope, 'route53PublicHostedZone', {
    zoneName: 'myWhatEverDomain.com',
  });

const zoneDelegationRecord = new route53.ZoneDelegationRecord(scope, 'MyZoneDelegationRecord', {
    // real NS Names are different of course
    nameServers: [
      'ns-1.awsdns-1.org',
      'ns-2.awsdns-2.net',
      'ns-3.awsdns-3.co.uk',
      'ns-4.awsdns-4.com'],
    zone: route53PublicHostedZone,
    ttl: Duration.minutes(1),
  });

Error:

Failed resources:
myCdkStack | 16:53:12 | CREATE_FAILED        | AWS::Route53::RecordSet                   | MyZoneDelegationRecord (MyZoneDelegationRecordD1ECAA29) [Tried to create resource record set [name='myWhatEverDomain.com.', type='NS'] but it already exists]

 myCdkStack  failed: Error: The stack named myCdkStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE
    at Object.waitForStackDeploy (C:\Users\myUser\AppData\Roaming\npm\node_modules\aws-cdk\lib\api\util\cloudformation.ts:307:11)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at prepareAndExecuteChangeSet (C:\Users\myUser\AppData\Roaming\npm\node_modules\aws-cdk\lib\api\deploy-stack.ts:355:26)
    at CdkToolkit.deploy (C:\Users\myUser\AppData\Roaming\npm\node_modules\aws-cdk\lib\cdk-toolkit.ts:201:24)
    at initCommandLine (C:\Users\myUser\AppData\Roaming\npm\node_modules\aws-cdk\bin\cdk.ts:281:9)

The stack named pmyCdkStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE
Topics
Developer ToolsManagement & GovernanceNetworking & Content Delivery
Tags
Developer ToolsAWS CloudFormationAmazon Route 53
Language
English
Krummy
asked 2 years ago1681 views
1 Answer
0

As you noted, when creating a hosted zone, AWS Route 53 assigns a random selection of name servers to the hosted zone. The domain registrar must be configured with these name servers as in order to make your domain available on the internet. The documentation on replacing a hosted zone [1] refers to updating the domain registrar to reference these name servers to ensure the correct hosted zone is used to resolve DNS records. This is described in more detail in the documentation page on adding or changing name servers and glue records for a domain [2].

While you can change the NS and SOA records for your AWS Route 53 hosted domains, this is most commonly used for white-labeling your name servers [3] and does not change the AWS Route 53 name servers that are associated with the Hosted Zone by AWS. It only changes the records returned by the hosted zone when queried.

This is why the CDK build fails in your example code: the ZoneDelegationRecord is attempting to create new NS records for the parent domain when those records already exist. The CDK ZoneDelegationRecord [4] construct is used to delegate resolution to child zones, not to change name servers for the parent domain.

If you would like to use the same set of name servers for multiple hosted zones, for example to simplify management, accelerate migration of multiple domains, or have consistent white-labeling across domains, you can use a reusable delegation set [5].

The AWS CDK does not currently have any constructs for creating Reusable Delegation Sets or using a Delegation Set when creating a Public Hosted Zone. There is discussion on this topic on aws/awscdk issue #12756 [6] which includes an example custom resource for creating public hosted zones using a previously created DelegationSet. This concept could be extended with another custom resource for the Reusable Delegation Set using the corresponding AWS Route 53 APIs [7].

[1] https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-replace-hosted-zone.html

[2] https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-name-servers-glue-records.html

[3] https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/white-label-name-servers.html

[4] https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_route53.ZoneDelegationRecord.html

[5] https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/route-53-concepts.html#route-53-concepts-reusable-delegation-set

[6] https://github.com/aws/aws-cdk/issues/12756

[7] https://docs.aws.amazon.com/Route53/latest/APIReference/API-actions-by-function.html#actions-by-function-reusable-delegation-sets

AWS
Michael_R
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content