Creating a Private Hosted Zone in Route 53
AWS Route 53 allows the creation of Private Hosted Zones, enabling DNS resolution exclusively within a specific VPC. This feature is essential for internal networking, allowing EC2, ECS, and Lambda (when running inside a VPC) to resolve domain names privately.
Steps to Configure a Private Hosted Zone
Step 1: Create a Private Hosted Zone
- Open AWS Route 53 in the AWS Management Console.
- Navigate to “Hosted zones” and click “Create hosted zone”.
- Configure the following settings:
- Domain name: e.g.,
internal.example.com - Type: Select Private Hosted Zone
- VPC: Choose the VPC where the domain will be used
- Domain name: e.g.,
- Click “Create”.
Once created, only resources inside the selected VPC can resolve internal.example.com.
Using Private DNS for AWS Services
1️⃣ Resolving Hostnames for EC2 Instances
To enable EC2 instances to resolve internal.example.com, an A record needs to be created pointing to a private IP.
Example: Assign app.internal.example.com to 10.0.0.100
- Open the Private Hosted Zone in Route 53.
- Click “Create record”.
- Configure:
- Record name:
app.internal.example.com - Record type:
A - Value:
10.0.0.100
- Record name:
- Click “Save”.
Now, EC2 instances within the VPC can resolve the domain:
ping app.internal.example.com2️⃣ Using Private DNS for Lambda and ECS
- ECS (Fargate / EC2 mode):
internal.example.comcan be used for service-to-service communication. - Lambda (inside VPC): Enables DNS resolution for VPC resources.
Enabling Private DNS Across Multiple VPCs
A Private Hosted Zone is associated with a single VPC by default. To extend it across multiple VPCs, the following methods can be used:
Option 1: AWS Resource Access Manager (RAM)
- Open Route 53 → Manage VPC Association.
- Select “Share with another AWS Account”.
- Add the AWS Account ID.
- The hosted zone will now be available to other VPCs within the account.
Option 2: VPC Peering with Route 53 Association
For environments with VPC peering, the hosted zone can be manually associated:
aws route53 associate-vpc-with-hosted-zone \
--hosted-zone-id Z1234567890 \
--vpc VPCRegion=us-east-1,VPCId=vpc-xxxxxxxNow, instances in both VPCs can resolve internal.example.com.
Summary
| Setup | Description |
|---|---|
| Create a Private Hosted Zone | Restricts DNS resolution to a specific VPC |
| Define A Records for EC2 | Resolves app.internal.example.com → 10.0.0.100 |
| Use in ECS / Lambda | Enables internal service discovery |
| Share Across VPCs | Use AWS RAM or VPC Peering |
Setting up a Private DNS in AWS Route 53 ensures secure and efficient internal networking within a VPC.
For advanced configurations or security enhancements, further customization options are available.