This content originally appeared on DEV Community and was authored by Md Shamim
Background:
Let assume, we have a private hosted zone in Account A and a VPC associated with it from the same account. Now, we need to associate another VPC from Account B (which is a Cross-Account) to the private hosted zone residing in Account A.
However, this cannot be done via the AWS console. To accomplish this requirement, we'll need to use the programmatic approach. In this tutorial, we will be using AWS CLI to perform the necessary operations.
The following commands need to be run on Account A:
Account A needs to create a VPC association authorization to authorize the association of a VPC from Account B.
- Create vpc association authorization:
aws route53 create-vpc-association-authorization \
--hosted-zone-id <hosted-zone-id> \
--vpc VPCRegion=<region>,VPCId=<vpc-id> \
--region <your-region>
- Check if VPC is
authorized:
aws route53 list-vpc-association-authorizations \
--hosted-zone-id Z03168043HMQYLM46KQBL
- Expected Outcome:
{
"VPCs": [
{
"VPCRegion": "region",
"VPCId": "< target-vpc-id >"
}
],
"HostedZoneId": "< hosted-zone-id >"
}
The following commands need to be run on Account B:
-
Account Bneeds toassociate-vpc-with-hosted-zoneusing the following command:
aws route53 associate-vpc-with-hosted-zone \
--hosted-zone-id <hosted-zone-id> \
--vpc VPCRegion=<region>,VPCId=<vpc-id> \
--region <your-region>
Now, from the console, we can verify the associated VPC:
Addressing Terraform State Update Challenges
After associating cross-account VPC with a private hosted zone using CLI. In terraform, we might see terraform will delete the cross-account VPC from the hosted zone:
# aws_route53_zone.private will be updated in-place
~ resource "aws_route53_zone" "private" {
id = "Z03168043HMQYLAGDGAL"
name = "example.com"
tags = {}
# (7 unchanged attributes hidden)
- vpc {
- vpc_id = "vpc-072877fb4e12c2427" -> null
- vpc_region = "us-east-1" -> null
}
# (1 unchanged block hidden)
}
To resolve this issue we can use the lifecycle block inside the aws_route53_zone resource code:
resource "aws_route53_zone" "private" {
name = "example.com"
vpc {
vpc_id = "vpc-0f76856d99df4csbf"
}
# Like this
lifecycle {
ignore_changes = [vpc]
}
}
That's all for now. Please let me know your feedback and if you have any questions.
Thanks!!
Md Shamim
This content originally appeared on DEV Community and was authored by Md Shamim
Md Shamim | Sciencx (2024-08-31T12:18:55+00:00) Cross-Account VPC Associations with Route53 Private Hosted Zone and Addressing Terraform State Update Issue. Retrieved from https://www.scien.cx/2024/08/31/cross-account-vpc-associations-with-route53-private-hosted-zone-and-addressing-terraform-state-update-issue/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.