How can I associate a Route 53 health check from a different AWS account to a record set in my account?

Last updated: 2022-07-22

How can I associate an Amazon Route 53 health check from a different AWS account to a record set in my account?

Resolution

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.

You can associate a Route 53 health check with a record set, even if the health check and record set aren't in the same AWS account. To do this, use the AWS CLI to run the change-resource-record-sets command. Use CREATE or UPSERT to add or update a record set, specifying the health check ID from the other AWS account.

aws route53 change-resource-record-sets --hosted-zone-id Z1XYZ123XYZ --change-batch file://route53.json

Note: Be sure to replace the placeholders in the above command with your values.

To confirm that the health check is available in the other account:

  • In the Route 53 console, choose Health Checks. Then, check the Health check ID column to confirm that the correct health check is in use in the route53.json file.
  • Use the list-resource-record-sets command.

The route53.json file contains the following data:

{
  "Comment": "This is route53.json file",
  "Changes": [
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "abc.example.com",
        "Type": "A",
        "SetIdentifier": "primary-record",
        "Failover": "PRIMARY",
        "TTL": 60,
        "ResourceRecords": [
          {
            "Value": "1.1.1.1"
          }
        ],
        "HealthCheckId": "0385ed2d-d65c-4f63-a19b-2412a31ef431"
      }
    },
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "abc.example.com",
        "Type": "A",
        "SetIdentifier": "secondary-record",
        "Failover": "SECONDARY",
        "TTL": 60,
        "ResourceRecords": [
          {
            "Value": "2.2.2.2"
          }
        ]
      }
    }
  ]
}

Important: The Route 53 console doesn't show the associated health check on the RRSet because the health check belongs to a different account. However, you can use the AWS CLI to see the associated health check for the RRSet:

$ aws route53 list-resource-record-sets --hosted-zone-id Z1XYZ123XYZ --query "ResourceRecordSets[?Name == 'abc.example.com.']" --output json

[
  {
    "HealthCheckId": "0385ed2d-d65c-4f63-a19b-2412a31ef431",
    "Name": "abc.example.com.", 
    "Type": "A", 
    "Failover": "PRIMARY", 
  "ResourceRecords": [
      {
        "Value": "1.1.1.1"
  }
    ], 
    "TTL": 60, 
    "SetIdentifier": "primary-record"
  }, 
  {
  "Name": "abc.example.com.", 
    "Type": "A", 
    "Failover": "SECONDARY", 
    "ResourceRecords": [
  {
        "Value": "2.2.2.2"
      }
    ], 
  "TTL": 60, 
    "SetIdentifier": "secondary-record"
  }
]

Note: Be sure to replace the placeholders in this script with your values.


Did this article help?


Do you need billing or technical support?