I want to associate my Amazon Route 53 private hosted zone with a virtual private cloud (VPC) that belongs to a different AWS account. How can I do this?

You can use the AWS Command Line Interface (AWS CLI) to associate the private hosted zone with a VPC from another account.

Authorize the association of the VPC that belongs to the different AWS account with the private hosted zone from the account that created the hosted zone.

1.    Upgrade the AWS CLI version.

Note: Ensure the AWS CLI is configured to use the credentials of an IAM user that has Route 53 access.

aws –-version
pip install --upgrade awscli

2.    Retrieve the hosted zone ID by listing the available zones using the AWS CLI.

Note: This must be done from the account that owns the private hosted zone.

aws route53 list-hosted-zones

3.    Create the authorization using the zone ID from the previous step, the region, and the VPC ID that you want to associate.

aws route53 create-vpc-association-authorization --hosted-zone-id <hosted-zone-id> --vpc VPCRegion=<region>,VPCId=<vpc-id>

4.    Associate the VPC with the hosted zone from the account that owns the VPC.

aws route53 associate-vpc-with-hosted-zone --hosted-zone-id <hosted-zone-id> --vpc VPCRegion=<region>,VPCId=<vpc-id>

5.    It is a best practice to delete the authorization request from the account that owns the zone.

aws route53 delete-vpc-association-authorization --hosted-zone-id <hosted-zone-id>  --vpc VPCRegion=<region>,VPCId=<vpc-id>

Instances from the VPC that belongs to the different account should now be able to resolve the records in the private hosted zone. 


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-12-27

Updated: 2017-11-13