How can I use AWS RAM to share Route 53 Resolver rules across multiple VPCs and AWS accounts?

Last updated: 2020-06-02

How can I use AWS Resource Access Manager (AWS RAM) to share Amazon Route 53 Resolver rules across multiple virtual private clouds (VPCs) or AWS accounts?

Resolution

Create the Route 53 Resolver rules (if you don't already have rules)

Before you begin, consider the following:

  • Route 53 Resolver is a regional service. You can only share and associate VPCs in the same Region where you created the rules.
  • You must have permissions to use the PutResolverRulePolicy action to share rules across AWS accounts.
  • The account that you share rules with cannot change or delete the shared rule.

In Account A, create Route 53 Resolver rules to share with other accounts and VPCs.

Share the Route 53 Resolver rules with AWS RAM

  1. Open the Route 53 console in Account A.
  2. In the navigation pane, choose Rules.
  3. Select the rule that you want to share.
  4. Choose Share. The AWS RAM console page appears.
  5. On the Create Resource Share page:
    For Name, provide a descriptive name for the resource share.
    For Select Resource Type, choose Resolver Rules.
    Select the Resolver Rule ID to share.
    Specify the Principal to share. The Principal can be a single account or an organization.
    (Optional) Complete the Tags section.

Associate the Route 53 Resolver rules with a VPC

  1. Open the Route 53 console in Account B.
  2. In the navigation pane, choose Rules.
  3. Select the rule that you just shared.
  4. Choose Associate VPC
  5. Select the VPC from the drop-down list, and then choose Add.

DNS queries from the VPC now use the outbound endpoint for the shared rule from Account A. AWS RAM manages connectivity between the VPC and the outbound endpoint for the rule from Account A.


Did this article help you?

Anything we could improve?


Need more help?