This Guidance demonstrates an automated approach for creating the DNS resolution required when creating Amazon VPC Lattice services with custom domain names in multi-account environments. It simplifies the configuration process by automating the Amazon Route 53 DNS setup based on Amazon VPC Lattice service creation and removal actions, eliminating the operational effort of creating resources at scale. You can benefit from a simplified way to connect services across multiple AWS accounts, allowing applications to transparently access the required DNS resolution.

Note: [Disclaimer]

Architecture Diagram

[Architecture diagram description]

Download the architecture diagram PDF 

Well-Architected Pillars

The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.

The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.

  • EventBridge automates your Amazon VPC Lattice creation process, invoking a Lambda function to retrieve DNS information and send it to Amazon SNS. In the AWS accounts that own the DNS configuration, Amazon SQS subscribes to the SNS topic cross-account, then invokes a Lambda function to automate the alias record creation. This automation reduces operational overhead, providing a transparent DNS resolution for your consumer services, especially in multi-account environments and at scale.

    Read the Operational Excellence whitepaper 
  • Secure your Amazon SQS and Amazon SNS resources by defining resource policies that grant access only to the specified account, organization, or resource. AWS Identity & Access Management (IAM) roles for your Lambda functions restrict access to the corresponding resources, such as EventBridge, Amazon SQS, and Amazon SNS.

    AWS RAM securely shares resources, like the SQS queue and EventBridge bus, with only the AWS accounts within your AWS organization. Implementing the principle of least privilege through minimum permissions helps ensure that access to your Amazon VPC Lattice DNS resolution automation is limited to the necessary configuration resources and involved AWS accounts.

    Read the Security whitepaper 
  • Amazon SQS and Amazon SNS provide durable scaling mechanisms to process Lambda and EventBridge events reliably. A DLQ in Amazon SQS monitors and retries unsuccessfully processed messages to enhance the resilience of your automation. As managed services, Lambda, Amazon SNS, and Amazon SQS reduce the chance of failure, keeping your Amazon VPC Lattice DNS resolution automation running without downtime.

    Read the Reliability whitepaper 
  • The real-time event processing capabilities of EventBridge and the regional, serverless nature of Lambda, Amazon SNS, and Amazon SQS, provide optimal performance with minimal operational overhead. The cross-account setup helps ensure the lowest possible processing time, enabling seamless connectivity between a consumer and an Amazon VPC Lattice service as soon as it is created.

    Read the Performance Efficiency whitepaper 
  • EventBridge, Lambda, Amazon SNS, and Amazon SQS resources are only used when a new Amazon VPC Lattice service is created, avoiding unnecessary costs for long-running processes. These computing resources follow a serverless paradigm, where the compute capacity is only needed for the specific actions required, resulting in cost-effective operations.

    Read the Cost Optimization whitepaper 
  • The fully managed nature of EventBridge, Lambda, Amazon SNS, and Amazon SQS, are used on an event-basis, providing high efficiency and low cost for short-running periods. The use of these short computational services and real-time event processing reduces the overall resource consumption and environmental footprint.

    Read the Sustainability whitepaper 
[Content Type]

[Title]

This [blog post/e-book/Guidance/sample code] demonstrates how [insert short description].

Disclaimer

The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.

References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.

Was this page helpful?