Route 53 hands on with private hosted zones

Route 53 is a Managed DNS service from AWS that provides a mapping between domain names and IP addresses and AWS resources. At first glance, this could lead us to think that we can’t do an effective hands-on with Route 53 without having to purchase a domain name from AWS or any other domain registrar. Fear not, AWS provides an option for a private hosted-zone to create and test the Route53 concepts.

In preparing for the AWS certified solutions architect associate certification, I have been referring to the Udemy course — https://www.udemy.com/course/aws-certified-solutions-architect-associate-saa-c02.

As a pre-requisite, I am assuming that you have good knowledge of creating and configuring EC2 instances, ELBs, setting up security groups etc.

The first step is to sign up for an AWS account if you don’t have already have one at this link https://amzn.to/3ydRJxP.

The next steps are given below:

Creation and Configuration of EC2 instances and Application Load Balancer (ELB)

1. Navigate to the EC2 services under any of the AWS regions, for my learning, I usually use US-East-2 / Ohio.
2. Create two EC2 instance with the Amazon Linux and t2.micro (Free Tier) eligible size. Name them as webinstance1 and webinstance2
3. In the user data section while creating these EC2 instances add the code below to install and configure a web server

#!/bin/bash

########################################################

##### USE THIS FILE IF YOU LAUNCHED AMAZON LINUX 2 #####

########################################################

# get admin privileges

sudo su

# install httpd (Linux 2 version)

yum update -y

yum install -y httpd.x86_64

systemctl start httpd.service

systemctl enable httpd.service

echo “Hello World from $(hostname -f)” > /var/www/html/index.html

4. After the instances is created, note the private IPs and the VPC that is attached to this instance

5. Since, we are creating a private hosted zone, it is necessary for us to access this web page from the private IP of these instances.

6. There are two options, either we use the same instance to check the accessibility of the web page via the private IP or use another one. I prefer to use a different instance.

8. Create a third AWS EC2 instance of t2.micro size in the same VPC, name it as accessinstance1.

9. After accessinstance1 is created, login to the instance and check if you can access the web page on instance1 with the following command “curl http://<private IP>:80”. You should see a response of the format Hello World from $(hostname -f) from both the instances.

10. An application load balancer (ELB) should now be created, call it r53loadbalancer, it should be in the same VPC as the instances. Create a target group with webinstance1 and webinstance2. Access the load balancer URL from accessinstance1 via the private IP of the loadbalancer and check if the command curl http://<private IP>:80 loads the web page with Hello World from $(hostname -f).

If you are able to successfully access the webpage via curl, then you are set to learn Route53.

Route 53

Route53 is a Managed DNS system and allows to map domain names with IP addresses and AWS resources. It provides multiple options for accessing the instances which host these domains, and is very interesting. So, let’s get started:

Concepts:

There are 4 types of records in Route53:

A : Mapping a hostname to an IPv4 address

AAAA : Mapping a hostname to an IPv6 address

CName : Mapping a hostname to another hostname

Alias: Mapping a hostname to an AWS resource

Creating an A record — mapping a Route53 record to an IP address

The steps to follow now are:

1. Select DNS Management-> Hosted Zone-> Private hosted zone and name it as r53privatezone
2. The hosted zone r53privatezone should be present in the same region as the EC2 instances and the load balancer. In my case, it is US-East-2
3. The hosted zone r53privatezone should also be in the same VPC as the EC2 instances and the load balancer
4. You will find that there are two default records already created, a NS (list of name servers) and an SOA (start of authority) record
5. Create the first record — of type A, the Record name is webinstance1.r53privatezone. The Value this should map to is the private IP of webinstance1. Keep the routing policy as simple and save it.
6. Access the record webinstance1.r53privatezone from the console of accessintance1 with the command curl http://webinstace1.r53privatezone, and confirm if you can see the message Hello World from $(hostname -f)
7. If yes, you have now created the first Route53 record in a Private Hosted Zone, Congratulations!!!

Creating an Alias record — mapping a Route53 record to an AWS resource

1. Name the record as alias.r53privatezone
2. This will be an A record
3. Ensure that you select the Alias option
4. In the Route traffic to section, select Alias to Application and Classic Load Balancer
5. The region should be the same as what has been used before by you, in my case it is US-East-2
6. In the search box you should see the DNS name of the load balancer that you created earlier in the form dualstack**-r53loadbalancer.xxxx.xxxx
7. Select this name and create the record
8. From accessinstance1 execute the command curl http://alias.r53privatezone and check if you can see the message Hello World from $(hostname -f). The IP address should keep varying between the private Ips for webinstance1 and webinstance2.
9. Note: I have seen that mapping an Alias record usually takes about 5 minutes, keep this in mind before executing the curl command

Creating a CNAME record — mapping a Route53 record to another host

1. Name the record as cname.r53privatezone
2. Record type is CNAME
3. The value that this maps to is webinstance1.r53privatezone
4. Create the record
5. From accessinstance1 execute the command curl http://cname.r53privatezone and check if you can see the message Hello World from $(hostname -f). The IP address should be the private IP of webisntance1

There are many other options to try out with Routing policies in each of these records. I hope with this introduction, you will be able to explore all the features of Route 53 without having to buy a Domain name.

Happy Hands On Labs!!!

PS: Don’t forget to delete all the resources at the end of your lab session.

#behandson