Getting an Organization started on AWS Part 3: Domains, DNS & Route53
Part 1: Introduction, AWS Accounts, IAM & AWS Organizations
Part 2: Multi-Account, Landing Zones & AWS Control Tower
Part 3: Domains, DNS & Route53
Part 4: Identity Center, Single-Sign-On & Directory Service
Part 5: WorkSpaces & WorkMail — workforce style users
Part 6: WordPress & Workloads
Hello and welcome back! So far, we’ve created our AWS Environment and created an account for managing our domains, we’ve also created an administrator user in IAM Identity Center. In this section, we’ll be covering Domain names and DNS. We won’t be going into too much technical detail, but we will be covering domains, DNS and how Route53 can help — as well as how to use alternatives such as GoDaddy.
Theory: Domains, DNS & Route53
Domain names are the way we can identify websites on the internet. Each domain name must be globally unique, such as acme.com or acmecorporation.com. These can have subdomains, such as “www” or “mail”. Domain names are one-part name and one-part Top Level Domain (TLD). TLDs include “.com”, “.org”, “.gov”, etc.
We can use a domain name to point to many different servers/resources (such as IP addresses) through subdomains. We could point www to a WordPress site, and mail to a mail server.
All of which is secured behind an SSL or TLS certificate.
AWS Route53 is an end-to-end DNS service. We can use it to purchase domains and then manage a ‘hosted zone’ (basically a zone file) so that we have full control over DNS settings.
This will allow us to define subdomains.
If we purchase a domain externally, we may be able to transfer the domain to Route53 if the TLD is supported by Route53. Of course, we need not use Route53 if we don’t want to — we could use a third-party domain service which allows us to manage DNS settings (e.g., GoDaddy or 123Reg).
Route53 allows for a cross-account architecture, whereby we can purchase and manage a domain through Route53 on one account (or externally outside of Route53), and then use Route53 in other accounts to manage the subdomains.
Fundamentally, Route53 is an end-to-end DNS service.
Reference material on Route53, DNS, and domain names will be linked below. Now we can get some hands-on experience. If you already have a domain purchased, you can skip this next part if you like. Purchasing a domain will cost some money, depending on the domain itself. “.link” domains are normally quite cheap and go for < $10.
Walkthrough: Domains, DNS & Route53
- Navigate to AWS Control Tower => Organization. Here we can see the created domains account
2. We’ll need a user in the Domains account who has full access to Route53. To keep things simple, we can grant the current management user we’re logged in as PowerUserAccess. Go to Users and access => View In Identity Center
3. Go to AWS Accounts => Domains account. Select that and click Assign Users or groups
4. Select the user and click next
5. Choose the permission set. In my case, I’m choosing AWSPowerUserAccess. Click next then submit. This may take some time.
6. When done, go back to the Identity Center dashboard and click the SSO link. This can be customized if you want. Now you can see the user has power access to the domain’s account. Click that and keep the SSO page open for later. Your other session will be signed out.
7. Search for or go to Route53
8. Go to Route53 => Registered domains => Register Domain
9. Find the domain you want
10. Check, add to cart, then click continue.
11. Now you’ll need to enter Registrant, Administrative & Technical contacts. If you’re a real-world org, then these may differ. If not, answer yes to all being the same and fill the details in.
12. 1. At the end of the journey, it should add a record to pending requests. Under AWS Route53 => Pending requests. I, however, got an email saying it had failed — with no real info as to why. I believe it is because I’ve registered too many domains lately, but hopefully you should be good. If it fails, you canraise a support ticket or register a domain name elsewhere. It may take some time for a pending request to transition into registered. Once fully registered, you’ll be able to manage a hosted zone for it.
The parts of the course where we use our domain names will cover how to use Route53 to manage a subdomain, whether you bought it through Route53 or not
And that should be everything for registering your domain! In part 4 we’ll be going through AWS Identity Center, we’ll define the start of a process for creating new business users, and we’ll grant users controlled access to AWS accounts as well as third-party software solutions!
Supplementary reading:
