Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How to create Route 53 Alias record for cross-account Load Balancer Target
See original GitHub issue❓ General Issue
The Question
I use separate accounts per environment (dev, test, prod…). Additionally, I have a “Tools” account for common things such as public DNS, Docker containers and CodePipelines. Normally I manually create Route 53 records and have created alias records for cross-account ALBs in the past. I’m trying to do the same using the CDK but am getting the following error:
Stack "Dns" cannot consume a cross reference from stack "Api-DevUsEast1". Cross stack references are only supported for stacks deployed to the same environment or between nested stacks and their parent stack
The “Dns” stack contains the Hosted Zone and is deployed in the Tools account. The Api-DevUsEast1 stack holds the ALB and is deployed in my Dev account.
I’m hesitant to create a Hosted Zone for a subdomain in my environment accounts e.g. dev.my.app because I’d prefer that the Prod account didn’t need to use a subdomain e.g. my.app instead of prod.my.app. I prefer this mostly because it is easier for the end user.
Additionally, I like the env prefix to be at the lowest level e.g. dev.www.my.app not www.dev.my.app. Mostly because it makes more sense to me that way.
Anyway, is it possible to create an alias record for dev.www.my.app which points to an ALB in a different account using the CDK?
Environment
- CDK CLI Version: 1.32.2
- Module Version: 1.32.2
- OS: OSX
- Language: TypeScript
Other information
My motivation for managing the Route 53 records with the CDK is because it was a hassle to update the alias record every time I destroyed and re-created an ALB. I’d like if the CDK could automatically update the records when the ALB was created or destroyed.
This issue seems loosely related to #3470 They are using AWS Control Tower in that case and are trying to create a DnsValidatedCertificate but its similar.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:9
- Comments:10 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@shivlaks Is it possible to do this kind of cross-account DNS management with the CDK? If not currently, are their plans to support this kind of thing in the future? AWS Control Tower encourages this pattern and there are several AWS blog posts detailing how to manage your environments with separate accounts so I would imagine that it is a pretty standard use case. If I’m wrong and there is a different approach that I should be taking to DNS, let me know.
@mmeylan Unfortunately you wont be able to use the
ApplicationLoadBalancedFargateServiceconstruct because it tries to create the A record for you. See hereThe way I do it is I create the ALB and Fargate service with the cdk using
ApplicationLoadBalancerandFargateServicerespectively. Since I’m not using the pattern, I also create theVPC,Cluster,ApplicationTargetGroup,ApplicationListenerRule,SecurityGroups(one for the ALB and another for the Fargate service) and whatever else you need to wire them together using the CDK.I’ve done this so many times that I’ve created my own “Pattern” constructs that do most of this for me.
I manually create a certificate in the same account as the ALB and Fargate service. In the DNS account I manually create an Alias A record named
myservice.example.comwith its value set to the DNS name generated for the ALB e.g.dualstack.xxxxxxx.us-east-1.elb.amazonaws.com.(the “dualstack” is prepended automatically)