Home / server / Questions / 893642
Accepted
Sverre
Asked: 2018-01-24 00:46:25 +0800 CST

How to create an route53 record of the Private IP in Cloudformation

  • 772

I have a cloudformation script in AWS that creates an EC2 instance, with some firewall rules, S3 mappings and other stuff.. and I create a DNS record in route53 for the public ip of the instance, this works well.

Now I need to create another record in DNS of the internal ip of the host (for internal use, so that other instances can talk to this instance without going via the public ip).

I have not found a way to do this. is it possible? does anyone have an example cloudformation script?

domain-name-system

3 Answers

  1. It is possible, but you need to setup a "Private Hosted Zone", as described in this article Access an Internal Version of your Website Using the Same Domain Name | Amazon AWS Support then adapt the following cloudformation to meet your needs

    "myDNSRecord2" : {
    "Type" : "AWS::Route53::RecordSet",
    "Properties" : {
        "HostedZoneId" : "Z3DG6IL3SJCGPX",
        "Name" : "mysite.example.com.",
        "Type" : "A",
        "TTL" : "900",
        "ResourceRecords" : [{
            "Fn::GetAtt" : [ "MyInstance", "PrivateIp" ]
        }]
    }
}
    • 5

  2. Create a Private Hosted zone in a separate Cloudformation script and output the Route53 Zone ID.

    Use that Private zone ID as a param in the EC2 creation Cloudformation script. Create a Resource record type, with the Zone ID as a param, and Ref the Private IP address of the EC2 Instance.

    Same thing can be done with the Public, but I would create an ENI for that if you are not going to use an ELB.

    Creating a resource record with CFN

    • 1
  3. Best Answer

    after a few days of asking, testing, and trying, I came across a solution from a nice guy at Reddit. the complete solution to my problem is the following:

        "myInternalIPHostRecord": {
        "Type": "AWS::Route53::RecordSet",
        "Properties": {
            "HostedZoneId": {
                "Ref" : "HostedZoneId"
            },
            "Comment": "Internal DNS name for my instance.",  
            "Name": {
                "Fn::Join": [
                    "",
                    [
                        "internal",
                        ".",
                        {
                            "Ref": "DNSEnvironment"
                        },
                        ".",
                        {
                            "Ref": "HostedZoneName"
                        },
                        "."
                    ]
                ]
            },
            "Type": "A",
            "TTL": "120",
            "ResourceRecords": [
                {
                    "Fn::GetAtt" : [ "MyInstance", "PrivateIp" ]
                }
            ]
        }
    }

    the new part for me was the Fn::GetAtt to retrieve the "PrivateIP" from my instance, I did not find a way to do that before I got some help. otherwise this was exactly like the public ip record was created (and which is well documented before for example here: (and I see now that it uses Fn::getAtt, not sure why I did not get this myself).

    • 0