Working with multiple AWS accounts can lead to timeouts between the different account services. Behind the VPC peering and the routing table connection, a very important thing is to set hosted zone association if you want to reach some service from the other accounts. Here I’m going to show you how to associate VPC with a private hosted zone through the AWS CLI.
Prerequisites
- AWS account
- VPC peering
- Route tables
Scenario
Let’s say we have two different AWS accounts A and B. B wants to reach the A endpoint services through a private hosted zone, assuming that VPC peering and route tables are done already. So basically we need to create VPC association authorization on the account A side pointing to the VPCID of the B account and after that just confirm it on the B side.
Associate VPC with hosted zone
Step 1. Export the A AWS account credentials in your Terminal and as a first step submit a CreateVPCAssociationAuthorization request.
aws route53 \
create-vpc-association-authorization \
--hosted-zone-id <A account hosted zone ID> \
--vpc VPCRegion=<region>,VPCId=<B account VPC ID>
Step 2. Open a new Terminal, export the B AWS account credentials and submit an AssociateVPCWithHostedZone request.
aws route53 \
associate-vpc-with-hosted-zone \
--hosted-zone-id <A account hosted zone ID> \
--vpc VPCRegion=<region>,VPCId=<B account VPC ID> \
--comment "Associate B VPC to the A account"
After executing the command it will accept the CreateVPCAssociationAuthorization request from A and you will be able to reach the internal service endpoints from the account A.
Conclusion
Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.
