Product DocumentationAppearance
Configuring DNS records for AWS
Prerequisites:
- aws cli
- kubectl (optional)
- AWS permissions to create perform DNS administration tasks
Step 1: Create a ‘child’ hosted zone for your Yellowbrick environment and retrieve the NS records. This will be the account of your Yellowbrick deployment
export AWS_PAGER=""
export AWS_PROFILE=$YOURPROFILE
aws sts get-caller-identity
## Update childZoneDnsName to your environment
childZoneDnsName=""
## Example: childZoneDnsName="xyz.dev.yellowbrickcloud.com"
## Create the hosted zone
aws route53 create-hosted-zone --name $childZoneDnsName --caller-reference $(date +%Y%m%dT%H%M%SZ)
## Example:
aws route53 create-hosted-zone --name xyz.dev.yellowbrickcloud.com --caller-reference $(date +%Y%m%dT%H%M%SZ)
## Save the NS records of the child zone for reference for step 2.
childZoneId=$(aws route53 list-hosted-zones --query "HostedZones[?Name == '${childZoneDnsName}.'].Id | [0]" --output text | cut -d'/' -f3) && echo $childZoneId
aws route53 list-resource-record-sets --hosted-zone-id $childZoneId --query "ResourceRecordSets[?Type == 'NS'].ResourceRecords[].Value" --output text | tr '\t' '\n' > /tmp/nsrecordsStep 2: In the account of your root DNS zone, delegate and add the NS (nameserver) records of your child hosted zone to your domain. You will need to have access to the account of your root DNS zone
## Turn off the cli pager and ensure you are pointing to the correct aws account (root dns zone account) if not already.
export AWS_PROFILE=$YOUR-ROOT-DNS-Zone-ACCOUNT
## Example: AWS_PROFILE=yb-dns
aws sts get-caller-identity
rootZoneDnsName="${YOUR-ROOT-DNS-ZONE-NAME}"
## Example: rootZoneDnsName=dev.yellowbrickcloud.com
childZoneDnsName="${YOUR-CHILD-DNS-ZONE-NAME}"
## Example: childZoneDnsName=xyz.dev.yellowbrickcloud.com
cat /tmp/nsrecords
vim /tmp/ns.json
## Update the following template to reflect your 4 ns record 'values'. Also change the ${childZoneDnsName} value. Ensure the "." is at the end of each entry:
{
"Comment": "Add NS records",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "${childZoneDnsName}.",
"Type": "NS",
"TTL": 60,
"ResourceRecords": [
{ "Value": "${nsRecord1}." },
{ "Value": "${nsRecord2}." },
{ "Value": "${nsRecord3}." },
{ "Value": "${nsRecord4}." }
]
}
}
]
}
## Example:
{
"Comment": "Add NS records",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "${childZoneDnsName}.",
"Type": "NS",
"TTL": 60,
"ResourceRecords": [
{ "Value": "ns-852.awsdns-42.net." },
{ "Value": "ns-174.awsdns-21.com." },
{ "Value": "ns-1857.awsdns-40.co.uk." },
{ "Value": "ns-1384.awsdns-45.org." }
]
}
}
]
}
## Add the NS records of your child zone to your root zone
rootZoneId=$(aws route53 list-hosted-zones --query "HostedZones[?Name == '${rootZoneDnsName}.'].Id | [0]" --output text | cut -d'/' -f3)
echo "${rootZoneId}"
aws route53 change-resource-record-sets --hosted-zone-id $rootZoneId --change-batch file:///tmp/ns.json
## Example output:
# {
# "ChangeInfo": {
# "Id": "/change/C08335323T0L071YY3EW9",
# "Status": "PENDING",
# "SubmittedAt": "2024-09-05T00:39:24.469000+00:00",
# "Comment": "Add NS records"
# }
#}
## Confirm child zone ns records were added to root zone:
aws route53 list-resource-record-sets \
--hosted-zone-id $rootZoneId \
--query "ResourceRecordSets[?Name == '${childZoneDnsName}.' && Type == 'NS']" \
--output json
## Example output:
[
{
"Name": "xyz.dev.yellowbrickcloud.com.",
"Type": "NS",
"TTL": 60,
"ResourceRecords": [
{
"Value": "ns-2029.awsdns-61.co.uk."
},
{
"Value": "ns-562.awsdns-06.net."
},
{
"Value": "ns-190.awsdns-23.com."
},
{
"Value": "ns-1322.awsdns-37.org."
}
]
}
]Step 3: Test DNS resolution of the child hosted zone with dig or nslookup
dig -t NS $childZoneDnsName
## EXAMPLE: dig -t NS mysubdomain.dev.mydomain.com
## You should see an ANSWER section
# ;; ANSWER SECTION:
# mysubdomain.dev.mydomain.com. 172800 IN NS ns-1241.awsdns-27.org.
# mysubdomain.dev.mydomain.com. 172800 IN NS ns-1703.awsdns-20.co.uk.
# mysubdomain.dev.mydomain.com. 172800 IN NS ns-490.awsdns-61.com.
# mysubdomain.dev.mydomain.com. 172800 IN NS ns-527.awsdns-01.net.
nslookup -type=ns $childZoneDnsNameStep 4: In the account of your Yellowbrick deployment, add the Yellowbrick Manager IP or DNS A record name to your hosted zone:
You will need to retrieve the Yellowbrick Manager ip and update the 'ip' variable. This record can be anything you desire (manager, mgr, yb-manager, etc). We will be creating a simple A record pointing to a name you desire (Example: 142.250.65.110 referencing manager.yellowbrick.com).
## Ensure aws cli is pointed to the correct aws account of the Yellowbrick install. The account where the childZone is located
export AWS_PROFILE=$YOURPROFILE
## Update the dnsName to reflect your Yellowbrick Manager IP
dnsName=""
## Example: dnsName=afc7bd334fd5d4c5cbd2e7b2533e0e4b-e1f916f82bad35e7.elb.us-east-1.amazonaws.com
## You can also retrieve the dns via kubectl:
## dnsName=$(kubectl -n $NAMESPACE get service yb-manager-service -o json | jq '.status.loadBalancer.ingress[].hostname' | sed 's/"//g') && echo $dnsName
nlbName=$(echo "$dnsName" | awk -F'-' '{print $1}') && echo $nlbName
nlbZoneId=$(aws elbv2 describe-load-balancers --names $nlbName --query 'LoadBalancers[0].CanonicalHostedZoneId' | sed 's/"//g') && echo $nlbZoneId
childZoneId=$(aws route53 list-hosted-zones --query "HostedZones[?Name == '${childZoneDnsName}.'].Id | [0]" --output text | cut -d'/' -f3) && echo $childZoneId
## Edit the following json and add the A record to your child zone. You will need to change 'recordNameYm', 'childZoneDnsName', 'nlbZoneId', and 'dnsName'. The value for recordNameYm can be any string (Ex. "manager", "ym", "yb-manager", etc)
recordNameYm=""
## Example: recordNameYm="manager"
cat >/tmp/ym.json <<EOF
{
"Comment": "Add A record for Yellowbrick Manager",
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "${recordNameYm}.${childZoneDnsName}.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "${nlbZoneId}",
"DNSName": "${dnsName}.",
"EvaluateTargetHealth": true
}
}
}
]
}
EOF
cat /tmp/ym.json
## Example json: The HostedZoneId is not the zone id of your childZone. It's the zone id of the NLB.
{
"Comment": "Add A record for Yellowbrick Manager",
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "manager.xyz.dev.yellowbrickcloud.com.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z26RNL4JYFTOTI",
"DNSName": "a5b093499a6cf43f08c56afb7dbcaf78-62235f00c1f799a3.elb.us-east-1.amazonaws.com.",
"EvaluateTargetHealth": true
}
}
}
]
}Step 5: Apply the record for Yellowbrick Manager
aws route53 change-resource-record-sets --hosted-zone-id $childZoneId --change-batch file:///tmp/ym.jsonStep 6: Check DNS resolution for the Yellowbrick Manager
dig -t A "${recordNameYm}.${childZoneDnsName}"
## Example: dig -t A manager.xyz.dev.yellowbrickcloud.com
## Example output:
;; ANSWER SECTION:
manager.xyz.dev.yellowbrickcloud.com. 55 IN A **.**.54.6Step 7: Add the data warehouse instance ip(s) or DNS name of the NLB to your child hosted zone
You will need to retrieve your IP associated with the data warehouse instance. This can be found in the Yellowbrick Manager under "instances."
*For each data warehouse instance, you will need to enter a DNS record by performing this step.
## Ensure aws cli is pointed to the correct aws account of the Yellowbrick install. The account where the childZone is located
export AWS_PROFILE=$YOURPROFILE
## Retrieve the NLB A record of the data warehouse instance from the Yellowbrick Manager under 'Instances' > 'Host/Port'. **IMPORTANT: Perform the remaining steps for each data warehouse instance to create an entry into Route53.
dnsName=""
## Example: dnsName=afc7bd334fd5d4c5cbd2e7b2533e0e4b-e1f916f82bad35e7.elb.us-east-1.amazonaws.com
## You can also retrieve the dns via kubectl:
## dnsName=$(kubectl -n $NAMESPACE get service ybinst-${instanceName} -o json | jq '.status.loadBalancer.ingress[].hostname' | sed 's/"//g') && echo $dnsName
nlbName=$(echo "$dnsName" | awk -F'-' '{print $1}') && echo $nlbName
nlbZoneId=$(aws elbv2 describe-load-balancers --names $nlbName --query 'LoadBalancers[0].CanonicalHostedZoneId' | sed 's/"//g') && echo $nlbZoneId
childZoneId=$(aws route53 list-hosted-zones --query "HostedZones[?Name == '${childZoneDnsName}.'].Id | [0]" --output text | cut -d'/' -f3) && echo $childZoneId
## Create the json for Route53. 'recordNameDw', 'childZoneDnsName', 'nlbZoneId', and 'dnsName' parameters should all be set. The value for recordNameDw can be any string (Ex. "dw", "mydatawarehouse", "dw-dev", etc).
recordNameDw=""
## Example: recordNameDw="dw"
cat >/tmp/dw.json <<EOF
{
"Comment": "Add A record for Yellowbrick Manager",
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "${recordNameDw}.${childZoneDnsName}.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "${nlbZoneId}",
"DNSName": "${dnsName}.",
"EvaluateTargetHealth": true
}
}
}
]
}
EOF
cat /tmp/dw.json
## Example output: All of the parameters should be set from previous commands. The HostedZoneId is not the zone id of your childZone. It's the zone id of the NLB associated with the data warehouse.
{
"Comment": "Add A record for Yellowbrick Manager",
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "dw.xyz.dev.yellowbrickcloud.com.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "***TOTI",
"DNSName": "***********99a3.elb.us-east-1.amazonaws.com.",
"EvaluateTargetHealth": true
}
}
}
]
}Step 8: Apply the record for the data warehouse instance
aws route53 change-resource-record-sets --hosted-zone-id $childZoneId --change-batch file:///tmp/dw.jsonStep 9: Check DNS resolution
dig -t A ${recordNameDw}.${childZoneDnsName}
## Example: dig -t A manager.xyz.dev.yellowbrickcloud.com