Route53 With a Private Hosted Zone

Route53 is an AWS service that provides a mapping between domain names and IP addresses. At first glance, this could lead us to think that we can't do an effective hands-on with Route53 without having to purchase a domain name from AWS or any other domain registrar. We should fear not, for AWS provides an option for a private hosted-zone to create and test the Route53 concepts.

Resources and Prerequisites

In preparing for the AWS certified solutions architect associate certification, I have been referring to the Ultimate AWS Certified Solutions Architect Associate 2021 Udemy course.

As a pre-requisite, I am assuming that you have good knowledge of creating and configuring EC2 instances, ELBs, setting up security groups, etc.

The first step is to sign up for an AWS account if you don't have already have one at this link.

Setup

The next steps are given below:

1. Navigate to the EC2 services under any of the AWS regions, for my learning, I usually use US-East-2/Ohio.

2. Create two EC2 instances with the Amazon Linux and t2.micro (Free Tier) eligible size. Name them as webinstance1 and webinstance2.

3. In the user data section while creating these EC2 instances add the code below to install and configure a web server:

#!/bin/bash

########################################################
##### USE THIS FILE IF YOU LAUNCHED AMAZON LINUX 2 #####
########################################################

# get admin privileges
sudo su
# install httpd (Linux 2 version)
yum update -y
yum install -y httpd.x86_64
systemctl start httpd.service
systemctl enable httpd.service
echo "Hello World from $(hostname -f)" > /var/www/html/index.html

4. After the instances are created, note the private IPs and the VPC that is attached to this instance.

5. Since, we are creating a private hosted zone, it is necessary for us to access this web page from the private IP of these instances.

6. There are two options, either we use the same instance to check the accessibility of the web page via the private IP or use another one. I prefer to use a different instance.

8. Create a third AWS EC2 instance of t2.micro size in the same VPC, name it as accessinstance1.

9. After accessinstance1 is created, login to the instance and check if you can access the web page on instance1 with the following command: curl http://<private IP>:80. You should see a response of the format Hello World from $(hostname -f) from both instances.

10. An application load balancer (ELB) should now be created, call it r53loadbalancer. it should be in the same VPC as the instances. Create a target group with webinstance1 and webinstance2.

If you are able to successfully access the webpage via curl, then you are set to learn Route53.

Route53

Route53 is a Managed DNS system and allows to map domain names with IP addresses and AWS resources. It provides multiple options for accessing the instances which host these domains and are very interesting. So, let's get started:

Concepts

There are 4 types of records in Route53:

A: Mapping a hostname to an IPv4 address.

AAAA: Mapping a hostname to an IPv6 address.

CNAME: Mapping a hostname to another hostname.

Alias: Mapping a hostname to an AWS resource.

Creating the Private Hosted Zone

The steps to follow now are:

1. Select DNS Management-> Hosted Zone-> Private hosted zone and name it as r53privatezone 
2. The hosted zone r53privatezone should be present in the same region as the EC2 instances and the load balancer. In my case, it is US-East-2
3. The hosted zone r53privatezone should also be in the same VPC as the EC2 instances and the load balancer
4. You will find that there are two default records already created, a NS (list of name servers) and an SOA (start of authority) record

Creating the 'A' Record: Mapping a Route53 Record to An IP Address

1. Create the first record: of type A, the Record name is webinstance1.r53privatezone. The Value this should map to is the private IP of webinstance1.
2. Keep the routing policy as simple and save it.
3. Access the record webinstance1.r53privatezone from the console of accessintance1 with the command curl http://webinstace1.r53privatezone, and confirm if you can see the message Hello World from $(hostname -f).
4. If yes, you have now created the first Route53 record in a Private Hosted Zone, Congratulations!!

Creating an Alias Record: Mapping a Route53 Record to An AWS Resource

1.  Name the record as alias.r53privatezone.
2.  This will be an A record.
3.  Ensure that you select the Alias option.
4. In the Route traffic to section, select Alias to Application and Classic Load Balancer.
5. The region should be the same as what has been used before by you, in my case it is US-East-2.
6. In the search box, you should see the DNS name of the load balancer that you created earlier in the form dualstack**-r53loadbalancer.xxxx.xxxx.
7. Select this name and create the record.
8. From the accessinstance1 execute the command curl http://alias.r53privatezone and check if you can see the message Hello World from $(hostname -f). The IP address should keep varying between the private IPs for webinstance1 and webinstance2.

Note: I have seen that mapping an Alias record usually takes about 5 minutes, keep this in mind before executing the curl command.

Creating a CNAME Record: Mapping a Route53 Record to Another Host

1. Name the record as cname.r53privatezone.
2. The record type is CNAME.
3. The value that this maps to is webinstance1.r53privatezone.
4. Create the record.
5. From the accessinstance1 execute the command curl http://cname.r53privatezone and check if you can see the message Hello World from $(hostname -f). The IP address should be the private IP of webisntance1.

There are many other options to try out with Routing policies in each of these records. I hope with this introduction, you will be able to explore all the features of Route 53 without having to buy a Domain name.

Happy Hands-On Labs!!!

PS: Don't forget to delete all the resources at the end of your lab session.