Sub-domain management in Route53
Assume you have a company with a primary domain. The company had only one branch at first, but as it grew and opened branches in other locations, it became necessary to register distinct domains for those branches under the main name.
In the above example, the main domain is example.com, and you’ve opened two branches and given them the domains sub1 and sub2.
The main domain is hosted on AWS, and you have two system administrators at each branch, each with two IAM users to manage the subdomains.
For both subdomains, you must first create the hosted zone. I’m only using one example here, namely sub1.example.com; the others are identical.
If Admin1 is in charge of sub1.example.com, the first thing they must do is create a hosted zone for the sub-domain under Route53.
By default, the subdomain will have two records: an NS record and a SOA record.
Here I’ve created a hosted zone for sub1 under my main domain vyshnavlalp.ml
The NS records must be added under the main domain once the hosted zone has been created.
You can add records like www.sub1.vyshnavlal.ml, test.sub1.vyshnavlalp.ml, etc. under the hosted zone of sub1.vyshnavlalp.ml once the NS records have started to propagate.
As previously stated, you can control the subdomain independently from another IAM account via a Route53 hosted zone.
I’ve attached a custom policy that allow IAM user to access the subdomain hosted zone only.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"route53:GetHostedZone",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/<Hosted zone ID of subdomain from route 53>"
},
{
"Sid": "Statement2",
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:GetHostedZoneCount",
"route53:ListHostedZonesByName"
],
"Resource": "*"
}
]
}Change the subdomain’s hosted zone ID to yours. After that, assign the policy to the desired IAM user.
That’s it!
