Creating Amazon Route 53 and Amazon Route 53 Resolver resources with Amazon CloudFormation - Amazon Route 53
Route 53, Route 53 Resolver, and Amazon CloudFormation templatesBest practices for Route 53 and Amazon CloudFormationLearn more about Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating Amazon Route 53 and Amazon Route 53 Resolver resources with Amazon CloudFormation

Amazon Route 53 and Amazon Route 53 Resolver are integrated with Amazon CloudFormation, a service that helps you to model and set up your Amazon resources so that you can spend less time creating and managing your resources and infrastructure. You create a template that describes all the Amazon resources that you want, and Amazon CloudFormation provisions and configures those resources for you.

When you use Amazon CloudFormation, you can reuse your template to set up your Route 53 and Route 53 Resolver resources consistently and repeatedly. Describe your resources once, and then provision the same resources over and over in multiple Amazon Web Services accounts and Regions.

Route 53, Route 53 Resolver, and Amazon CloudFormation templates

To provision and configure resources for Route 53, Route 53 Resolver, and related services, you must understand Amazon CloudFormation templates. Templates are formatted text files in JSON or YAML. These templates describe the resources that you want to provision in your Amazon CloudFormation stacks. If you're unfamiliar with JSON or YAML, you can use Amazon CloudFormation Designer to help you get started with Amazon CloudFormation templates. For more information, see What is Amazon CloudFormation Designer? in the Amazon CloudFormation User Guide.

Route 53 supports creating the following resource types in Amazon CloudFormation:

  • AWS::Route53::DNSSEC

  • AWS::Route53::HealthCheck

  • AWS::Route53::HostedZone

  • AWS::Route53::KeySigningKey

  • AWS::Route53::RecordSet

  • AWS::Route53::RecordSetGroup

For more information, including examples of JSON and YAML templates for Route 53 resources, see the Amazon Route 53 resource type reference in the Amazon CloudFormation User Guide.

Route 53 Resolver supports creating the following resource types in Amazon CloudFormation:

  • AWS::Route53Resolver::FirewallDomainList

  • AWS::Route53Resolver::FirewallDomainList

  • AWS::Route53Resolver::FirewallRuleGroupAssociation

  • AWS::Route53Resolver::ResolverDNSSECConfig

  • AWS::Route53Resolver::ResolverEndpoint

  • AWS::Route53Resolver::ResolverQueryLoggingConfig

  • AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation

  • AWS::Route53Resolver::ResolverRule

  • AWS::Route53Resolver::ResolverRuleAssociation

For more information, including examples of JSON and YAML templates for Route 53 Resolver resources, see the Amazon Route 53 Resolver resource type reference in the Amazon CloudFormation User Guide.

Best practices for Route 53 and Amazon CloudFormation

When using Amazon CloudFormation to manage Route 53 resources, follow these best practices to avoid common issues and ensure reliable deployments.

Understanding eventual consistency

Route 53 uses an eventually consistent model for DNS changes. This can affect Amazon CloudFormation operations, particularly during rollbacks and rapid successive changes.

Important

When Amazon CloudFormation attempts to roll back DNS record changes, the rollback might fail due to the Route 53 eventual consistency model. If Amazon CloudFormation tries to recreate a record that was recently deleted but still appears to exist due to eventual consistency, you might encounter InvalidChangeBatch errors that leave your DNS in a broken state.

To minimize issues related to eventual consistency:

  • Plan changes carefully - Avoid making rapid successive changes to the same DNS records

  • Test in non-production first - Always test DNS changes in development environments before applying to production

  • Monitor deployments - Watch Amazon CloudFormation stack events closely during DNS-related deployments. For monitoring guidance, see Monitoring Amazon Route 53.

  • Have rollback procedures ready - Prepare manual recovery procedures in case automatic rollbacks fail

DNS record ordering and logical IDs

When creating multiple DNS records in Amazon CloudFormation, be careful about record ordering and logical ID assignment.

Warning

If you define DNS records in arrays or lists within your Amazon CloudFormation template, inserting new records in the middle of the list can cause Amazon CloudFormation to reassign logical IDs to existing records. This triggers record replacements that can lead to service disruptions and rollback failures.

Best practices for DNS record management:

  • Use explicit logical IDs - Always assign explicit, meaningful logical IDs to DNS records rather than relying on array indices. For more information about Amazon CloudFormation logical IDs, see Resources section structure in the Amazon CloudFormation User Guide

  • Append new records - When adding new DNS records to existing lists, append them to the end rather than inserting them in the middle

  • Group related records - Consider using AWS::Route53::RecordSetGroup for managing related records together. For more information, see AWS::Route53::RecordSetGroup in the Amazon CloudFormation User Guide.

  • Review change sets - Always review Amazon CloudFormation change sets before deployment to identify unexpected record replacements. For more information, see Updating stacks using change sets in the Amazon CloudFormation User Guide.

Handling rollback failures

If a Amazon CloudFormation rollback fails due to DNS-related issues, you might need to perform manual recovery.

To perform manual recovery from failed DNS rollbacks

  1. Identify the failed DNS records by reviewing Amazon CloudFormation stack events and Route 53 hosted zone records

  2. Manually create or update the missing DNS records through the Route 53 console or API. For information about creating records, see Working with records.

  3. Once DNS is restored, update your Amazon CloudFormation template to match the current state

  4. Deploy the corrected template to bring Amazon CloudFormation back in sync with the actual resources

To prevent rollback failures:

  • Avoid making changes that could trigger DNS record replacements during high-traffic periods

  • Implement health checks and monitoring to detect DNS issues quickly. For information about health checks, see Creating and updating health checks.

  • Consider using blue-green deployment strategies for critical DNS changes. For more information about deployment best practices, see Best practices for Amazon Route 53.

  • Document emergency procedures for manual DNS recovery

Learn more about Amazon CloudFormation

To learn more about Amazon CloudFormation, see the following resources: