Creating Amazon Route 53 and Amazon Route 53 Resolver resources with Amazon CloudFormation
Amazon Route 53 and Amazon Route 53 Resolver are integrated with Amazon CloudFormation, a service that helps you to model and set up your Amazon resources so that you can spend less time creating and managing your resources and infrastructure. You create a template that describes all the Amazon resources that you want, and Amazon CloudFormation provisions and configures those resources for you.
When you use Amazon CloudFormation, you can reuse your template to set up your Route 53 and Route 53 Resolver resources consistently and repeatedly. Describe your resources once, and then provision the same resources over and over in multiple Amazon Web Services accounts and Regions.
Route 53, Route 53 Resolver, and Amazon CloudFormation templates
To provision and configure resources for Route 53, Route 53 Resolver, and related services, you must understand Amazon CloudFormation templates. Templates are formatted text files in JSON or YAML. These templates describe the resources that you want to provision in your Amazon CloudFormation stacks. If you're unfamiliar with JSON or YAML, you can use Amazon CloudFormation Designer to help you get started with Amazon CloudFormation templates. For more information, see What is Amazon CloudFormation Designer? in the Amazon CloudFormation User Guide.
Route 53 supports creating the following resource types in Amazon CloudFormation:
-
AWS::Route53::DNSSEC
-
AWS::Route53::HealthCheck
-
AWS::Route53::HostedZone
-
AWS::Route53::KeySigningKey
-
AWS::Route53::RecordSet
-
AWS::Route53::RecordSetGroup
For more information, including examples of JSON and YAML templates for Route 53 resources, see the Amazon Route 53 resource type reference in the Amazon CloudFormation User Guide.
Route 53 Resolver supports creating the following resource types in Amazon CloudFormation:
-
AWS::Route53Resolver::FirewallDomainList
-
AWS::Route53Resolver::FirewallDomainList
-
AWS::Route53Resolver::FirewallRuleGroupAssociation
-
AWS::Route53Resolver::ResolverDNSSECConfig
-
AWS::Route53Resolver::ResolverEndpoint
-
AWS::Route53Resolver::ResolverQueryLoggingConfig
-
AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation
-
AWS::Route53Resolver::ResolverRule
-
AWS::Route53Resolver::ResolverRuleAssociation
For more information, including examples of JSON and YAML templates for Route 53 Resolver resources, see the Amazon Route 53 Resolver resource type reference in the Amazon CloudFormation User Guide.
Best practices for Route 53 and Amazon CloudFormation
When using Amazon CloudFormation to manage Route 53 resources, follow these best practices to avoid common issues and ensure reliable deployments.
Understanding eventual consistency
Route 53 uses an eventually consistent model for DNS changes. This can affect Amazon CloudFormation operations, particularly during rollbacks and rapid successive changes.
Important
When Amazon CloudFormation attempts to roll back DNS record changes, the rollback might fail
due to the Route 53 eventual consistency model. If Amazon CloudFormation tries to recreate a record
that was recently deleted but still appears to exist due to eventual
consistency, you might encounter InvalidChangeBatch
errors that
leave your DNS in a broken state.
To minimize issues related to eventual consistency:
-
Plan changes carefully - Avoid making rapid successive changes to the same DNS records
-
Test in non-production first - Always test DNS changes in development environments before applying to production
-
Monitor deployments - Watch Amazon CloudFormation stack events closely during DNS-related deployments. For monitoring guidance, see Monitoring Amazon Route 53.
-
Have rollback procedures ready - Prepare manual recovery procedures in case automatic rollbacks fail
DNS record ordering and logical IDs
When creating multiple DNS records in Amazon CloudFormation, be careful about record ordering and logical ID assignment.
Warning
If you define DNS records in arrays or lists within your Amazon CloudFormation template, inserting new records in the middle of the list can cause Amazon CloudFormation to reassign logical IDs to existing records. This triggers record replacements that can lead to service disruptions and rollback failures.
Best practices for DNS record management:
-
Use explicit logical IDs - Always assign explicit, meaningful logical IDs to DNS records rather than relying on array indices. For more information about Amazon CloudFormation logical IDs, see Resources section structure in the Amazon CloudFormation User Guide
-
Append new records - When adding new DNS records to existing lists, append them to the end rather than inserting them in the middle
-
Group related records - Consider using
AWS::Route53::RecordSetGroup
for managing related records together. For more information, see AWS::Route53::RecordSetGroup in the Amazon CloudFormation User Guide. -
Review change sets - Always review Amazon CloudFormation change sets before deployment to identify unexpected record replacements. For more information, see Updating stacks using change sets in the Amazon CloudFormation User Guide.
Handling rollback failures
If a Amazon CloudFormation rollback fails due to DNS-related issues, you might need to perform manual recovery.
To perform manual recovery from failed DNS rollbacks
-
Identify the failed DNS records by reviewing Amazon CloudFormation stack events and Route 53 hosted zone records
-
Manually create or update the missing DNS records through the Route 53 console or API. For information about creating records, see Working with records.
-
Once DNS is restored, update your Amazon CloudFormation template to match the current state
-
Deploy the corrected template to bring Amazon CloudFormation back in sync with the actual resources
To prevent rollback failures:
-
Avoid making changes that could trigger DNS record replacements during high-traffic periods
-
Implement health checks and monitoring to detect DNS issues quickly. For information about health checks, see Creating and updating health checks.
-
Consider using blue-green deployment strategies for critical DNS changes. For more information about deployment best practices, see Best practices for Amazon Route 53.
-
Document emergency procedures for manual DNS recovery
Learn more about Amazon CloudFormation
To learn more about Amazon CloudFormation, see the following resources: