Sharing Resolver rules with other Amazon accounts and using shared rules - Amazon Route 53
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Sharing Resolver rules with other Amazon accounts and using shared rules

You can share the Resolver rules that you created using one Amazon account with other Amazon accounts. To share rules, the Route 53 Resolver console integrates with Amazon Resource Access Manager. For more information about Resource Access Manager, see the Resource Access Manager User Guide.

Note the following:

Associating shared rules with VPCs

If another Amazon account has shared one or more rules with your account, you can associate the rules with your VPCs the same way that you associate rules that you created with your VPCs. For more information, see Associating forwarding rules with a VPC.

Deleting or unsharing a rule

If you share a rule with other accounts and then either delete the rule or stop sharing it, and if the rule was associated with one or more VPCs, Route 53 Resolver starts to process DNS queries for those VPCs based on the remaining rules. The behavior is the same as if you disassociate the rule from the VPC.

If a rule is shared to an Organizational Unit (OU) and an account in the OU is moved to a different OU, all associations with the shared rule to any VPC in the account will be deleted. However, if the Resolver rule was already shared with destination OU, then the VPC association will stay intact and will not be dissociated.

Maximum number of rules and associations

When an account creates a rule and shares it with one or more other accounts, the maximum number of rules per Amazon Region applies to the account that created the rule.

When an account that a rule is shared with associates the rule with one or more VPCs, the maximum number of associations between rules and VPCs per Region applies to the account that the rule is shared with.

For current Resolver quotas, see Quotas on Route 53 Resolver.

Permissions

To share a rule with another Amazon account, you must have permission to use the PutResolverRulePolicy action.

Restrictions on the Amazon account that a rule is shared with

The account that a rule is shared with can't change or delete the rule.

Tagging

Only the account that created a rule can add, delete, or see tags on the rule.

To view the current sharing status of a rule (including the account that shared the account or the account that a rule is shared with), and to share rules with another account, perform the following procedure.

To view sharing status and share rules with another Amazon account

  1. Sign in to the Amazon Web Services Management Console and open the Route 53 console at https://console.amazonaws.cn/route53/.

  2. In the navigation pane, choose Rules.

  3. On the navigation bar, choose the Region where you created the rule.

    The Sharing status column shows the current sharing status of rules that were created by the current account or that are shared with the current account:

    • Not shared: The current Amazon account created the rule, and the rule is not shared with any other accounts.

    • Shared by me: The current account created the rule and shared it with one or more accounts.

    • Shared with me: Another account created the rule and shared it with the current account.

  4. Choose the name of the rule that you want to display sharing information for or that you want to share with another account.

    On the Rule: rule name page, the value under Owner displays ID of the account that created the rule. That's the current account unless the value of Sharing status is Shared with me. In that case, Owner is the account that created the rule and shared it with the current account.

  5. Choose Share to view additional information or to share the rule with another account. A page in the Resource Access Manager console appears, depending on the value of Sharing status:

    • Not shared: The Create resource share page appears. For information about how to share the rule with another account, OU, or organization, skip to step 6.

    • Shared by me: The Shared resources page shows the rules and other resources that are owned by the current account and shared with other accounts.

    • Shared with me: The Shared resources page shows the rules and other resources that are owned by other accounts and shared with the current account.

  6. To share a rule with another Amazon account, OU, or organization, specify the following values.

    Note

    You can't update sharing settings. If you want to change any of the following settings, you must reshare a rule with the new settings and then remove the old sharing settings.

    Description

    Enter a short description that helps you remember why you shared the rule.

    Resources

    Choose the check box for the rule that you want to share.

    Principals

    Enter the Amazon account number, OU name, or organization name.

    Tags

    Specify one or more keys and the corresponding values. For example, you might specify Cost center for Key and specify 456 for Value.

    These are the tags that Amazon Billing and Cost Management provides for organizing your Amazon bill; you can use also tags for other purposes. For more information about using tags for cost allocation, see Using cost allocation tags in the Amazon Billing User Guide.