Hey everyone! I'm relatively new to AWS and need some help. We're managing several AWS accounts, each with its own subdomains for services (like serviceA.account1.example.com). We're considering moving to a unified domain format like example.com/serviceA and example.com/serviceB, where these services will be hosted across different accounts. Our goals include using a single root domain, implementing path-based routing to different services despite them being in different accounts, and simplifying DNS management. What AWS-native or hybrid architectures can help us achieve this? Is it possible to configure Route 53 centrally across accounts? I appreciate any advice, architectural diagrams, or best practices you might have. Thanks a lot!
5 Answers
We implemented something similar but instead of a centralized Application Load Balancer (ALB), we used CloudFront, which dynamically routes requests to different origins using Lambda@Edge. Each service like /serviceA and /serviceB can point to various origins across different accounts. This could simplify your setup!
You could set up CloudFront in one account with origins pointing to ALBs for services like svca and svcb in other accounts. Just configure behaviors in CloudFront for mydomain.com/svca to direct traffic to the right origins.
I'm just wondering why you're shifting to a single domain? While it can streamline things, it also introduces a single point of failure for all services.
We’re still exploring options. You're right about the single point of failure, though there's no strong technical need for this change right now—it's more about understanding the feasibility and potential benefits.
I'd recommend against migrating to path-based routing across accounts. DNS management might become more complicated than necessary in that setup.
Yes, you can centralize your Route 53 configuration significantly. One approach is to set up an ALB in the account holding your root domain. The ALB can then filter traffic based on paths (like /serviceA and /serviceB) and route it to either other ALBs or specific IPs in your secondary accounts. This moves the routing process from DNS to the ALB, although be aware that you’ll incur extra costs for the load balancer. Alternatively, you could configure your services directly in the root account, leading to their respective subdomains without needing an intermediate hosted zone.
What’s the best way to set up private connectivity between AWS accounts when using a centralized ALB? Should the ALB utilize VPC endpoints, VPC peering, or a Transit Gateway for routing traffic to services in different accounts?
Thanks for the suggestion! I'll try the centralized ALB approach and see how it fits our setup. Appreciate your help!
Thanks! I'll give that a shot.