Hey everyone! I'm currently working on restructuring our AWS setup by splitting our main account into several sub-accounts. I'd like to implement private DNS zones—ideally one for each sub-account—so that workloads can resolve private IPs across these accounts. All the accounts are interconnected, but I'm a bit confused about the best approach for this. Any insights would be greatly appreciated!
1 Answer
Private hosted zones are tied to a specific VPC, so typically you would need to create them in each account. If you're looking to connect these across your accounts, you might want to use Route 53 Resolver Endpoints, which allow DNS queries to be forwarded between private hosted zones. Just make sure your VPCs can communicate, perhaps using VPC peering. However, if your private services need to be accessed with a more comprehensive service discovery function, consider using VPC Lattice or PrivateLink for more straightforward setups if you're handling fewer services.
I've heard about VPC Lattice, but isn't it a bit pricey?