dev/stage/prod in separate AWS accounts, managed via terraform cloud workspaces, how can I use lb ip in DNS records for each env?
-
We currently have 4 aws accounts:
- root - consolidated billing, domain purchased via route 53
- development
- staging
- production
And they're all managed via terraform cloud as separate workspaces.
in dev/stage/prod I have a load balancer routing requests to ECS and various other resources.
I'd like to use the same domain to point to each environment with the following path:
- dev.mydomain.com => development load balancer
- stage.mydomain.com => staging load balancer
- mydomain.com => prodution load balancer
If they were all in 1 single AWS account/workspace, this would be easy peasy, take the output of that static IP and add it into the route 53 A record for each subdomain.
But, is it possible at all to achieve this across multiple aws accounts, or is there a better pattern to follow to achieve this?
-
One simple way would be to delegate the subdomain of
mydomain.comfor each account to that account's Route53 service. After you do this, the credentials that allow Terraform to create load balancers, servers, and other things in the Dev account can also create/update/delete the DNS records fordev.mydomain.com. The different credentials that manage resources in the Stage account can also manage DNS entries instage.mydomain.com. The DNS for the different accounts is kept separate just like the other resources.The way to do this is to create
dev.mydomain.comas a public domain in the Dev account's Route53. Take down the list of DNS servers reported there, and add them as NS records for the namedev.mydomain.comin the Root account's Route53. Follow a similar pattern for the subdomains for the other accounts.
