Hi again folks 🤩 my org is transitioning into an AWS CT based multi-account strategy centered around OUs. I've glanced through the docs over at -> https://www.pulumi.com/registry/packages/aws/api-docs/organizations/ and have a few questions. Currently, our OUs are structured vertically by environment with sub OUs horizontally per team which in turn contain aws accounts. The use case I'm trying to figure out is how would we use Pulumi to set up Route 53 in a cross-env devops account sitting at SDLC root (same node level as all of our environment OUs) and route different subdomains from it to different environments (more concerned about the actual config from an infra standpoint than the account and OU management aspects here). In short, we're trying to find the best way to go about having Route53 in one account point to ingresses in other accounts. Is there an example of something like this somewhere?

My AWS is rather rusty, but my first thought is perhaps you could leverage subdomains, and delegate those subdomains to these org-specific accounts. AWS has a doc on this: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingNewSubdomain.html

Yup that is the approach we're taking

Oh, I think I better follow what you're trying to do now. Sadly I don't know how this could be done in a way that centralizes all the DNS records and zones in the root (or in this case, global-infrastructure, if I'm understanding correctly). When I was suggesting zone delegation, I meant putting only the subdomain records in the global-infrastructure zone, then creating new hosted zones in each core-infrastructure (I think) that then receive authority via delegation. That way, each core-infrastructure can benefit from all the fancy AWS integrations Route 53 offers, because control of that subdomain lives within the same account as the ones you're trying to link to. I think this blog post better illustrates what I mean: https://notes.paulswail.com/public/How+to+delegate+DNS+for+subdomains+to+a+different+Route53+HostedZone