https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# getting-started
s
This message was deleted.
f
My AWS is rather rusty, but my first thought is perhaps you could leverage subdomains, and delegate those subdomains to these org-specific accounts. AWS has a doc on this: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingNewSubdomain.html
Pulumi should make doing this a breeze
m
Yup that is the approach we're taking
👌 1
Thanks for jumping in by the way! What I can't figure out is how to point those zones to an ingress in a different AWS account
Internally we have the following repos for IAC: • global-infrastructure (shared vertically between envs - very few things here. log sinks, stream coalescing, etc. Route53 will be one of them) • core-infrastructure (routers, VPCs, networking and persistent resources shared by multiple services in the same environment) • many service repositories each with their own stack per environment
f
Oh, I think I better follow what you're trying to do now. Sadly I don't know how this could be done in a way that centralizes all the DNS records and zones in the root (or in this case, global-infrastructure, if I'm understanding correctly). When I was suggesting zone delegation, I meant putting only the subdomain records in the global-infrastructure zone, then creating new hosted zones in each core-infrastructure (I think) that then receive authority via delegation. That way, each core-infrastructure can benefit from all the fancy AWS integrations Route 53 offers, because control of that subdomain lives within the same account as the ones you're trying to link to. I think this blog post better illustrates what I mean: https://notes.paulswail.com/public/How+to+delegate+DNS+for+subdomains+to+a+different+Route53+HostedZone
Which, again, Pulumi should make very straightforward, I imagine
Then I imagine you can use stack dependencies to pass the relevant hosted zone information between stacks
Open in Slack
PreviousNext
Powered by