How do I resolve domain names from AWS to on-premises data centers?
To resolve domain names from AWS to on-premises data centers, we need to set up an AWS Route 53 private hosted zone and configure a VPN connection to your on-premises network. This allows on-premises data centers to resolve domains defined in an AWS Route 53 hosted zone. The steps include creating a VPC, setting up a VPN, configuring the private hosted zone, and associating it with the VPC.
Here’s how you can do it:
- Create a VPC: This VPC will be associated with our Route 53 private hosted zone.
- Set up VPN Gateway: This will facilitate the connection between AWS and your on-premises network.
- Configure the Customer Gateway: Defines the information related to the on-premises gateway device.
- Create a VPN Connection: Establishes the actual connection between AWS and on-premises.
- Configure the Private Hosted Zone: Route 53 private hosted zone for internal DNS resolution.
- Associate the Hosted Zone with the VPC: Links the DNS for the VPC.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const main = new aws.ec2.Vpc("main", {cidrBlock: "10.0.0.0/16"});
const gw = new aws.ec2.InternetGateway("gw", {vpcId: main.id});
const r = new aws.ec2.RouteTable("r", {vpcId: main.id});
const example = new aws.ec2.Route("example", {
routeTableId: r.id,
destinationCidrBlock: "0.0.0.0/0",
gatewayId: gw.id,
});
const mainVpcDhcpOptions = new aws.ec2.VpcDhcpOptions("main", {
domainName: "example.com",
domainNameServers: ["AmazonProvidedDNS"],
});
const a = new aws.ec2.VpcDhcpOptionsAssociation("a", {
vpcId: main.id,
dhcpOptionsId: mainVpcDhcpOptions.id,
});
const cgw = new aws.ec2.CustomerGateway("cgw", {
bgpAsn: "65000",
ipAddress: "203.0.113.1",
type: "ipsec.1",
tags: {
Name: "CustomerGateway",
},
});
const vpg = new aws.ec2.VpnGateway("vpg", {
vpcId: main.id,
tags: {
Name: "VPNGateway",
},
});
const vpn = new aws.ec2.VpnConnection("vpn", {
customerGatewayId: cgw.id,
vpnGatewayId: vpg.id,
type: "ipsec.1",
staticRoutesOnly: true,
tags: {
Name: "VPNConnection",
},
});
const vpnRoute = new aws.ec2.Route("vpn_route", {
routeTableId: r.id,
destinationCidrBlock: "192.168.1.0/24",
gatewayId: vpg.id,
});
const _private = new aws.route53.Zone("private", {
name: "example.internal",
vpcs: [{
vpcId: main.id,
}],
});
In this setup:
- VPC and Subnet: Defines the isolated network within AWS.
- Internet Gateway: Connects the VPC to the internet.
- DHCP Options: Used to provide domain name resolution within the VPC.
- Customer Gateway: Represents the on-premises gateway.
- VPN Gateway: VPN endpoint on AWS side.
- VPN Connection: Establishes the secure connection between AWS and on-premises.
- Route53 Private Hosted Zone: DNS zone that will be associated with the VPC for internal resolution.
Conclusion
We’ve configured a setup to resolve domain names from AWS using Route 53, through a VPN connection to an on-premises data center. This includes setting up a VPC, creating an internet gateway, configuring VPN connections, and associating Route 53 private hosted zones for internal DNS.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.