4 minute read | Content level: Intermediate<\/p>\n\n\n\n
AWS re:Post – How do I share a Route 53 profile with a VPC in a different account?<\/a><\/p>\n\n\n\n I want to associate my Amazon Route 53 profiles with an Amazon Virtual Private Cloud (Amazon VPC) that belongs to a different AWS account.<\/p>\n\n\n\n To associate Route 53 profiles from Account A with an Amazon VPC in Account B, share the resources from the account that owns the profiles. Then, accept the invitation from the AWS account with which you want to share.<\/p>\n\n\n\n Note<\/strong>: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI<\/a>. Also, make sure that you’re using the most recent AWS CLI version<\/a>.<\/p>\n\n\n\n Before you begin, consider the following: VPC configurations manged by profiles include:<\/p>\n\n\n\n Complete the following steps:<\/p>\n\n\n\n Note<\/strong>: Replace name<\/strong> with your profile name.<\/p>\n\n\n\n Note<\/strong>: From the command’s output, note the profile ARN (Arn) that you want to associate.<\/p>\n\n\n\n Note<\/strong>: Replace name<\/strong> with your specified profile name, resource-arns<\/strong> with the ARN output from step 2, and principals<\/strong> with the account ID (Account B) you want to share with.<\/p>\n\n\n\n In the console, the Share status<\/strong> of the shared profile changes from “Not shared” to “Shared by me”.<\/p>\n\n\n\n Note<\/strong>: When creating a resource share limited to member AWS organization accounts, add –no-allow-external-principals<\/strong> to the command:<\/p>\n\n\n\n When sharing resources within an organization, principals in the organization can access shared resources without exchanging invitations.<\/p>\n\n\n\n Note<\/strong>: From the command’s output, note the invitation ARN (resourceShareInvitationArn).<\/p>\n\n\n\n Note<\/strong>: Replace resource-share-invitation-arn<\/strong> with the ARN from step 1 output.<\/p>\n\n\n\n Note<\/strong>: From the command’s output, note the profile ID (Id).<\/p>\n\n\n\n Note<\/strong>: Replace name<\/strong> with your specified profile name, profile-id<\/strong> with the Id from step 3 output, and resource-id<\/strong> with the VPC ID you want to associate.<\/p>\n\n\n\n Note<\/strong>: Replace profile-id<\/strong> with the Id from step 3 output and verify the associated VPC in ResourceId.<\/p>\n\n\n\n Now DNS queries from this VPC will follow the Route 53 profile rules.<\/p>\n\n\n\n [1] Documentation > AWS Route 53 > Working with shared Route 53 Profiles<\/a> <\/p>","protected":false},"excerpt":{"rendered":" I want to associate my Amazon Route 53 profiles with an Amazon Virtual Private Cloud (Amazon VPC) that belongs to a different AWS account.<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[186],"tags":[187,233,234],"class_list":["post-5630","post","type-post","status-publish","format-standard","hentry","category-aws","tag-aws","tag-route-53","tag-vpc"],"_links":{"self":[{"href":"https:\/\/saraheee.com\/ko\/wp-json\/wp\/v2\/posts\/5630"}],"collection":[{"href":"https:\/\/saraheee.com\/ko\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/saraheee.com\/ko\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/saraheee.com\/ko\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/saraheee.com\/ko\/wp-json\/wp\/v2\/comments?post=5630"}],"version-history":[{"count":7,"href":"https:\/\/saraheee.com\/ko\/wp-json\/wp\/v2\/posts\/5630\/revisions"}],"predecessor-version":[{"id":5640,"href":"https:\/\/saraheee.com\/ko\/wp-json\/wp\/v2\/posts\/5630\/revisions\/5640"}],"wp:attachment":[{"href":"https:\/\/saraheee.com\/ko\/wp-json\/wp\/v2\/media?parent=5630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/saraheee.com\/ko\/wp-json\/wp\/v2\/categories?post=5630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/saraheee.com\/ko\/wp-json\/wp\/v2\/tags?post=5630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n\n\n\nShort description<\/h2>\n\n\n\n
Resolution<\/h2>\n\n\n\n
Prerequisites:<\/h3>\n\n\n\n
\n
Route 53 profiles owner account (Account A)<\/h3>\n\n\n\n
Resource managed by profiles include:<\/p>\n\n\n\n\n
\n
Create the Route 53 profiles (if you don’t have one already)<\/h4>\n\n\n\n
\n
aws route53profiles create-profile --name [name]<\/code><\/pre>\n\n\n\n\n
aws route53profiles list-profiles<\/code><\/pre>\n\n\n\nShare the Route 53 profiles with AWS RAM<\/h4>\n\n\n\n
\n
aws ram create-resource-share --name [name] --resource-arns arn:aws:route53profiles:[region]:[account-a-id]:profile\/[rp-profile-id] --principals [account-b-id]<\/code><\/pre>\n\n\n\naws ram create-resource-share --name [name] --resource-arns arn:aws:route53profiles:[region]:[account-a-id]:profile\/[rp-profile-id] --principals [account-b-id] --no-allow-external-principals<\/code><\/pre>\n\n\n\nRoute 53 profiles shared account (Account B)<\/h3>\n\n\n\n
Accept the resource share invitation<\/h4>\n\n\n\n
\n
aws ram get-resource-share-invitations<\/code><\/pre>\n\n\n\n\n
aws ram accept-resource-share-invitation --resource-share-invitation-arn arn:aws:ram:[region]:[account-a-id]:resource-share\/[resource-share-invitation-id]<\/code><\/pre>\n\n\n\nAssociate Route 53 profile with VPC<\/h4>\n\n\n\n
\n
aws route53profiles list-profiles<\/code><\/pre>\n\n\n\n\n
aws route53profiles associate-profile --name [name] --profile-id [rp-profile-id] --resource-id [vpc-id]<\/code><\/pre>\n\n\n\n\n
aws route53profiles list-profile-associations --profile-id [rp-profile-id]<\/code><\/pre>\n\n\n\nRelated information<\/h2>\n\n\n\n
[2] Documentation > AWS Command Line Interface > AWS RAM examples using AWS CLI<\/a>
[3] Documentation > AWS RAM > Sharing your AWS resources<\/a><\/p>\n\n\n\n