How can I associate an Amazon Route 53 health check from a different AWS account to a record set in my account?
Resolution
Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.
You can associate a Route 53 health check with a record set, even if the health check and record set aren't in the same AWS account. To do this, use the AWS CLI to run the change-resource-record-sets command. Use CREATE or UPSERT to add or update a record set, specifying the health check ID from the other AWS account.
aws route53 change-resource-record-sets --hosted-zone-id Z1XYZ123XYZ --change-batch file://route53.json
Note: Be sure to replace the placeholders in the above command with your values.
To confirm that the health check is available in the other account:
- In the Route 53 console, choose Health Checks. Then, check the Health check ID column to confirm that the correct health check is in use in the route53.json file.
- Use the list-resource-record-sets command.
The route53.json file contains the following data:
{
"Comment": "This is route53.json file",
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "abc.example.com",
"Type": "A",
"SetIdentifier": "primary-record",
"Failover": "PRIMARY",
"TTL": 60,
"ResourceRecords": [
{
"Value": "1.1.1.1"
}
],
"HealthCheckId": "0385ed2d-d65c-4f63-a19b-2412a31ef431"
}
},
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "abc.example.com",
"Type": "A",
"SetIdentifier": "secondary-record",
"Failover": "SECONDARY",
"TTL": 60,
"ResourceRecords": [
{
"Value": "2.2.2.2"
}
]
}
}
]
}
Important: The Route 53 console doesn't show the associated health check on the RRSet because the health check belongs to a different account. However, you can use the AWS CLI to see the associated health check for the RRSet:
$ aws route53 list-resource-record-sets --hosted-zone-id Z1XYZ123XYZ --query "ResourceRecordSets[?Name == 'abc.example.com.']" --output json
[
{
"HealthCheckId": "0385ed2d-d65c-4f63-a19b-2412a31ef431",
"Name": "abc.example.com.",
"Type": "A",
"Failover": "PRIMARY",
"ResourceRecords": [
{
"Value": "1.1.1.1"
}
],
"TTL": 60,
"SetIdentifier": "primary-record"
},
{
"Name": "abc.example.com.",
"Type": "A",
"Failover": "SECONDARY",
"ResourceRecords": [
{
"Value": "2.2.2.2"
}
],
"TTL": 60,
"SetIdentifier": "secondary-record"
}
]
Note: Be sure to replace the placeholders in this script with your values.