AWS GovCloud (US)
User Guide

Setting Up Amazon Route 53 Zone Apex Support with an AWS GovCloud (US) Elastic Load Balancing Load Balancer

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. It is designed to provide an extremely reliable and cost effective way to route end users to Internet applications by translating human readable names like into numeric IP addresses like that computers use to connect to each other.

Amazon Route 53's DNS implementation connects user requests to infrastructure running inside (and outside) of Amazon Web Services (AWS). For example, if you have multiple web servers running on Amazon Elastic Compute Cloud (Amazon EC2) instances behind an Elastic Load Balancing load balancer, Amazon Route 53 will route all traffic addressed to your website (e.g. to the load balancer DNS name (e.g.

Additionally, Amazon Route 53 supports the alias resource record set, which lets you map your zone apex (e.g. DNS name to your load balancer DNS name. IP addresses associated with Elastic Load Balancing can change at any time due to scaling or software updates. Amazon Route 53 responds to each request for an alias resource record set with one IP address for the load balancer. If a load balancer has more than one IP address, Elastic Load Balancing selects one of the IP addresses in a round-robin fashion and returns it to Amazon Route 53; Amazon Route 53 then responds to the request with that IP address.

Alias resource record sets are virtual records that work like CNAME records. But they differ from CNAME records in that they are not visible to resolvers. Resolvers only see the A record and the resulting IP address of the target record. As such, unlike CNAME records, alias resource record sets are available to configure a zone apex (also known as a root domain or naked domain) in a dynamic environment.

This section provides a solution for Amazon Route 53 zone apex alias support by setting up an Amazon CloudFront distribution between Amazon Route 53 and an AWS GovCloud (US) Elastic Load Balancing load balancer. The solution demonstrates how to configure Amazon Route 53 with a zone apex alias resource record set that maps to a CloudFront web distribution DNS name. The CloudFront distribution in turn points to the AWS GovCloud (US) load balancer DNS name as a custom origin.

An additional benefit of this approach is that CloudFront can help improve the performance of your website, including both static and dynamic content. For more information about CloudFront, see the CloudFront documentation.

The following figure shows the various AWS services used to demonstrate this solution:

Step 1: Sign Up for AWS GovCloud (US)

  • To use AWS services in the AWS GovCloud (US) Region, you must have an AWS GovCloud (US) account. If you don't have an account, see Signing Up for AWS GovCloud (US) for more information.

Step 2: Create Your Resources in the AWS GovCloud (US) Region

  1. Create two web application Amazon EC2 servers via the AWS GovCloud (US) console and confirm that they are in a running state. Configuring the web servers on the Amazon EC2 instances is outside of the scope of this section.

  2. Create an Elastic Load Balancing load balancer and add the two instances created in the previous step to the load balancer. Confirm that the instances are in service and note the DNS name of the newly created load balancer.

  3. Test access to your website by entering the load balancer DNS name in a web browser. You can verify the load balancer is balancing traffic between the two instances by waiting at least one minute between requests.

Step 3: Create a CloudFront Custom Origin Web Distribution

Because AWS GovCloud (US) is not currently integrated into the CloudFront service, you must create a CloudFront distribution using your standard AWS account.

  1. Sign in to the CloudFront console with your standard AWS account, and choose Create Distribution.

  2. Select the Web distribution delivery method, and then choose Continue.

  3. In Origin Domain Name, type the AWS GovCloud (US) load balancer DNS name to create a custom origin.

  4. In Alternate Domain Names (CNAMEs), add the zone apex name.

  5. Choose Create Distribution.

  6. After the status for the new distribution changes to Deployed, make a note of the domain name. You will use this domain name when you set up Amazon Route 53 in the next step.

For information about how CloudFront processes and forwards requests to a customer origin server, such as an AWS GovCloud (US) load balancer, see the CloudFront documentation.

Step 4: Configure a New Amazon Route 53 Alias Resource Record Set

  1. Using your standard AWS account from the previous step, sign in to the Amazon Route 53 console.

  2. Create a new alias resource record set for your root domain name. For Alias, choose Yes. From the Alias Target drop-down list, select the CloudFront distribution name you created earlier.

Step 5: Test that Your Website Is Accessible

  • Enter your root domain in a web browser to verify that your website is accessible.

Congratulations! You have successfully pointed your zone apex at your Elastic Load Balancing load balancer in the AWS GovCloud (US) Region.

For more information about Amazon Route 53, see the Amazon Route 53 documentation.