What are Amazon Route 53 Profiles?
With Route 53 Profiles, you can apply and manage DNS-related Route 53 configurations across many VPCs and in different AWS accounts. Profiles make managing the DNS settings for many VPCs as easy as managing them for a single VPC and when you update a Profile, its settings are propagated to all the VPCs associated to the Profile. You can also share a Profile with AWS accounts in the same Regions by using AWS RAM. The currently Route 53 supported resources you can associate to a Profile are:
Private hosted zones and the settings specified in them.
Route 53 Resolver rules, both forwarding and system.
DNS Firewall rule groups.
Some of the VPC configurations are directly managed on the Profile. The configurations are:
Reverse DNS lookup configuration for Resolver Rules.
DNS Firewall failure mode configuration.
DNSSEC validation configuration.
For example, you can enable the DNS Firewall failure mode configuration for all the VPCs the Profile is associated to, but keep the VPC's existing DNSSEC validation configuration.
Important
Once you enable the Profile settings for the preceding configurations, and associate the Profile to a VPC, the Profile settings take effect immediately.
You can also use AWS CloudFormation to set up consistent DNS settings for newly provisioned VPCs.
You can associate one Profile per VPC and the number of resources you can associate per Profile varies. For more information, see Quotas on Route 53 Profiles .
How Route 53 Profile settings are prioritized
You can have the local DNS settings and associations set for Profiles for migration, or other testing purposes. When a DNS query matches both the Resolver rule for a private hosted zone that is directly associated with the VPC and a Resolver rule for a private hosted zone that is associated to the Profile, the local DNS settings take precedence. When DNS query is made for a conflicting domain name, the most specific one wins. The following table includes examples of the evaluation order:
DNS query | Profile rule | VPC rule | Evaluated rule |
---|---|---|---|
example.com |
example.com |
example.com |
Local VPC |
test.example.com |
test.example.com |
example.com |
Profile |
marketing.example.com |
None |
marketing.example.com |
Local VPC |
Route 53 Profiles Region availability
Route 53 Profiles are available in most commercial AWS Regions. The following table provides a list of the current availability.
Region | Profiles available? |
---|---|
Africa (Cape Town) |
Yes |
Asia Pacific (Hong Kong) |
Yes |
Asia Pacific (Hyderabad) |
Yes |
Asia Pacific (Jakarta) |
Yes |
Asia Pacific (Melbourne) |
Yes |
Asia Pacific (Mumbai) |
Yes |
Asia Pacific (Osaka) Region |
Yes |
Asia Pacific (Seoul) Region |
Yes |
Asia Pacific (Singapore) |
Yes |
Asia Pacific (Sydney) |
Yes |
Asia Pacific (Tokyo) Region |
Yes |
Canada (Central) |
Yes |
Canada West (Calgary) |
Yes |
Europe (Frankfurt) Region |
Yes |
Europe (Ireland) Region |
Yes |
Europe (London) |
Yes |
Europe (Milan) |
Yes |
Europe (Paris) |
Yes |
Europe (Spain) |
Yes |
Europe (Stockholm) |
Yes |
Europe (Zurich) |
Yes |
Israel (Tel Aviv) |
Yes |
Middle East (Bahrain) |
Yes |
Middle East (UAE) |
Yes |
South America (São Paulo) |
Yes |
US East (Ohio) |
Yes |
US West (Oregon) |
Yes |
US West (N. California) |
Yes |
US East (N. Virginia) |
Yes |