Avi Load Balancer integrates with AWS to provide DNS services to applications running on instances in AWS.

Note:

  • AWS Cloud in Avi Load Balancer supports integration with Route53 in the same AWS Account by enabling route53_integration in the cloud configuration. In this scenario, the DNS profile configuration described in this section is not required.

  • The DNS provider configuration described below is required for the following use cases:

    • When the required Route53 service for integration is in a different AWS Account/VPC than the account defined in the AWS Cloud configuration.

    • When it is desired to register FQDNs in AWS Route53 for virtual services defined in other cloud types (For example, Azure Cloud).

  • CNAME record type is not supported. Only A record type is supported for AWS DNS.

You need one of the following credentials for implementing AWS as the DNS provider:

  • Identity and Access Management (IAM) roles - Set of policies that define access to resources within AWS.

  • AWS customer account key - Unique authentication key associated with the AWS account.

Configure AWS DNS

  1. Navigate to Templates > Profiles > IPAM/DNS Profiles > CREATE > DNS Profile.

  2. Select AWS Route 53 DNS as Type.

  3. If using IAM Role:

    1. Follow the steps in IAM Role Setup for Installation into AWS to set up the IAM roles before beginning deployment of the Avi Load Balancer Controller EC2 instance.

    2. Route53 policy is mandatory.

    3. Click CHANGE CREDENTIALS and select Use IAM Roles.



  4. If using Access Key:

    1. Click CHANGE CREDENTIALS and select Use Access Keys.



      For more information, see Managing access keys for IAM users.

    2. Enter the following information:

      Field

      Description

      Access Key ID

      AWS customer key ID.

      Secret Access Key

      Customer key.

      Region

      AWS region into which the VIPs will be deployed.

      Access AWS through Proxy

      Select if access to AWS endpoints requires a proxy server.

      Use Cross-Account AssumeRole

      Select if the AWS credentials or role is being leveraged to access across accounts.

      For more information, see AWS Cross-Account AssumeRole Support.

    3. Click Next.

  5. In the VPC drop-down menu, select the appropriate VPC from the available VPCs in that region.

  6. Usable Domain displays the available domain names associated with that VPC. Configure at least one domain for virtual service’s FQDN registration with Route 53.

  7. Click Save.