Versions Compared

Old Version 12

changes.mady.by.user Jyothi KP

Saved on

compared with

New Version 13

changes.mady.by.user Jyothi KP

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log in to Grid Manager (the Infoblox GUI).

  2. From the Grid tab, click the Amazon tab.

  3. Expand the Toolbar and click Add.

  4. In the Add Amazon Route 53 Sync Group Wizard, complete the following:

    • Sync Group Name: Enter the name of the Amazon Route 53 sync group.

    • Disable Synchronization: Select this to disable synchronization for this sync group. This allows you to keep the current configuration including all sync tasks in the group, and enable them at a later time.

    • Multiple Account Sync: Select this check box to enable multi-account support for Route 53 integration on the selected member.

    • Role ARN: Enter the ARN (Amazon Resource Name) of the role that you configured in your AWS management account.

    • Member: Click Select to choose the Grid member that will pull DNS data from Amazon Route 53. Infoblox suggests that you select a member that is not running other services and can handle the synchronization load for this feature. If you have only one Grid member in the Grid, the appliance automatically displays the member's name here. Select Clear if you want to remove the current member. You can also specify a proxy server to pull data from Amazon Route 53. For information about how to set up a proxy server, refer to the Infoblox NIOS Documentation.

    • Credentials: Select the method you want to use to authenticate the connection between the Grid member and AWS for this sync group. You can select one of the following:

      • Use instance profile: An instance profile is a container for an IAM role that you use to pass role information to an EC2 instance when the instance is up and running. Select this option if you want to collect information from AWS by waiving a user's credentials and using configuration of a predefined IAM role to get a temporary token that allows cloud API calls. When this option is enabled, you do not need to provide user credentials.

        • Single account Route 53 Synchronization: If you are synchronizing data from a single AWS account, then before selecting this method for authentication, you must first configure the option for "instance profile" in AWS, define an IAM role in the instance profile, and then set the following AWS IAM permissions for this role, otherwise, this option will remain disabled:

          • iam:GetUser

          • route53:ListHostedZones

          • route53:GetHostedZone

          • route53:ListResourceRecordSets

        • Multi-account Route 53 Synchronization: If you are synchronizing data from multiple AWS accounts of an AWS organization, ensure that the EC2 instance is running in the parent account and the parent account has the org admin permissions in AWS. For more information, see Setting up the AWS Environment for Multi-Account Route 53 Synchronization.

      • Use IAM credential: Select this if you want to authenticate by using IAM roles to grant secure access to AWS resources from your EC2 instances. Click Select to choose the IAM role and use its credentials to access AWS resources from your EC2 instances when they are up and running. For more information about instance profiles and IAM roles, refer to the AWS documentation.

    • Synchronize Route 53 data into: Select the network view to which you want the appliance to add synchronized data.

      • This network view: From the drop-down list, select the NIOS network view to which you want to add the synchronized data. The default network view is displayed by default. When you select this option, you can choose to consolidate zone data into a specified DNS view by enabling the Consolidate zone data into this DNS view option and selecting a specific DNS view.
        When you synchronize Route 53 data from two or more different AWS endpoints, you must assign each AWS endpoint to a different network view.

      • The tenant's network view (if it does not exist, create a new one): This option is recommended. When you select this option, the synchronized data is saved to the tenant's network view. If the network view does not exist, the appliance creates it (only if a cloud license is installed in the Grid). The appliance uses tenant information to create a new NIOS network view for the synchronized data. For example, AWS tenants by default are associated with the 12-digit user account number (such as 2233441247523), which is the identifier for all objects that are created by that account in AWS. This tenant value becomes the identifier for the new network view as its data is synchronized.
        Note that you cannot modify the network view selection once you save the configuration. Create a new sync group if you want to change the network view. When you remove an old sync task from a sync group, the data remains in the database, and you can manually remove the old data by searching for all Route 53 zones that are associated with a particular network view; or you can use CSV import and export the stale data that you want to remove from the database.

      • Consolidate zone data into this DNS view: Depending on which network view you have selected to synchronize Route 53 zone data, you may or may not be able to select a specific DNS view to which the zone data is being synchronized and consolidated.  Note that NIOS supports up to 19 VPCs per zone. When this option is enabled, there is no restriction on the number of VPCs that a private hosted zone can have in AWS.
        Note that when Consolidate zone data into this DNS view is not enabled for a private hosted zone, if the number of characters in the zone’s VPC ID is more than 255 characters, Route 53 will not synchronize that specific DNS zone. This is due to the restriction that the value of an extensible attribute in NIOS cannot exceed 255 characters.
        Consider the following scenarios before selecting or clearing the selection on this option:

        • If you have selected a NIOS network view to add synchronized DNS data, you can select a specific DNS view to which you can add the synchronized Route 53 zone data. When you select this option, all zone data will be synchronized into the selected DNS view. If there are duplicate zones, the appliance places them in an order based on their VPC names and adds the first duplicate zone to the corresponding DNS view (depending on your configuration). It then creates new DNS views for subsequent zones that have the same zone name. For example, if your DNS view is "corp100view", the first duplicate zone is added to "corp100view", the second duplicate zone to "corp100view_1", and so on until all duplicate zones are added to their corresponding DNS views.
          If you choose to synchronize Route 53 data into a NIOS network view but you do not select this option, you are not allowed to select a specific DNS view and the appliance synchronizes all private zones into a newly created DNS view using the name "private%", where % stands for the key of the DNS view. A new DNS view is created for each VPC in which the zones reside. On the other hand, all public zones are synchronized into the default DNS view, and all duplicate zones are ignored.

        • If you have selected to add synchronized DNS data to a tenant's network view, you are not allowed to select a specific DNS view for the synchronized data. In this case, the appliance synchronizes all private zones into a newly created DNS view using the name "private%" where % stands for the key of the DNS view. A new DNS view is created for each VPC in which the zones reside. On the other hand, all public zones are synchronized into the default DNS view, and all duplicate zones are ignored.
          Note that you must not perform a Route 53 sync on multiple DNS views that reside in the same network view. Performing a Route 53 sync in more than one DNS view deletes the data from the other DNS views in which synchronization has taken place. To prevent this, create multiple network views each having a single DNS view and perform Route 53 sync on each of the DNS views.

...