Before you configure sync groups and sync tasks required for the Route 53 integration in NIOS, complete the following prerequisites:
| Note |
|---|
Note In versions of NIOS prior to 9.0.4, the Cloud Sync service was termed as Cloud DNS Sync service. |
Ensure that you have installed the Cloud Network Automation license on the Grid Master. For information about licenses, refer to the Infoblox NIOS Documentation.
To set up the synchronization of Route 53 data from a single AWS account and multiple AWS accounts to NIOS:
NIOS version 9.0.4 and later: Ensure that the Cloud Sync service is running on the Grid member that will perform the Route 53 sync task. For more information, see Starting and Stopping the Cloud Sync Service.
NIOS versions prior to 9.0.4: Start the Cloud DNS Sync Service on the Grid member on which you want to synchronize the DNS data. For more information, see Starting and Stopping the Cloud
...
Sync Service. Note that the Cloud DNS Sync Service is supported from NIOS 8.6.3 onwards.
Enable multi-account support in AWS and keep the role ARN (Amazon Resource Name) handy. For more information, see
...
...
Set up AWS user accounts and record the AWS credentials for these accounts. You may need the credentials when configuring Route 53 sync tasks. For information about how to set up an AWS account, see the AWS documentation. You can also configure AWS accounts and credentials through Grid Manager, as described in Configuring AWS Access for NIOS Cloud Admins.
Note that all sync tasks in the same sync group are performed for the same AWS user account.If your deployment is on AWS GovCloud, enable the Route 53 synchronization as defined in the Enabling Route 53 Integration on the GOV Cloud section.
Ensure that the time on the NIOS or vNIOS appliance is synchronized with the actual time so that AWS Route 53 synchronization functions properly. You can configure NTP servers on the NIOS appliance and enable the NTP service to synchronize time on the appliance. For information about how to set up the NTP server, refer to theInfoblox NIOS Documentation.
Configure DNS resolvers on the Grid member that is synchronizing Route 53 data so the AWS API can reach the Route 53 endpoints. For information about how to configure DNS resolvers, refer to the Infoblox NIOS Documentation.
| Anchor | ||||
|---|---|---|---|---|
|
...
On the Administration tab > Cloud tab, click the Add icon.
In the Add Amazon Cloud User Wizard > Step 1 of 1, complete the following:
Cloud Service Provider: Select AWS from the drop-down list.
Username: Enter a username for the AWS user account.
Access key ID: Enter the Amazon IAM (Identity and Access Management) access key ID value associated with the AWS user account.
All AWS API requests require an access key ID and a corresponding secret access key that NIOS uses to authenticate the sender of the request and verify the authenticity of the request message.Secret access key: Enter the secret access key from the AWS user account.
Amazon account: Enter the account ID of the AWS user account that you have created in AWS.
Mapped to NIOS user: Each pair of access key ID and secret access key received by the AWS API Proxy must be assigned to a NIOS admin user with sufficient privileges. You can assign multiple AWS user accounts to a single NIOS cloud Admin user account with the required cloud-api-only NIOS group setting. Click the Select NIOS User button and complete the following:
In the Select NIOS User dialog box, find and select a NIOS admin user to map to this user account.
Click OK.
GovCloud: Select the check box if you want to enable the Route 53 service on the AWS GovCloud for this user.
Click Save & Close.
...
On the Administration tab > Cloud tab, do one of the following:
Select an existing admin user and click the Action icon > Edit.
Amazon Cloud User Properties dialog box for that user is displayed.Click the Add icon, and then add an AWS admin user in the Add Amazon Cloud User Wizard. For more information, see Adding an AWS Admin User.
Select the GovCloud checkbox to enable the Route 53 integration feature for this user on the AWS GovCloud.
Click Save & Close.
| Anchor | ||
|---|---|---|
|
...
|
...
|
...
Sync Service
To enable the synchronization of DNS data from multiple AWS accounts of an AWS organization to NIOS , you must first start on a Grid member, the Cloud DNS Sync service . Note that the Cloud DNS Sync Service is supported must be running on the member. The Cloud Sync service is supported for DNS synchronization only from NIOS 8.6.3 onwards.
In NIOS 9.0.4 and later, if the member is not assigned with any existing sync task, the service is automatically enabled when you create a sync task on the member.
| Excerpt | ||
|---|---|---|
| ||
Before or after an upgrade to NIOS 9.0.4 or later, if you manually stopped the Cloud Sync service on a member for any reason, you must manually start the service for the dependent tasks such as DNS sync and/or vDiscovery to run. To start the service:
|
...
|
...
|
...
To stop the Cloud |
...
Sync service on a member, select the member checkbox, and then click Stop in the Toolbar. |