Before you configure sync groups and sync tasks required for the Route 53 integration in NIOS, complete the following prerequisites:

• Ensure that you have installed the Cloud Network Automation license on the Grid Master. For information about licenses, refer to the Infoblox NIOS Documentation.

• NIOS version 9.0.4 and later: Ensure that the Cloud Sync service is running on the Grid member that will perform the Route 53 sync task. For more information, see Starting and Stopping the Cloud Sync Service.

• NIOS versions prior to 9.0.4: Start the Cloud DNS Sync Service on the Grid member on which you want to synchronize the DNS data. For more information, see Starting and Stopping the Cloud Sync Service. Note that the Cloud DNS Sync Service is supported from NIOS 8.6.3 onwards.

• Enable multi-account support in AWS and keep the role ARN (Amazon Resource Name) handy. For more information, see Setting up the AWS Environment for Multi-Account Synchronization.

• Set up AWS user accounts and record the AWS credentials for these accounts. You may need the credentials when configuring Route 53 sync tasks. For information about how to set up an AWS account, see the AWS documentation. You can also configure AWS accounts and credentials through Grid Manager, as described in Configuring AWS Access for NIOS Cloud Admins.
  Note that all sync tasks in the same sync group are performed for the same AWS user account.

• If your deployment is on AWS GovCloud, enable the Route 53 synchronization as defined in the Enabling Route 53 Integration on the GOV Cloud section.

• Ensure that the time on the NIOS or vNIOS appliance is synchronized with the actual time so that AWS Route 53 synchronization functions properly. You can configure NTP servers on the NIOS appliance and enable the NTP service to synchronize time on the appliance. For information about how to set up the NTP server, refer to the Infoblox NIOS Documentation.

• Configure DNS resolvers on the Grid member that is synchronizing Route 53 data so the AWS API can reach the Route 53 endpoints. For information about how to configure DNS resolvers, refer to the Infoblox NIOS Documentation.

Adding an AWS Admin User (Amazon User) in NIOS

For the AWS management account that is set up in your AWS organization, you must create a parallel AWS admin user in NIOS by specifying the access key ID and secret access Key and associate it with an appropriate cloud API enabled NIOS admin account. The access key pair that you specify is used by NIOS to communicate with AWS through the cloud admin account.

The access key pair is defined by Amazon and sent directly to each requesting AWS administrator, and must be copied manually. AWS requires the access keys to allow calls made to AWS using the AWS CLI, AWS SDKs, or direct HTTP calls.

To add a AWS admin user, complete the following steps:

1. On the Administration tab > Cloud tab, click the Add icon.

2. In Add Cloud User Wizard > Step 1 of 1, complete the following:

   • Cloud Service Provider: Select AWS from the drop-down list.

   • Username: Enter a username for the AWS user account.

   • Access key ID: Enter the Amazon IAM (Identity and Access Management) access key ID value associated with the AWS user account.
     All AWS API requests require an access key ID and a corresponding secret access key that NIOS uses to authenticate the sender of the request and verify the authenticity of the request message.

   • Secret access key: Enter the secret access key from the AWS user account.

   • Amazon account: Enter the account ID of the AWS user account that you have created in AWS.

   • Mapped to NIOS user: Each pair of access key ID and secret access key received by the AWS API Proxy must be assigned to a NIOS admin user with sufficient privileges. You can assign multiple AWS user accounts to a single NIOS cloud Admin user account with the required cloud-api-only NIOS group setting. Click the Select NIOS User button and complete the following:

     1. In the Select NIOS User dialog box, find and select a NIOS admin user to map to this user account.

     2. Click OK.

   • GovCloud: Select the check box if you want to enable the Route 53 service on the AWS GovCloud for this user.

3. Click Save & Close.

Enabling Route 53 Integration on the AWS GovCloud

If you have deployed vNIOS for AWS instances on the AWS GovCloud and want to synchronize DNS data with NIOS, you must enable Route 53 support for the AWS GovCloud.

1. On the Administration tab > Cloud tab, do one of the following:

   • Select an existing admin user and click the Action icon > Edit.
     Cloud User Properties dialog box for that user is displayed.

   • Click the Add icon, and then add an AWS admin user in the Add Cloud User Wizard. For more information, see Adding an AWS Admin User.

2. Select the GovCloud checkbox to enable the Route 53 integration feature for this user on the AWS GovCloud.

3. Click Save & Close.

Starting and Stopping the Cloud Sync Service

To enable the synchronization of DNS data from multiple AWS accounts of an AWS organization to NIOS on a Grid member, the Cloud Sync service must be running on the member. The Cloud Sync service is supported for DNS synchronization only from NIOS 8.6.3 onwards.

In NIOS 9.0.4 and later, if the member is not assigned with any existing sync task, the service is automatically enabled when you create a sync task on the member.