Synchronize the hostnames of ECS instances across accounts

Synchronize the hostnames of ECS instances

Private DNS can automatically obtain the hostnames of Elastic Compute Service (ECS) instances and generate intranet Domain Name System (DNS) records for the hostnames in a few clicks.

Synchronize the hostnames of ECS instances across accounts

You can use Private DNS to synchronize the hostnames of ECS instances within Alibaba Cloud Account B to Alibaba Cloud Account A.

Scenarios

An enterprise owns multiple Alibaba Cloud accounts. To use Private DNS, the enterprise needs to add the same built-in authoritative zone within each account and specify an effective scope for the zone. This affect the O&M efficiency. To address this issue, Private DNS allows you to specify an effective scope across accounts.

Procedure

Perform the following steps if you have Alibaba Cloud Account A and Account B and want to synchronize the hostnames of ECS instances within Account B to Account A:

Configure a RAM role

To synchronize the hostnames of ECS instances within Account B to Account A, you must configure a RAM role within Account B.

1. Log on to the RAM console by using Account B.

2. Choose Identities > Roles in the left-side navigation pane. On the Roles page, click Create Role.

   

3. Select Cloud Service for the Principle Type parameter, select Elastic Compute Service for the Principal Name parameter, and click OK. On the Create Role wizard page, enter AssumeRoleFor12345 for the Role Name parameter and click OK. 12345 is used as a sample UID of Alibaba Cloud Account B.

   

4. Click Grant Permission on the Roles page. In the Grant Permission panel, search for ECS in the Policy section. Select AliyunECSReadOnlyAccess and click Grant Permissions.

   

5. Return to the Roles page and click the RAM role AssumeRoleFor12345.

   

6. Click the Trust Policy tab and click Edit Trust Policy.

   

7. Replace the ecs.aliyuncs.com value of the Service parameter with the information about Alibaba Cloud Account A. The account information must be in the Uid@pvtz.aliyuncs.com format. For example, if the UID of Account A is 345***, the value of the Service parameter is changed to 345***@pvtz.aliyuncs.com.

Synchronize the hostnames of ECS instances across accounts

Prerequisites

Alibaba Cloud Account A is associated with Alibaba Cloud Account B. For more information, see Associate a zone with VPCs across accounts.

Procedure

1. Log on to the Alibaba Cloud DNS console with Account A. In the left-side navigation pane, click Private DNS (PrivateZone). In the upper-right corner of the Private DNS (PrivateZone) page, click Configuration Mode.

2. On the Built-in Authoritative Module tab, click the User Defined Zones tab, and click Add New Zone.

3. In the Add Built-in Authoritative Zone panel, enter a built-in authoritative zone name and click OK.

   

4. On the User Defined Zones tab, find the desired zone and click Resource Records Settings in the Actions column.

5. Click the ECS Hostname tab and click Automatic Synchronization Settings.

   

6. In the Configure Hostname Automatic Synchronization panel, select the virtual private clouds (VPCs) of Account B for the Region for Hostname Synchronization parameter and click OK. The ECS hostnames are synchronized across accounts.

   

7. Set an effective scope for the zone within Account A. Find the desired zone and click Effective Scope Settings in the Actions column. On the Zone Settings page, specify the Effective Scope of Zone parameter and click OK.