Hey 👋🏼 I just read your article, and wondering how this works when you have your website.com hosted in your management account, then have dev, staging and production accounts?

For dev and staging, you can set up sub-domains, grab their NS records and add them to the management account hosted zone for website.com, but how does it work with the production account?

Any wisdom would be much appreciated! 🙏🏼

Hi @mikexavier that's a really good question, gotta say I haven't thought of this as I've always had my management account as prod account. Will definitely check this out myself and see if I can figure it out. However, at this point I don't see a reason why creating an apex hosted zone in the production account and swapping the nameservers shouldn't work – it's kinda the same as if you had your domain in some other registrar e.g., godaddy, but wanted to manage the dns inside route53. You'd just swap the nameservers, right? I suppose it could affect other records in the hosted zone though 🤔

Otherwise, I think you could setup the hosted zone in the prod account and use AWS Organizations for cross-account resource sharing to be able to manage the hosted zone from the management account

I was thinking of doing that (swapping the nameservers), but as you mentioned, it would mean managing any other records from there too, including dev. staging. api. mail. confused.

I currently have an organization set up and share resources across the accounts, however, when using something like SST for deployments, it's looking for website.com in the production account, and doesn't find it and fails.

🐰 🕳️ 🤯 ...

Damn, did you consider a quick and dirty solution of redirecting from apex to a subdomain e.g., www?

I considered it... just didn't take the leap haha, also thought about adding the sub-domain prod.website.com, using that for all the resources in the production environment, deploying... then adding an alias record to the apex domain pointing directly at the resource. Would likely work, just doesn't feel like a clean solution 🤷🏻

Cool idea, let me know how it turns out :)

Turns out it's far simpler, and my brain wasn't working... you need to copy all the hosted zone records from the management account to the production account. Then at the registered domain level (not hosted zone), update the NS records to the hosted zone in the production account.

Fantastic news, glad you figured it out and thanks for letting me know :)