I own a domain name, let’s say fancydomain.com
(managed through AWS). I also have a kubernetes cluster running somewhere (but not on AWS), with a nginx ingress controller that acts as a load balancer. I have the IP of the load balancer.
I would like to point the domain name to the IP of the load balancer, and I would like the load balancer to handle the TLS certificate. But I’m struggling in two places:
- It looks like I’m failing to properly redirect to the IP of the LB
- I don’t understand how/where the TLS certificate (created by AWS) should be integrated
So far this is my terraform:
resource "aws_route53domains_registered_domain" "fancydomain" {
domain_name = var.domain_name
auto_renew = true
name_server {
name = "ns-709.awsdns-24.net"
}
name_server {
name = "ns-1732.awsdns-24.co.uk"
}
name_server {
name = "ns-1144.awsdns-15.org"
}
name_server {
name = "ns-434.awsdns-54.com"
}
}
resource "aws_route53_zone" "fancydomain_zone" {
name = var.domain_name
}
# Create an ACM Certificate
resource "aws_acm_certificate" "fancydomain_certificate" {
domain_name = var.domain_name
validation_method = "EMAIL"
lifecycle {
create_before_destroy = true
}
}
resource "aws_route53_record" "www" {
allow_overwrite = true
zone_id = aws_route53_zone.fancydomain_zone.zone_id
name = var.domain_name
type = "A"
ttl = 300
records = ["this.is.my.serverip"]
}
Also, the nginx load balancer does work at the moment. It uses a self-signed certificate, and if I lure my computer by modifying the /etc/hosts
like below, I managed to access the domain by querying https://fancydomain.com
.:
/etc/hosts
1.2.3.4 fancydomain.com
Any idea what I could try to get unstuck?
EDIT: The name servers for the registered domain are the same as the hosted zone’s ones:
2
Answers
Ultimately I think @erik258 was right, I think the name servers of the registered domain probably weren't in sync with the ones from the hosted zone. I ended up using a data source for the name servers of the zone, and I used it to set the ones in the register domain. Behold:
After I applied that it started working. Still not 100% sure of what was the problem before.
The free certificate that ACM provides is meant to be used in AWS managed services only(like ALB, CloudFront etc.). There is no way to download it and use it elsewhere. In your case, you have the load-balancer/nginx outside of AWS, so it can’t be used. I do not see any issue with the aws_route53_record above.