Product logo
DocsBlogPricing
← Back to blog
Announcement

New: Automated cloud DNS guardrails

In static on-premise environments mapping from a domain name to a server is simple and straightforward. Autoscaling servers, load balancers, cloud computing, multiple availability zone management and PaaS services don't enter the equation for DNS management; however, today's networking and DevOps have to deal with the complexity of naming these dynamic resources in their modern cloud native infrastructures.

Turbot Team
3 min. read - Jul 09, 2017
In static on-premise environments mapping from a domain name to a server is simple and straightforward. Autoscaling servers, load balancers, cloud computing, multiple availability zone management and PaaS services don't enter the equation for DNS management; however, today's networking and DevOps have to deal with the complexity of naming these dynamic resources in their modern cloud native infrastructures.

In static on-premise environments mapping from a domain name to a server is simple and straightforward. Autoscaling servers, load balancers, cloud computing, multiple availability zone management and PaaS services don't enter the equation for DNS management; however, today's networking and DevOps have to deal with the complexity of naming these dynamic resources in their modern cloud native infrastructures.

DNS is no longer the last thing you do to give your application a friendly URL for users, it is now an integral part of your development process and it enables use of SSL/TLS across internal tiers of your applications (e.g. App Servers to DB Servers). Manually managing DNS for dynamic cloud applications is as silly as planning to do pitstops for a race car at an off premise gas station.

Turbot race car gas station

In light of this, it is imperative that Operations teams develop an automation strategy for DNS that can keep pace with the dynamic nature of their cloud infrastructures. To assist customers in developing this capability, Turbot Guardrails is happy to launch DNS automation!

Turbot's Multi-Cloud DNS Automation

Turbot Guardrails allow teams to automatically configure infrastructure level DNS management, including record management for services like EC2, RDS, etc. For each service, a consistent and flexible naming scheme is designed to use IDs, name tags and more to make DNS easy for application teams across the entire organization. Records are automatically created and cleaned up in real-time based on the changes to your infrastructure. Turbot Guardrails DNS Automation enable:

  • Multi-Cloud DNS Automation extends existing on-premise DNS to cloud native DNS management; all record lookups route appropriately between on-premise and within cloud
  • Maintains and ensures records are automatically up-to-date as infrastructure spins up and down
  • Consistent DNS management across multiple cloud services (e.g. S3, EC2, RDS, etc.)
  • Customer defined naming schemes based on static and dynamic naming conventions (e.g. variable data from metadata, resource tags, etc.)
  • Flexible naming schemes across cloud services, accounts, and workloads (e.g. different or consistent naming schemes per AWS Account, per AWS Services, etc.)

Multi-Cloud DNS Automation in Action

Getting Started

Base Domain Infrastructure Hosted Zone

To get started the base domain infrastructure hosted zone will need to be created first. To create this, the options below need to be set at the cluster level or above:

  • DNS > Infrastructure Domain Name Template
    • Set the base domain and/or subdomain + base domain (e.g. [subDomain.baseDomain.com] example.domain.com). This will delegate the domain to Turbot Guardrails, used as a suffix for all infrastructure level DNS entries. The infrastructure domain may be shared across multiple clusters; or set at a Cluster level allowing different clusters to have a different DNS space.
  • DNS > Infrastructure Zone
    • Set to Enforce: Managed by Turbot. This will ensure the domain hosted zone is managed through the Turbot Master Account and DNS automations are enabled.

Account Domain Infrastructure Hosted Zone

Once the base domain infrastructure hosted zone is created, the account level infrastructure hosted zones (e.g. [accountId.subDomain.baseDomain.com] abc.example.domain.com) will need to be created and have delegation configured back to the base domain hosted zone.

Each account level zone can have a different domain name, but all of these zones will use the base domain name set in the previous step. The following options need to be set at the account level or above in order to have Turbot Guardrails automatically create and configure the account level zones:

  • DNS > Account Infrastructure Domain Name Template
    • Specify an account specific domain name (e.g. often customers will use the Turbot Guardrails accountId to specific uniqueness and location of the record).
  • DNS > Account Infrastructure Zone
    • Set to Enforce: Managed by Turbot. This will ensure the domain hosted zone is managed within the account.

Infrastructure DNS Records

After the account level zone is configured, DNS records for various services like EC2, RDS, and Redshift can be created. Records for each of these services will be generated based on their respective Infrastructure DNS Records Template option.

For each service, two options need to be set to enable record creation and clean up. For instance, the two options for EC2 instances are:

  • EC2 > Instance Infrastructure DNS Records
    • Set to Enforce: Set per EC2 > Instance Infrastructure DNS Records Template. This will ensure DNS automations are enabled per EC2 per the scope identified (e.g. multiple clusters of accounts, specific cluster of accounts, or per account)
  • EC2 > Instance Infrastructure DNS Records Template
    • Set tags based on various static and dynamic values such IP address, region, tags, etc. Turbot Guardrails will automatically create the records amended to the base domain and account template (e.g. [tagName.accountId.subDomain.baseDomain.com] bastion.abc.example.domain.com)

DNS Records template

We look forward to seeing our customers speed past their competition by leveraging DNS automation. Contact us to schedule a demo of Turbot Guardrails Multi-Cloud DNS Automation.