New: Automated cloud DNS guardrails
In static on-premise environments mapping from a domain name to a server is simple and straightforward. Autoscaling servers, load balancers, cloud computing, multiple availability zone management and PaaS services don't enter the equation for DNS management; however, today's networking and DevOps have to deal with the complexity of naming these dynamic resources in their modern cloud native infrastructures.
In static on-premise environments mapping from a domain name to a server is simple and straightforward. Autoscaling servers, load balancers, cloud computing, multiple availability zone management and PaaS services don't enter the equation for DNS management; however, today's networking and DevOps have to deal with the complexity of naming these dynamic resources in their modern cloud native infrastructures.
DNS is no longer the last thing you do to give your application a friendly URL for users, it is now an integral part of your development process and it enables use of SSL/TLS across internal tiers of your applications (e.g. App Servers to DB Servers). Manually managing DNS for dynamic cloud applications is as silly as planning to do pitstops for a race car at an off premise gas station.
In light of this, it is imperative that Operations teams develop an automation strategy for DNS that can keep pace with the dynamic nature of their cloud infrastructures. To assist customers in developing this capability, Turbot Guardrails is happy to launch DNS automation!
Turbot's Multi-Cloud DNS Automation
Turbot Guardrails allow teams to automatically configure infrastructure level DNS management, including record management for services like EC2, RDS, etc. For each service, a consistent and flexible naming scheme is designed to use IDs, name tags and more to make DNS easy for application teams across the entire organization. Records are automatically created and cleaned up in real-time based on the changes to your infrastructure. Turbot Guardrails DNS Automation enable:
- Multi-Cloud DNS Automation extends existing on-premise DNS to cloud native DNS management; all record lookups route appropriately between on-premise and within cloud
- Maintains and ensures records are automatically up-to-date as infrastructure spins up and down
- Consistent DNS management across multiple cloud services (e.g. S3, EC2, RDS, etc.)
- Customer defined naming schemes based on static and dynamic naming conventions (e.g. variable data from metadata, resource tags, etc.)
- Flexible naming schemes across cloud services, accounts, and workloads (e.g. different or consistent naming schemes per AWS Account, per AWS Services, etc.)
Multi-Cloud DNS Automation in Action
Getting Started
Base Domain Infrastructure Hosted Zone
To get started the base domain infrastructure hosted zone will need to be created first. To create this, the options below need to be set at the cluster level or above:
- DNS > Infrastructure Domain Name Template
- Set the base domain and/or subdomain + base domain (e.g. [subDomain.baseDomain.com] example.domain.com). This will delegate the domain to Turbot Guardrails, used as a suffix for all infrastructure level DNS entries. The infrastructure domain may be shared across multiple clusters; or set at a Cluster level allowing different clusters to have a different DNS space.
- DNS > Infrastructure Zone
- Set to Enforce: Managed by Turbot. This will ensure the domain hosted zone is managed through the Turbot Master Account and DNS automations are enabled.
Account Domain Infrastructure Hosted Zone
Once the base domain infrastructure hosted zone is created, the account level infrastructure hosted zones (e.g. [accountId.subDomain.baseDomain.com] abc.example.domain.com) will need to be created and have delegation configured back to the base domain hosted zone.
Each account level zone can have a different domain name, but all of these zones will use the base domain name set in the previous step. The following options need to be set at the account level or above in order to have Turbot Guardrails automatically create and configure the account level zones:
- DNS > Account Infrastructure Domain Name Template
- Specify an account specific domain name (e.g. often customers will use the Turbot Guardrails accountId to specific uniqueness and location of the record).
- DNS > Account Infrastructure Zone
- Set to Enforce: Managed by Turbot. This will ensure the domain hosted zone is managed within the account.
Infrastructure DNS Records
After the account level zone is configured, DNS records for various services like EC2, RDS, and Redshift can be created. Records for each of these services will be generated based on their respective Infrastructure DNS Records Template option.
For each service, two options need to be set to enable record creation and clean up. For instance, the two options for EC2 instances are:
- EC2 > Instance Infrastructure DNS Records
- Set to Enforce: Set per EC2 > Instance Infrastructure DNS Records Template. This will ensure DNS automations are enabled per EC2 per the scope identified (e.g. multiple clusters of accounts, specific cluster of accounts, or per account)
- EC2 > Instance Infrastructure DNS Records Template
- Set tags based on various static and dynamic values such IP address, region, tags, etc. Turbot Guardrails will automatically create the records amended to the base domain and account template (e.g. [tagName.accountId.subDomain.baseDomain.com] bastion.abc.example.domain.com)
We look forward to seeing our customers speed past their competition by leveraging DNS automation. Contact us to schedule a demo of Turbot Guardrails Multi-Cloud DNS Automation.