Transferring Route53 Domain & Hosted Zone between two AWS Accounts

Recently, I came across an issue where I needed to transfer my route53 registered domain & hosted zone from one AWS account to another. It sounded complicated but I was pleasantly surprized by the ease of the process.

Here’s how, step by step:

Step 1: Setup aws CLI with multiple profiles

As I was going to play with 2 different accounts, I ended up setting two profiles for aws CLI user configuration, one for each account.

$ aws configure --profile <account-name>        

You can either set profile names for each account or leave one as default. In response to the above mentioned command, you will need to provide youe Access Key ID and the Access Key.

Step 2: Issue command to execute domain transfer

Now we need to issue command from the account profile where the domainis currently registered. This command will start a flow of transferring the domain from an account?<account-name>?to a target account.

$ aws route53domains transfer-domain-to-another-aws-account --domain-name   
  <your-domain-name> --account-id <id-of-the-target-account> --profile  
  <account-name>        

Please note:

<id-of-the-target-account>?is the AWS account ID where you want to transfer the domain.

<account-name>?is the name of the aws CLI profile that you had set in Step 1 for the account from where transfer has to happen.

If everything went well, you will receive a JSON response as given below. Copy the?<password>?as it will be needed in the next step.

{"OperationId": "<id>", "Password": "<password>"}        

Step 3: Accept the domain transfer at the target account

It is mandatory for the target account to accept the domain transfer request and if the target account fails to do so within 3 days time, the transfer is automatically rejected. Followinf command makes the target account accept the domain transfer. Here, I am not using?--profile?argument as mytarget account was set as default.

$ aws route53domains accept-domain-transfer-from-another-aws-account  
  --domain-name <your-domain-name> --password <password>        

After a few minutes, you should be able to see the domain in your target account console.

Step 4: Create a new Hosted Zone at target account

Create new Hosted Zone at target account using AWS console. This can also be done by commandline but I just felt lazy. Note down the Hosted Zone ID, we will need this information in a future step.

Step 5: Download DNS records from source Hosted Zone

There is a nifty way to download all the records from your source Hosted Zone using command line.

$ aws route53 list-resource-record-sets --hosted-zone-id 
  <hosted-zone-id-of-source> > <output-file-name> --profile <account-name>        

This command will store the result in a file named <output-file-name> in JSON format. These are your DNS records from the source Hosted Zone.

Step 6: Migrating Hosted Zone

Unfortunately the file created in Step 5 cannot be fed as it is to your target Hosted Zone. But it is very easy to edit the file with required changes.

1. Open the file in your favourite editor. You will see the first two lines as below:

{
    "ResourceRecordSets": [        

Replace these lines with:

{
    "Changes": [        

1. Remove the?NS?and?SOA?record entries from the file as these entries were created for your new Hosted Zone upon creation.
2. Then wrap the fields within every record entry with a parent level field names?“ResourceRecordSet”, e.g.,

{
    "Action": "CREATE",
    "ResourceRecordSet": {
    "Name": "<some-name>",
    "Type": "<some-type>",
    "TTL": <some-ttl>,
    "ResourceRecords": [
         {
           "Value": "<some-value>"
         }
      ]
    }
},        

Please note that there is another field?“Action”?is also being added to the record and it is at the same level as the?“ResourceRecordSet”.

1. Once all the records are modified as mentioned above, we are ready to migrate the records to the new Hosted Zone.

$ aws route53 change-resource-record-sets --hosted-zone-id 
  <target-hosted-zone-id> --change-batch file://<path-to-edited-file>        

Step 7: Update domain registration for new Name Servers

This step is critical. Although, the new Hosted Zone has been augmented with new all the records you required form source Hosted Zone, all the DNS resolvers are still pointing to the older Hosted Zone. The domain registration has to be updated so that it points to Name Servers associated with the new Hosted Zone.

Navigate to your AWS Route53 console and look for a record named?“NS”?in the list of records of your?Hosted Zone. This record contains your Name servers. Copy them.

Now navigate to?Registered Domains?section.?Click on your domain and then click on “Add or edit name servers”. Here you would want to to paste the records you had copied from new Hosted Zone.

That’s it. You have successfully transferred your domain and migrated your hosted zone to a new AWS account. ??