Load this skill when setting up DNS for a new subdomain under an existing parent domain without provisioning full infrastructure. Covers the complete workflow: AWS CLI hosted zone creation, Terraform A record and NS delegation configuration, git-ignored terraform.tfvars for sensitive IPs, and DNS verification via dig.
Set up DNS configuration for a new subdomain (e.g., dev.client-example.devixlabs.com) without creating full infrastructure folders.
Use this skill when:
This skill automates the complete workflow for adding Route53 DNS records for a subdomain. It differs from full domain setup by:
terraform.tfvars filesopenssl available (for generating random caller reference)devixlabs.com/)Create the Route53 hosted zone for the subdomain using a random caller reference to ensure uniqueness:
aws route53 create-hosted-zone \
--name client-example.devixlabs.com \
--caller-reference $(openssl rand -hex 16)
Output to note: The response contains the Zone ID and 4 nameservers. These will be used in the next steps.
Create a new file in the parent domain directory (e.g., devixlabs.com/client-example-dns.tf) containing:
Template structure:
variable "client_example_dev_ip" {
description = "IP address for dev.client-example.devixlabs.com A record"
type = string
sensitive = true
}
data "aws_route53_zone" "client_example" {
name = "client-example.devixlabs.com."
}
data "aws_route53_zone" "selected" {
name = "devixlabs.com."
}
resource "aws_route53_record" "client_example_dev" {
zone_id = data.aws_route53_zone.client_example.zone_id
name = "dev.client-example.devixlabs.com"
type = "A"
ttl = 300
records = [var.client_example_dev_ip]
}
resource "aws_route53_record" "client_example_ns_delegation" {
zone_id = data.aws_route53_zone.selected.zone_id
name = "client-example.devixlabs.com"
type = "NS"
ttl = 300
records = data.aws_route53_zone.client_example.name_servers
}
output "client_example_nameservers" {
description = "Nameservers for client-example.devixlabs.com zone"
value = data.aws_route53_zone.client_example.name_servers
}
output "client_example_dev_fqdn" {
description = "Fully qualified domain name for dev subdomain"
value = aws_route53_record.client_example_dev.fqdn
}
Create or update devixlabs.com/.gitignore to protect sensitive files:
# Terraform sensitive values
terraform.tfvars
# Terraform state
*.tfstate
*.tfstate.*
.terraform/
Create devixlabs.com/terraform.tfvars (git-ignored) with the sensitive IP:
client_example_dev_ip = "192.168.1.100"
Important: This file will not be tracked by git due to .gitignore.
Run in the parent domain directory:
cd devixlabs.com/
terraform init
terraform plan
terraform apply
Verify that Terraform creates 3 resources:
data.aws_route53_zone.client_example (data source)aws_route53_record.client_example_dev (A record)aws_route53_record.client_example_ns_delegation (NS delegation)Test DNS resolution using one of the nameservers from the hosted zone creation:
dig @ns-74.awsdns-09.com dev.client-example.devixlabs.com A
Expected output should show:
<subdomain>-dns.tf file created in parent domain directory.gitignore updated with terraform.tfvarsterraform.tfvars created and git-ignoredterraform init completed successfullyterraform plan shows 3 resources to createterraform apply completed without errorsterraform plan shows "No changes" on second runTo add another subdomain under the same parent zone (e.g., api.client-example.devixlabs.com):
client_example_api_ipaws_route53_record.client_example_apiterraform.tfvars with the new IPterraform plan && terraform applyaws route53 list-hosted-zonesgreenwood.devixlabs.com.terraform state list to verify resources existaws route53 list-resource-record-sets --hosted-zone-id <zone-id>See iac-conventions skill for: