Aws-cli: GovCloud Route53 Support

After a little investigation, the seemingly undocumented Route 53 endpoint in AWS GovCloud (US) appears to be: https://route53.us-gov.amazonaws.com

$ aws --endpoint https://route53.us-gov.amazonaws.com route53 list-hosted-zones
{
    "HostedZones": [
        {
            "Id": "/hostedzone/Z11RGLYS7OK8BK",
            "Name": "example.com.",
            "CallerReference": "D377CCA1-A554-1E80-9221-9BB1D357FA17",
            "Config": {
                "PrivateZone": true
            },
            "ResourceRecordSetCount": 2
        }
    ]
}

This endpoint information is also not available in the AWS Go SDK as of this writing, so my guess is that the Route 53 service team has not published this endpoint information yet.

@spstratis - Thanks for asking about GovCloud Route53 support in the CLI. If append the --debug option to the command you will see from where the CLI loads the endpoints. It looks something like:

MainThread - botocore.loaders - DEBUG - Loading JSON file: /Users/name/Library/Python/3.7/lib/python/site-packages/botocore/data/endpoints.json

The endpoints are loaded from botocore and according to the latest version of the CLI, Route53 is not supporting us-gov-west-1 yet. As a reference, you can also compare this to the endpoints for ec2.

I've labeled this issue as a feature requesting pending further review.

@spstratis - After additional review, this has been relabeled as a bug. We are working on getting this fixed.

@justnance Is there an update to this? If it is still in progress, is this something that AWS support can add for us in the meantime?

We are interested in the private zone associations functionality since public zones are not available in GovCloud.

HTTPSConnectionPool(host='route53.us-gov-east-1.amazonaws.com', port=443): Max retries exceeded with url: /2013-04-01/hostedzone/REDACTED/associatevpc (Caused by NewConnectionError('<botocore.awsrequest.AWSHTTPSConnection object at 0x7f997add9048>: Failed to establish a new connection: [Errno -2] Name or service not known',))

edit:

Works when overriding endpoint URL

aws route53 associate-vpc-with-hosted-zone --hosted-zone-id ZONEID --vpc VPCRegion=us-gov-west-1,VPCId=vpcid --profile profile--endpoint-url https://route53.us-gov.amazonaws.com

@akdavenp - Thanks for asking about an update. Work is still in progress as we are collaborating with the Route 53 service team to have endpoint, us-gov-west-1, exposed to the CLI. Thanks for your patience.

Hi @justnance - I'm experiencing this bug in GovCloud as well. Is it possible to get an ETA when the CLI will be patched?

@tedmiston - Thanks for the update. At this time our service team is working on this issue as they need to expose the new endpoints to the CLI and SDKs. There is no ETA yet. I keep you posted as soon as there is more information.

Thanks for your patience.

I just tried the latest version of the CLI and it looks like it is correctly resolving to: https://route53.us-gov.amazonaws.com/ when a gov cloud region is specified. Please let us know if you are still running into issues with it using the latest version of the CLI.

This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.

https://github.com/boto/botocore/blob/a59b85c5286aba787e90cab71ac1dc4d58a4d707/botocore/data/endpoints.json#L2972 is a more direct link to the route53 supports