Why are Amazon EC2 Elastic IPs encouraged to be used with a CNAME rather than an "A" record?

cname-record amazon-ec2 a-record

I am setting up a server on EC2 that will be used by people that will be freaked out when they see ec2-111-111-111-111.compute-1.amazonaws.com in the URL bar. I know this would be solved by using an A record rather than a CNAME, yet Amazon's documentation says to use a CNAME.

What happens if I use an A record? I've seen some tutorials on the web saying do it, but I also need my website to be reliable.

The website is just running using one instance, and will probably only run using one instance, so I don't think it matters to have multiple instances talk to each other.


Simplified version: A records point to IP addresses. CNAME's point to other A records.

You could use an A record, but for this you should have a highly available IP address for your EC2 instance. Amazon calls this product "Elastic IP Addresses".

If you set up a CNAME to an A record that Amazon manages, then Amazon has control over a layer of indirection. For example, after a server failure, Amazon could use this to change the A record to a new IP address. This way Amazon could get the service to work again, and you would not have to change anything.

Generally speaking, it's a good practice to use 2 DNS entries, an A record for the specific server, and CNAME's for the services it provides such as "www.". This way, you have a clean separation between hardware and services, and that makes administration easier in many cases.

So, if you're not paying for "Elastic IP Addresses", then you should use a CNAME to the A record Amazon set up for you, i.e. a CNAME for "www.yourdomain.com" pointing to "ec2-111-111-111-111.compute-1.amazonaws.com.".


The ec2-*.amazonaws.com host names resolve to different IP addresses depending on whether you are resolving them externally from the Internet, or internally from another EC2 instance.

This means that if you have two EC2 servers—say, a database server and a web server—your web server would see the database server at an internal 10.x.x.x IP address, while from the outside world, you’d see the web server at a regular non-private IP address. (Of course, you wouldn’t really want a database server to be visible from the outside world, but this is just a handy example.)

If you use an Elastic IP address, you have a known permanent IP address and it should be okay to use an A record to point to it. If you don’t have an Elastic IP (and why not, they’re free), it seems like you’d want to use the CNAME in case Amazon changes your IP address.

But if you have multiple servers, I’d still go with the CNAME so that you get the magic internal/external IP address resolution.


They'll never see ec2-111-111-111-111.compute-1.amazonaws.com with a CNAME record. If going to your CNAMEed domain redirects to the amazonaws.com URL, it's not due to it being a CNAME, it's something your app or web server is doing.


The reason to use a CNAME record is so that the site is accessible from both inside and outside ec2.

For example, take ping. If you ping c2-111-111-111-111.compute-1.amazonaws.com externally it will resolve to 111.111.111.111 but internally to a 10.0.0.0/8 address. However, if you ping 111.111.111.111 it won't be available internally.

Related

What is wrong in my php-fpm configuration?
iptables rules to counter the most common DoS attacks? [closed]
How do I calculate cooling cost per server?
how do I disable the nf_conntrack kernel module in CentOS 5.3 without recompiling the kernel
Inexpensive Network Monitoring tools for Windows
How do I deploy an internal certificate authority?
How to auto-start unprivileged lxc containers?
Running a Batch File from Task Scheduler Without User being logged In
2 DSL lines...any benefit?
Best way to add HKCU keys and values for all existing users and all new users?
Best practices to block social sites
VPN server on Google Compute Engine with OpenVPN