[HOWTO] Transferring Route53 domains between Amazon AWS accounts

Ever had the need to transfer a registered Route53 domain from one AWS account to the other? Follow this guide to transfer your domains using PowerShell.

Recently I had the need to do just that, and seeing as I absolutely love PowerShell, I had a sneaking suspicion that AWS.Tools for PowerShell had a module providing this functionality. This of course proved right, and it was a very straightforward process using the AWS.Tools.Route53Domains module.

The prerequisite for following this guide is that you already have a working AWS credential configuration stored under C:\Users\<accountName>\.aws\credentials. An example configuration file would look something along these lines. The user associated with the access keys needs full access to Route53, which is given by the IAM policy AmazonRoute53FullAccess.

[account1]
aws_access_key_id=xxxxxxxxxxxxxxxx
aws_secret_access_key=yyyyyyyyyyyyyyyyyyyyyyyyyyyyy

[account2]
aws_access_key_id=xxxxxxxxxxxxxxxx
aws_secret_access_key=yyyyyyyyyyyyyyyyyyyyyyyyyyyyy

You will also need to install the AWS.Tools.Route53Domains module, and this is done in an elevated PowerShell session.

Install-AWSToolsModule AWS.Tools.Route53Domains

Next I opened up two PowerShell sessions with normal privileges, one for each AWS account. I then proceeded to set the credentials for each session, and load the required module.

Set-AWSCredential -ProfileName account1
Import-Module AWS.Tools.Route53Domains 

Once you have the open sessions, the steps are to first start the transfer from account1, which is done with Move-R53DDomainToAnotherAwsAccount. Replace ZZZZZZZZZZ with the account ID of the accounts that currently holds the domain.

Move-R53DDomainToAnotherAwsAccount -DomainName example.com -AccountId ZZZZZZZZZZ

This should return an OperationId and Password if the transfer initiation was successful, something along these lines.

OperationId                          Password
 -----------                          --------
54aef2db-6115-47f2-85cd-6c6053c0ab60 T:W*2i)Iohdp(N

Now that the transfer has begun and we have the password for the transfer request, we need to accept the transfer request on account2 with Approve-R53DDomainTransferFromAnotherAwsAccount in the second PowerShell session. Replace <password> with the password you got in the previous step.

Approve-R53DDomainTransferFromAnotherAwsAccount -DomainName example.com -Password <password>

If successful, you should receive an OperationId object. As you can see, it is fairly painless to transfer a domain from one AWS account to another.

[HOWTO] Transferring Route53 domains between Amazon AWS accounts
Tagged on:                 

Leave a Reply