DNS Server Configuration on the Amazon Web Services Virtual Private Cloud

For hostname resolution, the Amazon Web Services (AWS) appliance requires you to configure a DNS server in the Virtual Private Cloud (VPC).

You must create a DHCP options set, associate it with the VPC, and then change the VPC properties. In a mixed on-premises and AWS deployment, any on-premises RSA Authentication Manager primary and replica instances need to use the DNS server that is configured in the VPC.

The default DNS server for AWS uses the IP address 169.254.169.253. If you use the default DNS server, any subnet within the VPC can use 169.254.169.253 as the primary DNS server for AM.

For more information on DNS servers, see the Amazon Virtual Private Cloud User Guide at https://docs.aws.amazon.com/vpc/.

Note:  AWS also includes a default Network Time Protocol (NTP) server with the IP address 169.254.169.123 that you can specify during Quick Setup.

Create a DHCP Options Set

Each VPC requires at least one DHCP options set. You can create multiple sets of DHCP options, but you can only associate one set of DHCP options with your VPC at a time.

Procedure 

1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

2. In the navigation pane, select DHCP Options Sets, and then select Create DHCP options set.

3. In the dialog box, enter values for the options that you want to use. For the Domain name servers value, specify your own DNS server or Amazon's DNS server (AmazonProvidedDNS). The default DNS server for AWS uses the IP address 169.254.169.253.

   Note:  This must be the same DNS server that is used to configure RSA Authentication Manager during Quick Setup.

4. Select Yes, Create.

   The new set of DHCP options appears in your list of DHCP options.

5. Record the ID for the new set of DHCP options (dopt-xxxxxxxx). The ID is required to associate the new set of options with your VPC.

Associate DHCP Options with a VPC

You can change the DHCP options associated with the VPC.

Procedure 

• 1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, select Your VPCs.

  3. Select the VPC, and select Edit DHCP Options Set from the Actions list.

  4. In the DHCP Options Set list, select a set of options.

  5. Click Save.

     Any existing AWS instances and all new AWS instances that you launch in that VPC will use the options.

     You do not need to restart or relaunch the AWS instances. The instances automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease in AWS. For instructions, see the AWS documentation.

Change the VPC Properties

You can change the VPC properties. Any on-premise RSA Authentication Manager primary and replica instances need to use the DNS server that is configured in the VPC.

1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

2. In the navigation pane, select Your VPCs.

3. Select the VPC, and select Edit DNS Resolution. Select Yes.

4. Select the VPC, and select Edit DNS Hostnames. Select No.

After you finish 

You must update the on-premise primary instance and replica instance hostname and IP address to the DNS server that was used in the above configuration. For instructions, see Change the Primary Instance IPv4 Network Settings and Change the Replica Instance IPv4 Network Settings.