Resolving a name record in an AWS Route53 private hosted zone from within a VPC

Today I learned that in order to resolve a record in a Route53 private hosted zone from within a VPC, the VPC is configured as an associated VPC for the hosted zone rather than configuring the VPC itself.

How that looks from within the Route53 Admin console:

AWS Route53 Private Hosted Zone

For example, say that I have an EC2 hosting a postgreSQL database and I wish to use a more 'friendly' name in the connection string, e.g. database.aws.local as the host name. I add an A record to my hosted zone called 'aws.local' to point the name 'database.aws.local' at the IP address for the EC2.

I have another EC2 or Lambda running in a VPC 'vpc-abcd1234' . In order for the connection string being used to access the database to be able to use 'database.aws.local' as the host name, vpc-abcd1234 needs to be added to the VPCs for the hosted zone 'aws.local'

And how that would look in a Cloud Formation template:

  Type: "AWS::Route53::HostedZone"
  Properties: 
    HostedZoneConfig: 
      Comment: 'My hosted zone for aws.local'
    Name: 'aws.local'
    VPCs: 
      - 
        VPCId: 'vpc-abcd1234'
        VPCRegion: 'ap-southeast-2'
      - 
        VPCId: 'vpc-efgh5678'
        VPCRegion: 'us-west-2'

References:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-hostedzone.html

References:

Deploying SonarQube CE in AWS ECS Fargate

Building out an AWS postgreSQL RDS instance

Deploying Prowler Security tool to AWS ECS Fargate