Skip to content
AWS aws dns-cdn 6 min read

Registering & Managing Domains

Every website needs a domain name (the human-friendly address people type into a browser, like example.com) and a DNS service that translates that name into the IP addresses where your servers live. Amazon Route 53 does both: it is a domain registrar (it sells you the name) and a DNS host (it answers the lookups). This page walks through buying a domain in Route 53, transferring an existing one, and the single step people most often miss when their DNS records “don’t work.”

Registrar vs. DNS host — two jobs, one (optional) provider

These are two separate responsibilities, and they can live with different companies:

  • The registrar is who you bought the name from (Route 53, GoDaddy, Namecheap, etc.). It controls one thing: which nameservers (the DNS servers that are authoritative for your domain) the internet should ask.
  • The DNS host runs those nameservers and holds your actual records (A, CNAME, MX, and so on). In AWS this is a Route 53 hosted zone (a container for all the DNS records of one domain).

You can register with anyone and host DNS anywhere. The link between them is the nameserver setting at the registrar. Forgetting to set it is the number-one cause of “my records exist in Route 53 but nothing resolves.”

SetupRegistrarDNS hostWhen to use
All-in-AWSRoute 53Route 53Simplest. New project, or you want one bill and zero hand-offs.
External registrar, AWS DNSGoDaddy/Namecheap/etc.Route 53You already own the name elsewhere but want Route 53 features (health checks, latency routing, alias records to AWS resources).
Transfer inRoute 53 (after transfer)Route 53You want to consolidate billing and management into AWS long-term.

Registering a new domain in Route 53

When you register a domain in Route 53, it automatically creates a public hosted zone for you and wires the domain’s nameservers to that zone. No manual nameserver step is needed — everything is already connected.

Console steps:

  1. Open the Route 53 console and go to Domains -> Registered domains -> Register domains.
  2. Type the domain you want and click Search. Available names show a price; add your choice to the cart.
  3. Fill in registrant contact details (name, email, address). These are required by ICANN, the body that governs domain names.
  4. Leave Privacy protection enabled (free in Route 53) so your personal details are hidden from public WHOIS lookups.
  5. Choose whether to auto-renew (recommended — a lapsed domain can be snapped up by someone else).
  6. Review and complete the purchase.

CLI (registration is a multi-field call, usually scripted from a JSON file):

aws route53domains register-domain \
  --region us-east-1 \
  --domain-name example.com \
  --duration-in-years 1 \
  --auto-renew \
  --admin-contact file://contact.json \
  --registrant-contact file://contact.json \
  --tech-contact file://contact.json

Output:

{
    "OperationId": "0d24f1f8-2d4f-4f3a-9b1c-3a2b1c0d9e8f"
}

Note: Route 53 domain APIs only work in the us-east-1 region — always pass --region us-east-1 for route53domains commands, even if the rest of your stack lives elsewhere.

You can poll the operation until it finishes:

aws route53domains get-operation-detail \
  --region us-east-1 \
  --operation-id 0d24f1f8-2d4f-4f3a-9b1c-3a2b1c0d9e8f

Cost note: Domain prices are per-year and vary by TLD (top-level domain — the .com, .io, .dev part). A .com is about $14/year; .io and .dev run higher. Separately, every hosted zone costs $0.50/month, plus about $0.40 per million DNS queries. Privacy protection and the auto-created zone for a registered domain add no extra charge.

Using an external registrar with Route 53 DNS (the step people miss)

If your domain is registered somewhere else but you want Route 53 to serve DNS, you must create the hosted zone yourself and then copy its four nameservers back to the registrar. This is the missing step that breaks records for so many people.

  1. In Route 53, go to Hosted zones -> Create hosted zone, enter your domain name, choose Public hosted zone, and create it.

    aws route53 create-hosted-zone \
  --name example.com \
  --caller-reference "$(date +%s)"

    Output:

    {
    "HostedZone": {
        "Id": "/hostedzone/Z0123456789ABCDEFGHIJ",
        "Name": "example.com.",
        "Config": { "PrivateZone": false }
    },
    "DelegationSet": {
        "NameServers": [
            "ns-101.awsdns-12.com",
            "ns-680.awsdns-21.net",
            "ns-1456.awsdns-54.org",
            "ns-2012.awsdns-59.co.uk"
        ]
    }
}

  2. Copy the four NameServers values (every new zone gets a unique set).

  3. Log in to your external registrar, find the nameserver or DNS setting for the domain, and replace the existing nameservers with these four Route 53 values.

  4. Save. Now add your records (A, CNAME, etc.) in the Route 53 hosted zone — they will start resolving once the change propagates.

Gotcha: Until the registrar’s nameservers point at these exact four Route 53 records, the internet keeps asking the old DNS host, so anything you create in Route 53 is simply never consulted. Changes can take from a few minutes up to 48 hours to propagate worldwide.

When to use this: you already own the domain and don’t want to move it, but you need Route 53 features like alias records (which point directly at AWS resources such as a CloudFront distribution or load balancer) or geo/latency routing. When not to: if you have no reason to keep the old registrar, transferring in (below) is cleaner long-term.

Transferring a domain into Route 53

A transfer moves both the registration and the billing to AWS. It is more involved than just changing nameservers because it changes who owns the registration, so the old registrar requires you to prove intent.

Before you start, at the old registrar you must:

  1. Unlock the domain (registrars set a “transfer lock” / “registrar lock” by default to prevent hijacking).
  2. Request the authorization code (also called an EPP code or auth code) — a password that proves you control the domain.
  3. Make sure the domain is at least 60 days old and was not transferred in the last 60 days (an ICANN rule), and that the registrant email is reachable for approval.

Then in Route 53:

  1. Go to Domains -> Transfer domains, enter the domain, and click to check eligibility.
  2. Paste the authorization code from the old registrar.
  3. Choose to keep the current DNS configuration or import it into a new Route 53 hosted zone.
  4. Confirm contact details and submit. Approve any confirmation email.
aws route53domains transfer-domain \
  --region us-east-1 \
  --domain-name example.com \
  --duration-in-years 1 \
  --auth-code "AbC123!secret" \
  --admin-contact file://contact.json \
  --registrant-contact file://contact.json \
  --tech-contact file://contact.json

Output:

{
    "OperationId": "7e6d5c4b-3a2b-1c0d-9e8f-0a1b2c3d4e5f"
}

A transfer typically completes in 5-7 days because the old registrar must release it. The new registration year is added to whatever time was left, so you don’t lose paid-up time.

Best practices

  • Always enable auto-renew and privacy protection — a lapsed domain can be lost permanently, and WHOIS privacy is free in Route 53.
  • When using an external registrar, double-check the four nameservers match exactly between the Route 53 zone and the registrar before debugging records.
  • Never share your authorization code — treat it like a password; it is the key to transferring your domain away.
  • Lower DNS TTLs (time-to-live, how long resolvers cache a record) a day before a planned migration so changes take effect faster.
  • Tag and document hosted zones so you know which team or app owns each one, and avoid paying $0.50/month for orphaned zones.
  • Use alias records instead of CNAMEs when pointing at AWS resources — they resolve at the zone apex (example.com with no www) and incur no query charge.
Last updated June 15, 2026
Was this helpful?