Associates an Amazon VPC with a private hosted zone.


To perform the association, the VPC and the private hosted zone must already exist. You can’t convert a public hosted zone into a private hosted zone.


If you want to associate a VPC that was created by using one Amazon Web Services account with a private hosted zone that was created by using a different account, the Amazon Web Services account that created the private hosted zone must first submit a CreateVPCAssociationAuthorization request. Then the account that created the VPC must submit an AssociateVPCWithHostedZone request.


When granting access, the hosted zone and the Amazon VPC must belong to the same partition. A partition is a group of Amazon Web Services Regions. Each Amazon Web Services account is scoped to one partition.

The following are the supported partitions:

  • aws - Amazon Web Services Regions

  • aws-cn - China Regions

  • aws-us-gov - Amazon Web Services GovCloud (US) Region

For more information, see Access Management in the Amazon Web Services General Reference.

Request Syntax

response = client.associate_vpc_with_hosted_zone(
        'VPCRegion': 'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'eu-central-1'|'eu-central-2'|'ap-east-1'|'me-south-1'|'us-gov-west-1'|'us-gov-east-1'|'us-iso-east-1'|'us-iso-west-1'|'us-isob-east-1'|'me-central-1'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-south-1'|'ap-south-2'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'eu-north-1'|'sa-east-1'|'ca-central-1'|'cn-north-1'|'cn-northwest-1'|'af-south-1'|'eu-south-1'|'eu-south-2'|'ap-southeast-4'|'il-central-1'|'ca-west-1'|'ap-southeast-5'|'mx-central-1'|'us-isof-south-1'|'us-isof-east-1'|'ap-southeast-7',
        'VPCId': 'string'
  • HostedZoneId (string) –


    The ID of the private hosted zone that you want to associate an Amazon VPC with.

    Note that you can’t associate a VPC with a hosted zone that doesn’t have an existing VPC association.

  • VPC (dict) –


    A complex type that contains information about the VPC that you want to associate with a private hosted zone.

    • VPCRegion (string) –

      (Private hosted zones only) The region that an Amazon VPC was created in.

    • VPCId (string) –

      (Private hosted zones only) The ID of an Amazon VPC.

  • Comment (string) – Optional: A comment about the association request.

Return type:



Response Syntax

    'ChangeInfo': {
        'Id': 'string',
        'Status': 'PENDING'|'INSYNC',
        'SubmittedAt': datetime(2015, 1, 1),
        'Comment': 'string'

Response Structure

  • (dict) –

    A complex type that contains the response information for the AssociateVPCWithHostedZone request.

    • ChangeInfo (dict) –

      A complex type that describes the changes made to your hosted zone.

      • Id (string) –

        This element contains an ID that you use when performing a GetChange action to get detailed information about the change.

      • Status (string) –

        The current state of the request. PENDING indicates that this request has not yet been applied to all Amazon Route 53 DNS servers.

      • SubmittedAt (datetime) –

        The date and time that the change request was submitted in ISO 8601 format and Coordinated Universal Time (UTC). For example, the value 2017-03-27T17:48:16.751Z represents March 27, 2017 at 17:48:16.751 UTC.

      • Comment (string) –

        A comment you can provide.


  • Route53.Client.exceptions.NoSuchHostedZone

  • Route53.Client.exceptions.NotAuthorizedException

  • Route53.Client.exceptions.InvalidVPCId

  • Route53.Client.exceptions.InvalidInput

  • Route53.Client.exceptions.PublicZoneVPCAssociation

  • Route53.Client.exceptions.ConflictingDomainExists

  • Route53.Client.exceptions.LimitsExceeded

  • Route53.Client.exceptions.PriorRequestNotComplete


The following example associates the VPC with ID vpc-1a2b3c4d with the hosted zone with ID Z3M3LMPEXAMPLE.

response = client.associate_vpc_with_hosted_zone(
        'VPCId': 'vpc-1a2b3c4d',
        'VPCRegion': 'us-east-2',


Expected Output:

    'ChangeInfo': {
        'Comment': '',
        'Id': '/change/C3HC6WDB2UANE2',
        'Status': 'INSYNC',
        'SubmittedAt': datetime(2017, 1, 31, 1, 36, 41, 1, 31, 0),
    'ResponseMetadata': {
        '...': '...',