Today I learned that in order to resolve a record in a Route53 private hosted zone from within a VPC, the VPC is configured as an associated VPC for the hosted zone rather than configuring the VPC itself.

How that looks from within the Route53 Admin console:

AWS Route53 Private Hosted Zone

For example, say that I have an EC2 hosting a postgreSQL database and I wish to use a more 'friendly' name in the connection string, e.g. as the host name. I add an A record to my hosted zone called 'aws.local' to point the name '' at the IP address for the EC2.

I have another EC2 or Lambda running in a VPC 'vpc-abcd1234' . In order for the connection string being used to access the database to be able to use '' as the host name, vpc-abcd1234 needs to be added to the VPCs for the hosted zone 'aws.local'

And how that would look in a Cloud Formation template:

  Type: "AWS::Route53::HostedZone"
      Comment: 'My hosted zone for aws.local'
    Name: 'aws.local'
        VPCId: 'vpc-abcd1234'
        VPCRegion: 'ap-southeast-2'
        VPCId: 'vpc-efgh5678'
        VPCRegion: 'us-west-2'