M
MX Record Checker

How to Add MX Records in AWS Route 53 - Step-by-Step Guide

Step-by-step guide to adding MX records in AWS Route 53 for Google Workspace, Microsoft 365, and other email providers, including AWS CLI instructions.

AWS Route 53 is Amazon's DNS service, and many businesses that run their applications on AWS also use Route 53 to manage their domain's DNS records. If you've recently moved your nameservers to Route 53 or registered a domain through AWS, you'll need to add MX records there to get email working with Google Workspace, Microsoft 365, or any other email provider.

Route 53 works a little differently from registrar-based DNS editors, but the process is straightforward once you know where to look. This guide walks through adding MX records via both the AWS Management Console and the AWS CLI.

Prerequisites

Before you start, you'll need:

  • An AWS account with access to the Route 53 console
  • A hosted zone in Route 53 for your domain (more on creating one below if you don't have it yet)
  • The MX record values from your email provider: the mail server hostnames and their priority numbers
  • Appropriate IAM permissions. If you're not the AWS account owner, confirm you have route53:ChangeResourceRecordSets and route53:ListResourceRecordSets permissions for the hosted zone.

Creating a Hosted Zone (If You Don't Have One)

A hosted zone in Route 53 is a container for all the DNS records for a specific domain. If your domain is already using Route 53 nameservers, you have one. If you're setting up Route 53 for the first time, here's how to create a hosted zone:

  1. Open the AWS Management Console and navigate to Route 53
  2. In the left sidebar, click Hosted zones
  3. Click Create hosted zone
  4. Enter your domain name (e.g., yourbusiness.com) in the Domain name field
  5. Leave the type as Public hosted zone
  6. Click Create hosted zone

After creating the hosted zone, Route 53 will provide you with four nameserver addresses (NS records). You'll need to enter these at your domain registrar to point your domain's DNS to Route 53. This is a separate step from adding MX records. Your domain has to be using Route 53 nameservers for Route 53 MX records to take effect.

Navigating to Your Hosted Zone

Once you have a hosted zone set up:

  1. In the Route 53 console, click Hosted zones in the left sidebar
  2. Click on your domain name to open the hosted zone
  3. You'll see a list of existing DNS records. Typically NS (nameserver) and SOA (start of authority) records are there by default
  4. This is where you'll add your MX records

Adding MX Records via the Console

Route 53 has a specific format for MX records that differs slightly from other DNS editors. Each MX record value must include both the priority number and the hostname, separated by a space, in the record value field.

To add MX records:

  1. Click Create record in the hosted zone
  2. Leave the Record name field blank (or enter @ if the interface requires it; Route 53 uses the blank field to represent the root domain)
  3. Set the Record type to MX
  4. Set the TTL to 3600 (1 hour), which is a reasonable default. If you're in the middle of a migration, use 300 (5 minutes) so changes propagate faster.
  5. In the Value field, enter your MX records in the format priority hostname, one per line

For example, if you're adding Google Workspace MX records, the Value field should contain:

1 aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com

Note the format: priority number first, then a space, then the hostname. This is different from some other DNS editors that use separate fields for priority and hostname. In Route 53, they go together in a single value field, with multiple records on separate lines.

  1. Click Create records

Route 53 will create a single MX record set containing all five entries. This is how Route 53 works: multiple values for the same record type are grouped into one record set.

Adding Google Workspace MX Records

For Google Workspace, use these values in the Route 53 Value field (all in one record set):

1 aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com

Google requires all five records for proper delivery and redundancy. The two records at priority 5 provide load balancing, as do the two at priority 10.

Adding Microsoft 365 MX Records

For Microsoft 365, you'll add a single MX record value. Microsoft generates a unique hostname specific to your tenant:

0 yourdomain-com.mail.protection.outlook.com

Replace yourdomain-com with your actual domain, using hyphens instead of dots (so example.com becomes example-com). The exact value is shown in the Microsoft 365 admin center under Settings > Domains > your domain > DNS records.

In Route 53, enter that single line as the Value, with priority 0 before the hostname.

TTL Settings

Route 53 lets you set TTL (Time to Live) on each record set. TTL controls how long DNS servers cache your records before checking for updates.

  • For a stable, ongoing configuration: Use 3600 (1 hour) or 86400 (24 hours). Higher TTL reduces DNS query volume.
  • During a migration or while testing: Use 300 (5 minutes). This lets changes propagate quickly so you can iterate without waiting hours between tests.
  • After migration is complete: Raise TTL back to 3600 or higher.

One Route 53-specific consideration: if you're switching your domain to Route 53 from another DNS provider, lower the TTL at your old DNS provider before changing nameservers. This ensures the transition happens quickly.

Verifying Your Changes with the MX Checker

After saving your MX records, go to mxrecordchecker.com and enter your domain name. The tool queries live DNS and shows you every MX record currently published for your domain.

Confirm that:

  • The correct mail server hostnames are listed
  • Priority values match what you entered (remembering that Route 53 combines priority and hostname into one value, but the checker will display them separately)
  • No old MX records from a previous provider remain

Route 53 changes are usually live within 60 seconds on Route 53's own nameservers. Global propagation to other DNS resolvers depends on the TTL setting and can take anywhere from a few minutes to a few hours.

Using the AWS CLI for MX Records

If you prefer working in a terminal or need to automate DNS changes, the AWS CLI provides full Route 53 record management. This is particularly useful for teams managing multiple domains or integrating DNS changes into a deployment pipeline.

To add MX records via the CLI, you use the change-resource-record-sets command with a JSON change batch. First, get your hosted zone ID:

aws route53 list-hosted-zones --query "HostedZones[?Name=='yourbusiness.com.'].Id" --output text

This returns something like /hostedzone/Z1D633PJN98FT9. Then create a JSON file for your change:

{
  "Changes": [
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "yourbusiness.com",
        "Type": "MX",
        "TTL": 3600,
        "ResourceRecords": [
          { "Value": "1 aspmx.l.google.com" },
          { "Value": "5 alt1.aspmx.l.google.com" },
          { "Value": "5 alt2.aspmx.l.google.com" },
          { "Value": "10 alt3.aspmx.l.google.com" },
          { "Value": "10 alt4.aspmx.l.google.com" }
        ]
      }
    }
  ]
}

Apply it with:

aws route53 change-resource-record-sets --hosted-zone-id Z1D633PJN98FT9 --change-batch file://mx-change.json

Use "Action": "UPSERT" instead of "CREATE" if you're updating an existing MX record set. UPSERT creates the record if it doesn't exist or replaces it if it does.

Common Route 53-Specific Issues

"The record already exists." Route 53 won't let you create a duplicate record set. If you already have an MX record set, you need to delete it first or use UPSERT (in the CLI) or edit the existing record set (in the console).

Changes not propagating. Route 53 typically propagates changes to its own nameservers within 60 seconds. If you're seeing old records more than an hour after making changes, check that your domain is actually using Route 53 nameservers by running an NS lookup. If the domain is still pointed at your old registrar's nameservers, Route 53 records have no effect.

Trailing dots in hostnames. Route 53 automatically handles trailing dots in DNS record values, so you don't need to add them manually, though the system accepts them if you do.

IAM permission errors. If you're getting access denied errors, your IAM user or role needs route53:ChangeResourceRecordSets permission. Ask your AWS administrator to grant the appropriate Route 53 permissions for your hosted zone.

Hosted zone created but nameservers not updated. Creating a hosted zone in Route 53 doesn't automatically move your domain there. You still need to go to your domain registrar and update the nameservers to the four NS records Route 53 assigned to your hosted zone.

After resolving any issues, rerun the check at mxrecordchecker.com to confirm your records are correct and visible worldwide.

Related Articles