Subdomain Delegation

How to delegate a subdomain to another AWS account in AWS Route53?

Look at the new hosted zone you created for testing.example.com. This can be in the same AWS account, a different AWS account... any AWS account. There's nothing here that is "account" related. This uses standard DNS configuration. The whole of DNS is a hierarchy. The global root can tell you where to find com, and the com servers can tell you where to find example.com, and it's nothing materially different for example.com to tell you where to find testing.example.com instead of giving you a direct answer.

So another related thing is about the DNS verification, you need to add the verification DNS record to the subdomain account.

For example, I have domain example.com registered in the root account A, and I want to delegate the subdomain api.example.com to api account B.

1. I create a public api.example.com hosted zone in the account B
2. I add the 4 DNS resolver records in the public example.com hosted zone in account A
3. I want to issue a TLS certificate for *.api.example.com in account B, so now we cannot add the verification CNAME DNS record in example.com hosted zone in account A, buuuut, I need to add the DNS record in api.example.com hosted zone in account B. That's because you have already delegated all the domains under api.example.com to account B, as well as the verification DNS.

Reference: https://serverfault.com/questions/817651/can-different-aws-accounts-manage-different-subdomains