An octoDNS provider that targets Route53.
pip install octodns-route53
Pinning specific versions or SHAs is recommended to avoid unplanned upgrades.
# Start with the latest versions and don't just copy what's here
octodns==0.9.14
octodns-route53==0.0.1
# Start with the latest/specific versions and don't just copy what's here
-e git+https://[email protected]/octodns/octodns.git@9da19749e28f68407a1c246dfdf65663cdc1c422#egg=octodns
-e git+https://[email protected]/octodns/octodns-route53.git@ec9661f8b335241ae4746eea467a8509205e6a30#egg=octodns_route53
providers:
route53:
class: octodns_route53.Route53Provider
# The AWS access key id
access_key_id: env/AWS_ACCESS_KEY_ID
# The AWS secret access key
secret_access_key: env/AWS_SECRET_ACCESS_KEY
# The AWS session token (optional)
# Only needed if using temporary security credentials
#session_token: env/AWS_SESSION_TOKEN
Alternatively, you may leave out access_key_id, secret_access_key and session_token. This will result in boto3 deciding authentication dynamically.
In general the account used will need full permissions on Route53.
providers:
ec2:
class: octodns_route53.Ec2Source
# auth options are the same as Route53Provider
access_key_id: env/AWS_ACCESS_KEY_ID
secret_access_key: env/AWS_SECRET_ACCESS_KEY
# The region in which to look for EC2 instances, required.
region: us-east-1
# Prefix for tag keys containing fqdn(s)
#tag_prefix: octodns
# String to append to all names and tag values
#append_to_names: mydomain.com.
#ttl: 3600
In general the account used will need read permissions on EC2 instances.
Records are driven off of the tags attached to the EC2 instances. The "Name" tag and any tags starting with tag_prefix
are considered.
The value of the tag should be one or more fqdns separated by a /
character. You can append a string to the name and all tag values with append_to_names
.
When a zone is being populated any fqdns matching the zone name will result in records. When the instance has a private IPv4 address an A record will be created. When the instance has an IPv6 address a AAAA record will be created.
When the zone is a sub-zone of in-addr.arpa. PTR records will be created for private IPv4 addresses that match the zone. The value(s) will be the fqdn(s) associated with that private IPv4 address.
When the zone is a sub-zone of ip6.arpa. PTR records will be created for IPv6 addresses that match the zone. The value(s) will be the fqdn(s) associated with that IPv6 address.
providers:
elb:
class: octodns_route53.ElbSource
# auth options are the same as Route53Provider
access_key_id: env/AWS_ACCESS_KEY_ID
secret_access_key: env/AWS_SECRET_ACCESS_KEY
# The region in which to look for ELB instances, required.
region: us-east-1
# Prefix for tag keys containing fqdn(s)
#tag_prefix: octodns
# String to append to all names and tag values
#append_to_names: mydomain.com.
#ttl: 3600
In general the account used will need read permissions on ELB instances and tags.
Records are driven off of the ELB name and the tags attached to the ELB instances. Any tag with tag_prefix
is considered.
The value of the tag should be one or more fqdns separated by a /
character. You can append a string to the name and all tag values with append_to_names
.
When a zone is being populated any fqdns matching the zone name will result in records CNAME records with the target value being the DNSName of the ELB instance.
# This will result in an ALIAS record for example.com. -> DNSName
octodns: example.com.
# This will result in a CNAME record for foo.example.com. -> DNSName
octodns: foo.example.com.
# This will result in CNAME records for foo.example.com. and bar.other.com.
# -> DNSName
octodns: foo.example.com./bar.other.com.
# Tags are limited to 255 characters so in order to support long and/or
# numerous fqdns tags prefixed with `tag_prefix` are considered. It is also
# acceptable to add multiple tags rather than separating things with `/`
octodns-1: foo.example.com.
octodns-2: bar.other.com.
processors:
awsacm:
class: octodns.processor.acme.AwsAcmMangingProcessor
...
zones:
something.com.:
...
processors:
- awsacm
...
A, AAAA, CAA, CNAME, DS, MX, NAPTR, NS, PTR, SPF, SRV, TXT
Route53Provider supports full root NS record management.
Route53Provider supports dynamic records, CNAME health checks don't support a Host header.
Route53Provider/ALIAS
adds support for the Route53 specific symlink style alias records.
# "symlink" to another record in the same zone
alias:
type: Route53Provider/ALIAS
values:
# ALIAS for the zone APEX A record
- type: A
# ALIAS for www.whatever.com. AAAA
- evaluate-target-health: false
# same-zone aliases omit the zone name
name: www
type: AAAA
# "symlink" to a AWS service
alb:
type: Route53Provider/ALIAS
value:
# default for evaluate-target-health is False
evaluate-target-health: true
# hosted-zone-id should only be used when pointing to service endpoints
hosted-zone-id: Z42SXDOTRQ7X7K
name: dualstack.octodns-testing-1165866977.us-east-1.elb.amazonaws.com.
type: A
See https://github.com/octodns/octodns/blob/master/docs/dynamic_records.md#health-checks for information on health checking for dynamic records. Route53Provider supports the following options:
Key | Description | Default |
---|---|---|
failure_threshold | Failure threshold before state change, 1-10 | 6 |
measure_latency | Show latency in AWS console | true |
request_interval | Healthcheck interval [10|30] seconds | 10 |
---
octodns:
healthcheck:
host: my-host-name
path: /dns-health-check
port: 443
protocol: HTTPS
route53:
healthcheck:
failure_threshold: 3
measure_latency: false
request_interval: 30
See the /script/ directory for some tools to help with the development process. They generally follow the Script to rule them all pattern. Most useful is ./script/bootstrap
which will create a venv and install both the runtime and development related requirements. It will also hook up a pre-commit hook that covers most of what's run by CI.