Use AWS Route53 as DNS slave or sync local bind zones to AWS Route53

I had two problems, which i could solve with one software:
Case 1: I want to use Route 53 as Backup/Slave for my local bind servers
Case 2: I want to use my local zone for AWS without adding an additional name server to the EC2 machines
For those cases i’ve found: cli53
Project-URL: https://github.com/barnybug/cli53
The installation is realy easy:

wget https://github.com/barnybug/cli53/releases/download/0.7.4/cli53-linux-amd64 -O /usr/local/bin/cli53

After this you need an account at AWS with the Permissions:

  • route53:ListHostedZones
  • route53:ChangeResourceRecordSets
  • route53:ListResourceRecordSets
  • route53:GetChange
You are free to limit it to single zones or all zones.
In my case i’ve created an extra account for this and gave it the permission for only one zone with a Inline Policy via AIM:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:ChangeResourceRecordSets",
                "route53:ListResourceRecordSets"
            ],
            "Resource": "arn:aws:route53:::hostedzone/##ZONEID##"
        },
        {
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "route53:GetChange"
            ],
            "Resource": "arn:aws:route53:::change/*"
        }
    ]
}
If you want to overtake this, you need to replace ##ZONEID## the Id of the Zone.
The next step is to create the Credentials for the user. Easily do it in AIM.
The credentials for the tool are stored in /root/.aws/credentials
You can define different profiles here.
[##profilename##]
aws_access_key_id = ##accesskey##
aws_secret_access_key = ##secret##
You need to replace all in ## with your profilename (no need to match aws account name) and credentials.
And finaly you can sync a domain to route53 with this command:
Warning: check the meaning of the command and the parameters with „cli53 help“ before you are executing anything. Should should know what you are doing!
cli53 import  –profile ##profilname## –file /etc/bind/db.##zone## –replace  ##zone##
Here you need to replace ##profilename## with the profile name from credentials and ##zone## with the name of your zone.

Schreibe einen Kommentar