AWS - Route53
Use this integration to manage your Amazon DNS web services.
We recommend that you use roles that have the following built-in AWS policies:
- Route53FullAccess
- Route53ReadOnlyAccess
Prerequisites
It is important that you familiarize yourself with and complete all steps detailed in the AWS Integrations - Authentication .
Configure the Amazon Route 53 Integration on Demisto
- Navigate to Settings > Integrations > Servers & Services .
- Search for AWS - Route53.
-
Click
Add instance
to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- Role Arn
- Role Session Name
- Role Session Duration
- Click Test to validate the URLs and token.
Commands
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Create a record: aws-route53-create-record
- Delete a record: aws-route53-delete-record
- Upsert a record: aws-route53-upsert-record
- List all hosted zones: aws-route53-list-hosted-zones
- List all resource record sets: aws-route53-list-resource-record-sets
- Wait for successful record state: aws-route53-waiter-resource-record-sets-changed
- Test a DNS Answer: aws-route53-test-dns-answer
Create a record: aws-route53-create-record
Creates a record in your Amazon Route 53 system.
Command Example
!aws-route53-create-record hostedZoneId=Z33ASF9#22MSFA6R6M5G9 source=test.example.com target=192.168.1.1 ttl=300 type=A comment="test record"
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:ChangeResourceRecordSets
Input
Parameter | Description |
source | Domain name you want to create, for example, www.example.com |
target | DNS record value |
ttl | Resource record cache time to live (TTL), in seconds |
hostedZoneId | Hosted zone ID |
type | Type of created to create |
comment | Comments for the record creation |
roleArn | Amazon Resource Name (ARN) of the role to assume |
roleSessionName | Identifier for the assumed role session |
roleSessionDuration | Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role) |
Context Output
Path | Description |
AWS.Route53.RecordSetsChange.Id | Request ID |
AWS.Route53.RecordSetsChange.Status | Current state of the request. PENDING indicates that the request has not yet been applied to all Amazon Route 53 DNS servers. |
AWS.Route53.RecordSetsChange.Comment | A complex type that describes change information about changes made to your hosted zone. |
Raw Output
{ "Id":"/change/CSDFSASDASDM", "Status":"PENDING" }
Delete a record: aws-route53-delete-record
Deletes a record from your Amazon Route 53 system.
Command Example
!aws-route53-delete-record hostedZoneId=Z33935452MA6RDSFDSG6M5G9 source=test.example.com target=192.168.1.1 type=A ttl=300
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:ChangeResourceRecordSets
Input
Parameter | Description |
source | Domain name you want to delete, for example, www.example.com |
target | DNS record value |
ttl | Resource record cache time to live (TTL), in seconds |
hostedZoneId | Hosted zone ID |
type | Type of record to create |
roleArn | Amazon Resource Name (ARN) of the role to assume |
roleSessionName | Identifier for the assumed role session |
roleSessionDuration | Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role) |
Context Output
Path | Description |
AWS.Route53.RecordSetsChange.Id | Request ID |
AWS.Route53.RecordSetsChange.Status | Current state of the request. PENDING indicates that the request has not yet been applied to all Amazon Route 53 DNS servers. |
AWS.Route53.RecordSetsChange.Comment | A complex type that describes change information about changes made to your hosted zone. |
Raw Output
{ "Id":"/change/C1A79HK325D2sdf3FOI0J", "Status":"PENDING" }
Upsert a record: aws-route53-upsert-record
Create a new record if one does not exist, or update an existing article.
Command Example
!aws-route53-upsert-record hostedZoneId=Z33ASF9#22MSFA6R6M5G9 source=test.example.com target=192.168.1.2 ttl=300 type=A comment="test record"
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:ChangeResourceRecordSets
Input
Parameter | Description |
source | Name of the domain you want to create, for example www.example.com |
target | DNS record value |
ttl | Resource record cache time to live (TTL), in seconds |
hostedZoneId | Hosted zone ID |
type | The type of record to create |
comment | Comments you want to include |
roleArn | Amazon Resource Name (ARN) of the role to assume |
roleSessionName | Identifier for the assumed role session |
roleSessionDuration | Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role) |
Context Output
Path | Description |
AWS.Route53.RecordSetsChange.Id | Request ID |
AWS.Route53.RecordSetsChange.Status | Current state of the request. PENDING indicates that this request has not yet been applied to all Amazon Route 53 DNS servers |
AWS.Route53.RecordSetsChange.Comment | A complex type that describes change information about changes made to your hosted zone |
Raw Output
{ "Id":"/change/CSDFSASDASDM", "Status":"PENDING" }
Wait for successful record state: aws-route53-waiter-resource-record-sets-changed
A waiter function that waits until the record state is successful (Created, Deleted, Upsert).
Command Example
!aws-route53-waiter-resource-record-sets-changed id=CM3UDCRD3ZYDSAF41
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:GetChange
Input
Parameter | Description |
id | ID of the change |
waiterDelay | Amount of time, in seconds, to wait between attempts (default is 30) |
waiterMaxAttempts | Maximum number of attempts to make (default is 60) |
Context Output
There is no context output for this command.
Raw Output
success
List all hosted zones: aws-route53-list-hosted-zones
Returns a list of all hosted zones in your Amazon Route 53 system.
Command Example
!aws-route53-list-hosted-zones
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:ListHostedZones
Input
Parameter | Description |
roleArn | Amazon Resource Name (ARN) of the role to assume |
roleSessionName | Identifier for the assumed role session |
roleSessionDuration | Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role) |
Context Output
Path | Description |
AWS.Route53.HostedZones.Id | Request ID |
AWS.Route53.HostedZones.Name | Domain name |
AWS.Route53.HostedZones.CallerReference | The value that you specified for CallerReference when you created the hosted zone |
AWS.Route53.HostedZones.Config.Comment | Comments to include in the hosted zone |
AWS.Route53.HostedZones.Config.PrivateZone | A value that indicates whether this is a private hosted zone. |
AWS.Route53.HostedZones.ResourceRecordSetCount | The number of resource record sets in the hosted zone |
AWS.Route53.HostedZones.LinkedService.ServicePrincipal | If the health check or hosted zone was created by another service, the service that created the resource |
AWS.Route53.HostedZones.LinkedService.Description | If the health check or hosted zone was created by another service, an optional description that can be provided by the other service. |
Raw Output
[ { "Id":"/hostedzone/Z3SDA392MSF6SFR6M5G9", "Name":"example.com.", "ResourceRecordSetCount":8 } ]
List all resource record sets: aws-route53-list-resource-record-sets
Returns a list of all resource record sets in your Amazon Route 53 system.
Command Example
!aws-route53-list-resource-record-sets hostedZoneId=Z33DFSDDFSDF6R6MDF5G9
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:ListResourceRecordSets
Input
Parameter | Description |
hostedZoneId | Hosted zone ID |
startRecordName | The first name in the lexicographic ordering of resource record sets that you want to list |
startRecordType | The type of resource record set to begin the record listing from |
startRecordIdentifier | Weighted resource record sets only |
roleArn | Amazon Resource Name (ARN) of the role to assume |
roleSessionName | Identifier for the assumed role session |
roleSessionDuration | Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role) |
Context Output
Path | Description |
AWS.Route53.RecordSets.Name | Domain name |
AWS.Route53.RecordSets.Type | DNS record type |
AWS.Route53.RecordSets.SetIdentifier | An identifier that differentiates among multiple resource record sets that have the same combination of DNS name and type |
AWS.Route53.RecordSets.Weight | Weighted resource record sets only |
AWS.Route53.RecordSets.Region | Latency-based resource record sets only |
AWS.Route53.RecordSets.GeoLocation.ContinentCode | The two-letter code for the continent |
AWS.Route53.RecordSets.GeoLocation.CountryCode | The two-letter code for the country |
AWS.Route53.RecordSets.GeoLocation.SubdivisionCode | The code for the subdivision, for example, a state in the United States or a province in Canada |
AWS.Route53.RecordSets.Failover | Failover resource record sets only |
AWS.Route53.RecordSets.MultiValueAnswer | Multivalue answer resource record sets only |
AWS.Route53.RecordSets.TTL | Resource record cache time to live (TTL), in seconds |
AWS.Route53.RecordSets.ResourceRecords.Value | Current record value |
AWS.Route53.RecordSets.AliasTarget.HostedZoneId | Alias resource record sets only |
AWS.Route53.RecordSets.AliasTarget.DNSName | Alias resource record sets only |
AWS.Route53.RecordSets.AliasTarget.EvaluateTargetHealth | Alias resource record sets only |
AWS.Route53.RecordSets.HealthCheckId | ID of the applicable health check |
AWS.Route53.RecordSets.TrafficPolicyInstanceId | ID of the traffic policy instance that Amazon Route 53 created this resource record set for |
Raw Output
[ { "Name": "demistotest5.lab-demisto.com.", "ResourceRecords": "192.168.1.1", "TTL": 300, "Type": "A" }, { "Name": "demistotest6.lab-demisto.com.", "ResourceRecords": "192.168.1.1", "TTL": 300, "Type": "A" } ]
Test a DNS answer: aws-route53-test-dns-answer
Tests a DNS answer.
Command Example
!aws-route53-test-dns-answer hostedZoneId=Z339SDF2MA6R6ADFSM5G9 recordName=testing2.example.com recordType=A
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:TestDNSAnswer
Input
Parameter | Description |
HostedZoneId | Hosted zone ID |
recordName | Name of the resource record set that you want Amazon Route 53 to simulate a query for |
RecordType | Resource record set type |
resolverIP | If you want to simulate a request from a specific DNS resolver, specify the IP address for that resolver. If you omit this value, TestDnsAnswer uses the IP address of a DNS resolver in the AWS US East (N. Virginia) Region (us-east-1 ) |
roleArn | Amazon Resource Name (ARN) of the role to assume |
roleSessionName | Identifier for the assumed role session |
roleSessionDuration | Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role) |
Context Output
Path | Description |
AWS.Route53.TestDNSAnswer.Nameserver | Amazon Route 53 name server used to respond to the request |
AWS.Route53.TestDNSAnswer.RecordName | Name of the resource record set that you submitted a request for |
AWS.Route53.TestDNSAnswer.RecordType | The type of the resource record set that you submitted a request for |
AWS.Route53.TestDNSAnswer.ResponseCode | A list that contains values that Amazon Route 53 returned for this resource record set |
AWS.Route53.TestDNSAnswer.Protocol | A code that indicates whether the request is valid or not |
AWS.Route53.TestDNSAnswer.RecordData | The protocol that Amazon Route 53 used to respond to the request, either UDP or TCP |
Raw Output
{ "Nameserver":"ns-311.awsdns-38.com", "Protocol":"UDP", "RecordName":"testing2.example.com", "RecordType":"A", "ResponseCode":"NOERROR" }