AWS - Route53

Use this integration to manage your Amazon DNS web services.

We recommend that you use roles that have the following built-in AWS policies:

  • Route53FullAccess
  • Route53ReadOnlyAccess

Prerequisites

It is important that you familiarize yourself with and complete all steps detailed in the Amazon AWS Integrations Configuration Guide .

Configure the Amazon Route 53 Integration on Demisto

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for AWS - Route53.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • Role Arn
    • Role Session Name
    • Role Session Duration
  4. Click Test to validate the URLs and token.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Create a record: aws-route53-create-record
  2. Delete a record: aws-route53-delete-record
  3. Upsert a record: aws-route53-upsert-record
  4. List all hosted zones: aws-route53-list-hosted-zones
  5. List all resource record sets: aws-route53-list-resource-record-sets
  6. Wait for successful record state: aws-route53-waiter-resource-record-sets-changed
  7. Test a DNS Answer: aws-route53-test-dns-answer

Create a record: aws-route53-create-record

Creates a record in your Amazon Route 53 system.

Command Example

!aws-route53-create-record hostedZoneId=Z33ASF9#22MSFA6R6M5G9 source=test.example.com target=192.168.1.1 ttl=300 type=A comment="test record"

AWS IAM Policy Permission

Effect: Allow
Action: route53:ChangeResourceRecordSets

Input
Parameter Description
source Domain name you want to create, for example, www.example.com
target DNS record value
ttl Resource record cache time to live (TTL), in seconds
hostedZoneId Hosted zone ID
type Type of created to create
comment Comments for the record creation
roleArn Amazon Resource Name (ARN) of the role to assume
roleSessionName Identifier for the assumed role session
roleSessionDuration Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role)

Context Output
Path Description
AWS.Route53.RecordSetsChange.Id Request ID
AWS.Route53.RecordSetsChange.Status Current state of the request. PENDING indicates that the request has not yet been applied to all Amazon Route 53 DNS servers.
AWS.Route53.RecordSetsChange.Comment A complex type that describes change information about changes made to your hosted zone.

Raw Output
{  
   "Id":"/change/CSDFSASDASDM",
   "Status":"PENDING"
}

Delete a record: aws-route53-delete-record

Deletes a record from your Amazon Route 53 system.

Command Example
!aws-route53-delete-record hostedZoneId=Z33935452MA6RDSFDSG6M5G9 source=test.example.com target=192.168.1.1 type=A ttl=300
AWS IAM Policy Permission

Effect: Allow
Action: route53:ChangeResourceRecordSets

Input
Parameter Description
source Domain name you want to delete, for example, www.example.com
target DNS record value
ttl Resource record cache time to live (TTL), in seconds
hostedZoneId Hosted zone ID
type Type of record to create
roleArn Amazon Resource Name (ARN) of the role to assume
roleSessionName Identifier for the assumed role session
roleSessionDuration Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role)

Context Output
Path Description
AWS.Route53.RecordSetsChange.Id Request ID
AWS.Route53.RecordSetsChange.Status Current state of the request. PENDING indicates that the request has not yet been applied to all Amazon Route 53 DNS servers.
AWS.Route53.RecordSetsChange.Comment A complex type that describes change information about changes made to your hosted zone.

Raw Output
{  
   "Id":"/change/C1A79HK325D2sdf3FOI0J",
   "Status":"PENDING"
}

Upsert a record: aws-route53-upsert-record

Create a new record if one does not exist, or update an existing article.

Command Example

!aws-route53-upsert-record hostedZoneId=Z33ASF9#22MSFA6R6M5G9 source=test.example.com target=192.168.1.2 ttl=300 type=A comment="test record"

AWS IAM Policy Permission

Effect: Allow
Action: route53:ChangeResourceRecordSets

Input
Parameter Description
source Name of the domain you want to create, for example www.example.com
target DNS record value
ttl Resource record cache time to live (TTL), in seconds
hostedZoneId Hosted zone ID
type The type of record to create
comment Comments you want to include
roleArn Amazon Resource Name (ARN) of the role to assume
roleSessionName Identifier for the assumed role session
roleSessionDuration Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role)

Context Output
Path Description
AWS.Route53.RecordSetsChange.Id Request ID
AWS.Route53.RecordSetsChange.Status Current state of the request. PENDING indicates that this request has not yet been applied to all Amazon Route 53 DNS servers
AWS.Route53.RecordSetsChange.Comment A complex type that describes change information about changes made to your hosted zone

Raw Output
{  
   "Id":"/change/CSDFSASDASDM",
   "Status":"PENDING"
}

Wait for successful record state: aws-route53-waiter-resource-record-sets-changed

A waiter function that waits until the record state is successful (Created, Deleted, Upsert).

Command Example

!aws-route53-waiter-resource-record-sets-changed id=CM3UDCRD3ZYDSAF41

AWS IAM Policy Permission

Effect: Allow
Action: route53:GetChange

Input
Parameter Description
id ID of the change
waiterDelay Amount of time, in seconds, to wait between attempts (default is 30)
waiterMaxAttempts Maximum number of attempts to make (default is 60)

Context Output

There is no context output for this command.

Raw Output
success

List all hosted zones: aws-route53-list-hosted-zones

Returns a list of all hosted zones in your Amazon Route 53 system.

Command Example

!aws-route53-list-hosted-zones

AWS IAM Policy Permission

Effect: Allow
Action: route53:ListHostedZones

Input
Parameter Description
roleArn Amazon Resource Name (ARN) of the role to assume
roleSessionName Identifier for the assumed role session
roleSessionDuration Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role)

Context Output
Path Description
AWS.Route53.HostedZones.Id Request ID
AWS.Route53.HostedZones.Name Domain name
AWS.Route53.HostedZones.CallerReference The value that you specified for CallerReference when you created the hosted zone
AWS.Route53.HostedZones.Config.Comment Comments to include in the hosted zone
AWS.Route53.HostedZones.Config.PrivateZone A value that indicates whether this is a private hosted zone.
AWS.Route53.HostedZones.ResourceRecordSetCount The number of resource record sets in the hosted zone
AWS.Route53.HostedZones.LinkedService.ServicePrincipal If the health check or hosted zone was created by another service, the service that created the resource
AWS.Route53.HostedZones.LinkedService.Description If the health check or hosted zone was created by another service, an optional description that can be provided by the other service.

Raw Output
[  
   {  
      "Id":"/hostedzone/Z3SDA392MSF6SFR6M5G9",
      "Name":"example.com.",
      "ResourceRecordSetCount":8
   }
]

List all resource record sets: aws-route53-list-resource-record-sets

Returns a list of all resource record sets in your Amazon Route 53 system.

Command Example

!aws-route53-list-resource-record-sets hostedZoneId=Z33DFSDDFSDF6R6MDF5G9

AWS IAM Policy Permission

Effect: Allow
Action: route53:ListResourceRecordSets

Input
Parameter Description
hostedZoneId Hosted zone ID
startRecordName The first name in the lexicographic ordering of resource record sets that you want to list
startRecordType The type of resource record set to begin the record listing from
startRecordIdentifier Weighted resource record sets only
roleArn Amazon Resource Name (ARN) of the role to assume
roleSessionName Identifier for the assumed role session
roleSessionDuration Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role)

Context Output
Path Description
AWS.Route53.RecordSets.Name Domain name
AWS.Route53.RecordSets.Type DNS record type
AWS.Route53.RecordSets.SetIdentifier An identifier that differentiates among multiple resource record sets that have the same combination of DNS name and type
AWS.Route53.RecordSets.Weight Weighted resource record sets only
AWS.Route53.RecordSets.Region Latency-based resource record sets only
AWS.Route53.RecordSets.GeoLocation.ContinentCode The two-letter code for the continent
AWS.Route53.RecordSets.GeoLocation.CountryCode The two-letter code for the country
AWS.Route53.RecordSets.GeoLocation.SubdivisionCode The code for the subdivision, for example, a state in the United States or a province in Canada
AWS.Route53.RecordSets.Failover Failover resource record sets only
AWS.Route53.RecordSets.MultiValueAnswer Multivalue answer resource record sets only
AWS.Route53.RecordSets.TTL Resource record cache time to live (TTL), in seconds
AWS.Route53.RecordSets.ResourceRecords.Value Current record value
AWS.Route53.RecordSets.AliasTarget.HostedZoneId Alias resource record sets only
AWS.Route53.RecordSets.AliasTarget.DNSName Alias resource record sets only
AWS.Route53.RecordSets.AliasTarget.EvaluateTargetHealth Alias resource record sets only
AWS.Route53.RecordSets.HealthCheckId ID of the applicable health check
AWS.Route53.RecordSets.TrafficPolicyInstanceId ID of the traffic policy instance that Amazon Route 53 created this resource record set for

Raw Output
[
{
"Name": "demistotest5.lab-demisto.com.",
"ResourceRecords": "192.168.1.1",
"TTL": 300,
"Type": "A"
},
{
"Name": "demistotest6.lab-demisto.com.",
"ResourceRecords": "192.168.1.1",
"TTL": 300,
"Type": "A"
}
]

Test a DNS answer: aws-route53-test-dns-answer

Tests a DNS answer.

Command Example

!aws-route53-test-dns-answer hostedZoneId=Z339SDF2MA6R6ADFSM5G9 recordName=testing2.example.com recordType=A

AWS IAM Policy Permission

Effect: Allow
Action: route53:TestDNSAnswer

Input
Parameter Description
HostedZoneId Hosted zone ID
recordName Name of the resource record set that you want Amazon Route 53 to simulate a query for
RecordType Resource record set type
resolverIP If you want to simulate a request from a specific DNS resolver, specify the IP address for that resolver. If you omit this value, TestDnsAnswer uses the IP address of a DNS resolver in the AWS US East (N. Virginia) Region (us-east-1 )
roleArn Amazon Resource Name (ARN) of the role to assume
roleSessionName Identifier for the assumed role session
roleSessionDuration Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role)

Context Output
Path Description
AWS.Route53.TestDNSAnswer.Nameserver Amazon Route 53 name server used to respond to the request
AWS.Route53.TestDNSAnswer.RecordName Name of the resource record set that you submitted a request for
AWS.Route53.TestDNSAnswer.RecordType The type of the resource record set that you submitted a request for
AWS.Route53.TestDNSAnswer.ResponseCode A list that contains values that Amazon Route 53 returned for this resource record set
AWS.Route53.TestDNSAnswer.Protocol A code that indicates whether the request is valid or not
AWS.Route53.TestDNSAnswer.RecordData The protocol that Amazon Route 53 used to respond to the request, either UDP or TCP

Raw Output
{  
   "Nameserver":"ns-311.awsdns-38.com",
   "Protocol":"UDP",
   "RecordName":"testing2.example.com",
   "RecordType":"A",
   "ResponseCode":"NOERROR"
}