AWS - Route53
Use this integration to manage your Amazon DNS web services.
We recommend that you use roles that have the following built-in AWS policies:
- Route53FullAccess
- Route53ReadOnlyAccess
Prerequisites
It is important that you familiarize yourself with and complete all steps detailed in the Amazon AWS Integrations Configuration Guide .
Configure the Amazon Route 53 Integration on Demisto
- Navigate to Settings > Integrations > Servers & Services .
- Search for AWS - Route53.
-
Click
Add instance
to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- Role Arn
- Role Session Name
- Role Session Duration
- Click Test to validate the URLs and token.
Commands
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Create a record: aws-route53-create-record
- Delete a record: aws-route53-delete-record
- Upsert a record: aws-route53-upsert-record
- List all hosted zones: aws-route53-list-hosted-zones
- List all resource record sets: aws-route53-list-resource-record-sets
- Wait for successful record state: aws-route53-waiter-resource-record-sets-changed
- Test a DNS Answer: aws-route53-test-dns-answer
Create a record: aws-route53-create-record
Creates a record in your Amazon Route 53 system.
Command Example
!aws-route53-create-record hostedZoneId=Z33ASF9#22MSFA6R6M5G9 source=test.example.com target=192.168.1.1 ttl=300 type=A comment="test record"
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:ChangeResourceRecordSets
Input
| Parameter | Description |
| source | Domain name you want to create, for example, www.example.com |
| target | DNS record value |
| ttl | Resource record cache time to live (TTL), in seconds |
| hostedZoneId | Hosted zone ID |
| type | Type of created to create |
| comment | Comments for the record creation |
| roleArn | Amazon Resource Name (ARN) of the role to assume |
| roleSessionName | Identifier for the assumed role session |
| roleSessionDuration | Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role) |
Context Output
| Path | Description |
| AWS.Route53.RecordSetsChange.Id | Request ID |
| AWS.Route53.RecordSetsChange.Status | Current state of the request. PENDING indicates that the request has not yet been applied to all Amazon Route 53 DNS servers. |
| AWS.Route53.RecordSetsChange.Comment | A complex type that describes change information about changes made to your hosted zone. |
Raw Output
{
"Id":"/change/CSDFSASDASDM",
"Status":"PENDING"
}
Delete a record: aws-route53-delete-record
Deletes a record from your Amazon Route 53 system.
Command Example
!aws-route53-delete-record hostedZoneId=Z33935452MA6RDSFDSG6M5G9 source=test.example.com target=192.168.1.1 type=A ttl=300
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:ChangeResourceRecordSets
Input
| Parameter | Description |
| source | Domain name you want to delete, for example, www.example.com |
| target | DNS record value |
| ttl | Resource record cache time to live (TTL), in seconds |
| hostedZoneId | Hosted zone ID |
| type | Type of record to create |
| roleArn | Amazon Resource Name (ARN) of the role to assume |
| roleSessionName | Identifier for the assumed role session |
| roleSessionDuration | Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role) |
Context Output
| Path | Description |
| AWS.Route53.RecordSetsChange.Id | Request ID |
| AWS.Route53.RecordSetsChange.Status | Current state of the request. PENDING indicates that the request has not yet been applied to all Amazon Route 53 DNS servers. |
| AWS.Route53.RecordSetsChange.Comment | A complex type that describes change information about changes made to your hosted zone. |
Raw Output
{
"Id":"/change/C1A79HK325D2sdf3FOI0J",
"Status":"PENDING"
}
Upsert a record: aws-route53-upsert-record
Create a new record if one does not exist, or update an existing article.
Command Example
!aws-route53-upsert-record hostedZoneId=Z33ASF9#22MSFA6R6M5G9 source=test.example.com target=192.168.1.2 ttl=300 type=A comment="test record"
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:ChangeResourceRecordSets
Input
| Parameter | Description |
| source | Name of the domain you want to create, for example www.example.com |
| target | DNS record value |
| ttl | Resource record cache time to live (TTL), in seconds |
| hostedZoneId | Hosted zone ID |
| type | The type of record to create |
| comment | Comments you want to include |
| roleArn | Amazon Resource Name (ARN) of the role to assume |
| roleSessionName | Identifier for the assumed role session |
| roleSessionDuration | Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role) |
Context Output
| Path | Description |
| AWS.Route53.RecordSetsChange.Id | Request ID |
| AWS.Route53.RecordSetsChange.Status | Current state of the request. PENDING indicates that this request has not yet been applied to all Amazon Route 53 DNS servers |
| AWS.Route53.RecordSetsChange.Comment | A complex type that describes change information about changes made to your hosted zone |
Raw Output
{
"Id":"/change/CSDFSASDASDM",
"Status":"PENDING"
}
Wait for successful record state: aws-route53-waiter-resource-record-sets-changed
A waiter function that waits until the record state is successful (Created, Deleted, Upsert).
Command Example
!aws-route53-waiter-resource-record-sets-changed id=CM3UDCRD3ZYDSAF41
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:GetChange
Input
| Parameter | Description |
| id | ID of the change |
| waiterDelay | Amount of time, in seconds, to wait between attempts (default is 30) |
| waiterMaxAttempts | Maximum number of attempts to make (default is 60) |
Context Output
There is no context output for this command.
Raw Output
success
List all hosted zones: aws-route53-list-hosted-zones
Returns a list of all hosted zones in your Amazon Route 53 system.
Command Example
!aws-route53-list-hosted-zones
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:ListHostedZones
Input
| Parameter | Description |
| roleArn | Amazon Resource Name (ARN) of the role to assume |
| roleSessionName | Identifier for the assumed role session |
| roleSessionDuration | Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role) |
Context Output
| Path | Description |
| AWS.Route53.HostedZones.Id | Request ID |
| AWS.Route53.HostedZones.Name | Domain name |
| AWS.Route53.HostedZones.CallerReference | The value that you specified for CallerReference when you created the hosted zone |
| AWS.Route53.HostedZones.Config.Comment | Comments to include in the hosted zone |
| AWS.Route53.HostedZones.Config.PrivateZone | A value that indicates whether this is a private hosted zone. |
| AWS.Route53.HostedZones.ResourceRecordSetCount | The number of resource record sets in the hosted zone |
| AWS.Route53.HostedZones.LinkedService.ServicePrincipal | If the health check or hosted zone was created by another service, the service that created the resource |
| AWS.Route53.HostedZones.LinkedService.Description | If the health check or hosted zone was created by another service, an optional description that can be provided by the other service. |
Raw Output
[
{
"Id":"/hostedzone/Z3SDA392MSF6SFR6M5G9",
"Name":"example.com.",
"ResourceRecordSetCount":8
}
]
List all resource record sets: aws-route53-list-resource-record-sets
Returns a list of all resource record sets in your Amazon Route 53 system.
Command Example
!aws-route53-list-resource-record-sets hostedZoneId=Z33DFSDDFSDF6R6MDF5G9
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:ListResourceRecordSets
Input
| Parameter | Description |
| hostedZoneId | Hosted zone ID |
| startRecordName | The first name in the lexicographic ordering of resource record sets that you want to list |
| startRecordType | The type of resource record set to begin the record listing from |
| startRecordIdentifier | Weighted resource record sets only |
| roleArn | Amazon Resource Name (ARN) of the role to assume |
| roleSessionName | Identifier for the assumed role session |
| roleSessionDuration | Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role) |
Context Output
| Path | Description |
| AWS.Route53.RecordSets.Name | Domain name |
| AWS.Route53.RecordSets.Type | DNS record type |
| AWS.Route53.RecordSets.SetIdentifier | An identifier that differentiates among multiple resource record sets that have the same combination of DNS name and type |
| AWS.Route53.RecordSets.Weight | Weighted resource record sets only |
| AWS.Route53.RecordSets.Region | Latency-based resource record sets only |
| AWS.Route53.RecordSets.GeoLocation.ContinentCode | The two-letter code for the continent |
| AWS.Route53.RecordSets.GeoLocation.CountryCode | The two-letter code for the country |
| AWS.Route53.RecordSets.GeoLocation.SubdivisionCode | The code for the subdivision, for example, a state in the United States or a province in Canada |
| AWS.Route53.RecordSets.Failover | Failover resource record sets only |
| AWS.Route53.RecordSets.MultiValueAnswer | Multivalue answer resource record sets only |
| AWS.Route53.RecordSets.TTL | Resource record cache time to live (TTL), in seconds |
| AWS.Route53.RecordSets.ResourceRecords.Value | Current record value |
| AWS.Route53.RecordSets.AliasTarget.HostedZoneId | Alias resource record sets only |
| AWS.Route53.RecordSets.AliasTarget.DNSName | Alias resource record sets only |
| AWS.Route53.RecordSets.AliasTarget.EvaluateTargetHealth | Alias resource record sets only |
| AWS.Route53.RecordSets.HealthCheckId | ID of the applicable health check |
| AWS.Route53.RecordSets.TrafficPolicyInstanceId | ID of the traffic policy instance that Amazon Route 53 created this resource record set for |
Raw Output
[
{
"Name": "demistotest5.lab-demisto.com.",
"ResourceRecords": "192.168.1.1",
"TTL": 300,
"Type": "A"
},
{
"Name": "demistotest6.lab-demisto.com.",
"ResourceRecords": "192.168.1.1",
"TTL": 300,
"Type": "A"
}
]
Test a DNS answer: aws-route53-test-dns-answer
Tests a DNS answer.
Command Example
!aws-route53-test-dns-answer hostedZoneId=Z339SDF2MA6R6ADFSM5G9 recordName=testing2.example.com recordType=A
AWS IAM Policy Permission
Effect:
Allow
Action:
route53:TestDNSAnswer
Input
| Parameter | Description |
| HostedZoneId | Hosted zone ID |
| recordName | Name of the resource record set that you want Amazon Route 53 to simulate a query for |
| RecordType | Resource record set type |
| resolverIP | If you want to simulate a request from a specific DNS resolver, specify the IP address for that resolver. If you omit this value, TestDnsAnswer uses the IP address of a DNS resolver in the AWS US East (N. Virginia) Region (us-east-1 ) |
| roleArn | Amazon Resource Name (ARN) of the role to assume |
| roleSessionName | Identifier for the assumed role session |
| roleSessionDuration | Duration of the role session, in seconds (the value can range from 900 seconds to the maximum session duration set for the role) |
Context Output
| Path | Description |
| AWS.Route53.TestDNSAnswer.Nameserver | Amazon Route 53 name server used to respond to the request |
| AWS.Route53.TestDNSAnswer.RecordName | Name of the resource record set that you submitted a request for |
| AWS.Route53.TestDNSAnswer.RecordType | The type of the resource record set that you submitted a request for |
| AWS.Route53.TestDNSAnswer.ResponseCode | A list that contains values that Amazon Route 53 returned for this resource record set |
| AWS.Route53.TestDNSAnswer.Protocol | A code that indicates whether the request is valid or not |
| AWS.Route53.TestDNSAnswer.RecordData | The protocol that Amazon Route 53 used to respond to the request, either UDP or TCP |
Raw Output
{
"Nameserver":"ns-311.awsdns-38.com",
"Protocol":"UDP",
"RecordName":"testing2.example.com",
"RecordType":"A",
"ResponseCode":"NOERROR"
}