Route 53 是否指向实例而不是 IP 或 CNAME？

Question

We're using Route 53 DNS to point to an EC2 instance. Is there any way to get Route 53 to point to the instance directly, instead of to an Elastic IP or CNAME?

I have multiple reasons for this:

1. I don't want to burn an IP.

2. CNAMEs are unreliable, because if an instance goes down and comes back up, the full name, ec2-XXXX.compute-1.amazonaws.com, will change.

3. In the future, I need to spin up instances programmatically and address them with a subdomain, and I see no easy way to do this with either elastic IPs or CNAMEs.

What's the best approach?

Answer 1

I wrote my own solution to this problem since I was unhappy with other approaches that were presented here. Using Amazon CLI tools is nice, but they IMHO tend to be slower than direct API calls using other Amazon API libraries (Ruby for example).

Here's a link to my AWS Route53 DNS instance update Gist. It contains an IAM policy and a Ruby script. You should create a new user in IAM panel, update it with the attached policy (with your zone id in it) and set the credentials and parameters in the Ruby script. First parameter is the hostname alias for your instance in your hosted zone. Instance's private hostname is aliased to <hostname>.<domain> and instance's public hostname is aliased to <hostname>-public.<domain>

UPDATE : Here's a link to AWS Route53 DNS instance update init.d script registering hostnames when instance boots. Here's another one if want to use AWS Route53 DNS load-balancing in similar fashion.

Answer 2

If you stick to using route53, you can make a script that updates the CNAME record for that instance everytime it reboots.

see this -> http://cantina.co/automated-dns-for-aws-instances-using-route-53/ (disclosure, i did not create this, though i used it as a jumping point for a similar situation)

better yet, because you mentioned being able to spin up instances programmatically, this approach should guide you to that end.

see also -> http://docs.pythonboto.org/en/latest/index.html

Answer 3

Using a combination of Cloudwatch, Route53 and Lambda is also an option if you host at a least part of your dns in Route53. The advantage of this is that you don't need any applications running on the instance itself.

To use this this approach you configure a Cloudwatch rule to trigger a Lambda function whenever the status of an EC2 instance changes to running. The Lambda function can then retrieve the public ip address of the instance and update the dns record in Route53.

The Lambda could look something like this (using Node.js runtime):

var AWS = require('aws-sdk');

var ZONE_ID = 'Z1L432432423';
var RECORD_NAME = 'testaws.domain.tld';
var INSTANCE_ID = 'i-423423ccqq';

exports.handler = (event, context, callback) => {
    var retrieveIpAddressOfEc2Instance = function(instanceId, ipAddressCallback) {
        var ec2 = new AWS.EC2();

        var params = {
                InstanceIds: [instanceId]
        };

        ec2.describeInstances(params, function(err, data) {
            if (err) {
                callback(err);                
            } else {
                ipAddressCallback(data.Reservations[0].Instances[0].PublicIpAddress);
            }            
        });
    }

    var updateARecord = function(zoneId, name, ip, updateARecordCallback) {
        var route53 = new AWS.Route53();

        var dnsParams = {
                ChangeBatch: {
                    Changes: [
                        {
                            Action: "UPSERT", 
                            ResourceRecordSet: {
                                Name: name, 
                                ResourceRecords: [
                                    {
                                        Value: ip
                                    }
                                    ], 
                                    TTL: 60, 
                                    Type: "A"
                            }
                        }
                        ], 
                        Comment: "updated by lambda"
                },
                HostedZoneId: zoneId
        };

        route53.changeResourceRecordSets(dnsParams, function(err, data) {
            if (err) {
                callback(err, data);
            } else {
                updateARecordCallback();
            }            
        });
    }

    retrieveIpAddressOfEc2Instance(INSTANCE_ID, function(ip) {
        updateARecord(ZONE_ID, RECORD_NAME, ip, function() {
            callback(null, 'record updated with: ' + ip);
        });
    });
}

You will need to execute the Lambda with a role that has permissions to describe EC2 instances and update records in Route53.

Answer 4

With Route 53 you can create alias records that map to an Elastic Load Balancer (ELB):

http://docs.amazonwebservices.com/Route53/latest/DeveloperGuide/HowToAliasRRS.html

Answer 5

I've not tried on aws EC2 instance but it should work too. I've written a small Java program that detect the public IP of the machine and update a certain record on aws route 53.

The only requirement is that you need Java installed on your EC2 instance.

The project is hosted on https://github.com/renatodelgaudio/awsroute53 and you are also free to modify it in case you need it

You could configure it to run at boot time or as a crontab job so that your record get updated with the new public IP following instructions similar to these Linux manual installation steps

Answer 6

I used this cli53 tool to let an EC2 instance create an A record for itself during startup.

https://github.com/barnybug/cli53

I added file following lines to my rc.local (please check your linux calls this script during startup):

IP=$(curl http://169.254.169.254/latest/meta-data/public-ipv4)
/usr/local/bin/cli53 rrcreate example.com "play 30 A $IP" --wait --replace

It creates an A record play.example.com pointing to the current public IP of the EC2 instance.

You need to assign a IAM role to EC2 instance, which allows the instance to manipulate Route 53. In the simplest case just create a IAM role using a predefined policy AmazonRoute53FullAccess . Then assign this role to the EC2 instance.

Answer 7

Assuming the EC2 instance has the aws command configured with proper permissions, the following shell script does it:

#!/bin/bash
IP=$(curl http://169.254.169.254/latest/meta-data/public-ipv4)
PROFILE="dnsuserprofile"
ZONE="XXXXXXXXXXXXXXXXXXXXX"
DOMAIN="my.domain.name"
TMPFILE="/tmp/updateip.json"
cat << EOF > $TMPFILE
{
  "Comment": "Updating instance IP address",
  "Changes": [
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "$DOMAIN",
        "Type": "A",
        "TTL": 300,
        "ResourceRecords": [
          {
            "Value": "$IP"
          }
        ]
      }
    }
  ]
}
EOF
aws route53 change-resource-record-sets --profile $PROFILE --hosted-zone-id $ZONE --change-batch file://$TMPFILE > /dev/null && \
rm $TMPFILE

Set that script to run on reboot, for example in cron:

@reboot /home/ec2-user/bin/updateip

The IAM policy can be as narrow as:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "route53:ChangeResourceRecordSets",
            "Resource": "arn:aws:route53:::hostedzone/XXXXXXXXXXXXXXXXXXXXX"
        }
    ]
}