No commit activity in last 3 years
No release in over 3 years
Route 53 DNS provider plugin for Foreman's smart proxy
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

Runtime

 Project Readme

Route 53 smart proxy plugin

Build Status

This plugin adds a new DNS provider for managing records in Amazon's Route 53 service.

Installation

See How_to_Install_a_Smart-Proxy_Plugin for how to install Smart Proxy plugins

Compatibility

Smart Proxy Version Plugin Version
>= 1.10, < 1.11 ~> 1.0
>= 1.11, < 1.13 ~> 2.0
>= 1.13, < 1.15 ~> 3.0
>= 1.15 ~> 4.0

Configuration

To enable this DNS provider, edit /etc/foreman-proxy/settings.d/dns.yml and set:

:use_provider: dns_route53

You will need an active Amazon Web Services account and to create a new IAM account with access to manage Route 53 for the Smart Proxy plugin to work.

Configuration options for this plugin are in /etc/foreman-proxy/settings.d/dns_route53.yml and include:

  • :aws_access_key: "ABCDEF123456" - set to be the Access Key ID of the IAM account
  • :aws_secret_key: "ABCDEF123456!@#$" - set to be the Secret Access Key of the IAM account

IAM policy

The IAM account must have the following actions associated via a policy:

  • route53:ListHostedZones (all resources)
  • route53:ChangeResourceRecordSets (on all zones being managed)
  • route53:ListResourceRecordSets (on all zones being managed)

An example policy document follows:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1485852222000",
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones"
            ],
            "Resource": "*"
        },
        {
            "Sid": "Stmt1485852222001",
            "Effect": "Allow",
            "Action": [
                "route53:ChangeResourceRecordSets",
                "route53:ListResourceRecordSets"
            ],
            "Resource": [
                "arn:aws:route53:::hostedzone/Z1HNC9XBMDGFH9",
                "arn:aws:route53:::hostedzone/Z2MCBLVJI24XOO",
                "arn:aws:route53:::hostedzone/Z5H8WZ62ARI5V"
            ]
        }
    ]
}

Contributing

Fork and send a Pull Request. Thanks!

Integration test

The integration test runs against the AWS Route 53 API, so requires IAM credentials. To run it locally, set up an IAM policy with actions described above, plus the route53:GetHostedZone action.

Three zones must also be set up - a forward, reverse IPv4 and reverse IPv6 zone. The names do not matter. All records will be deleted in these zones when running the test, so do not use the zones for any other purpose.

Export the following environment variables:

  • AWS_ACCESS_KEY, AWS_SECRET_KEY - per regular plugin configuration
  • AWS_FORWARD_ZONE, AWS_REVERSE_V4_ZONE, AWS_REVERSE_V6_ZONE - zone names that will be under complete control of the test suite

Copyright

Copyright (c) 2015 Daniel Maraio, Sol Cates, Red Hat Inc. and other contributors

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.