managing your dns in route53 across multiple accounts should be easy.
tooling to make managing your dns in route53 across multiple accounts simple and easy using libaws.
go install github.com/nathants/libaws@latest
export PATH=$PATH:$(go env GOPATH)/bin
or use the dockerfile
clone this repo, and setup a new private remote. you will version your dns data here. you probably don't want this on public github.
setup your credentials using: libaws creds-add -h
you can now list all your credentials with: libaws creds-ls
pull all your dns records across all accounts with: bash bin/pull.sh
commit this initial data.
your repo now looks like:
>> tree
├── accounts
│ ├── work-prod
│ │ └── dns.txt
│ ├── work-staging
│ │ └── dns.txt
│ ├── work-scratch
│ │ └── dns.txt
│ ├── personal-prod
│ │ └── dns.txt
│ └── personal-scratch
│ └── dns.txt
└── bin
├── ensure_all.sh
├── ensure.sh
├── preview_all.sh
├── preview.sh
└── pull.sh
the dns.txt files contain entries created by route53-ls that look like:
example.com example.com Type=A TTL=60 Value=1.1.1.1 Value=2.2.2.2
example.com cname.example.com Type=CNAME TTL=60 Value=about.us-west-2.domain.example.com
example.com alias.example.com Type=Alias Value=d-XXX.execute-api.us-west-2.amazonaws.com HostedZoneId=XXX
you can now modify or add entires to these files, and deploy them.
you could make a change like:
>> git diff
diff --git a/accounts/work-prod/dns.txt b/accounts/work-prod/dns.txt
index 4b959e4..67415b7 100644
--- a/accounts/work-prod/dns.txt
+++ b/accounts/work-prod/dns.txt
@@ -1,4 +1,4 @@
-example.com foo.example.com Type=CNAME TTL=300 Value=bar
+example.com foo.example.com Type=CNAME TTL=300 Value=barr
to preview those changes, use bash bin/preview_all.sh or bash bin/preview.sh work-prod, which looks like:
>> bash bin/preview_all.sh
preview dns: work-prod
lib/route53.go:258: preview: route53 update Values for foo.example.com: ["bar"] => ["barr"]
preview dns: work-staging
preview dns: work-scratch
preview dns: personal-prod
preview dns: personal-scratch
no output means no changes.
to deploy those changes using route53-ensure-record, use bash bin/ensure_all.sh or bash bin/ensure.sh work-prod, which looks like:
>> bash bin/ensure_all.sh
ensure dns: work-prod
lib/route53.go:258: route53 update Values for foo.example.com: ["bar"] => ["barr"]
lib/route53.go:284: route53 updated record: foo.example.com
ensure dns: work-staging
ensure dns: work-scratch
ensure dns: personal-prod
ensure dns: personal-scratch
like all the ensure functions in libaws, ensure creates or updates infrastructure as needed, but does not remove it.
to delete a record, remove it from its dns.txt:
>> git diff
diff --git a/accounts/dns/dns.txt b/accounts/dns/dns.txt
index 4b959e4..dd68522 100644
--- a/accounts/work-prod/dns.txt
+++ b/accounts/work-prod/dns.txt
@@ -1,4 +1,3 @@
-example.com foo.example.com Type=CNAME TTL=300 Value=barr
then preview the delete using route53-rm-record:
>> libaws route53-rm-record --preview example.com foo.example.com Type=CNAME TTL=300 Value=barr
lib/route53.go:85: preview: route53 deleted record foo.example.com: TTL=300 Type=CNAME Value=barr
then perform the delete using route53-rm-record:
>> libaws route53-rm-record example.com foo.example.com Type=CNAME TTL=300 Value=barr
lib/route53.go:85: route53 deleted record foo.example.com: TTL=300 Type=CNAME Value=barr
add pull.sh to your crontab to keep track of changes to your dns:
0 15 * * * bash -c 'cd ~/repos/aws-ensure-route53 && bash bin/pull.sh'
when you notice uncommited changes in git status, you can either commit them, or investigate them. foo likely should not be barr.