le dnsapi plugin for AWS Route 53

dns-r53.sh

#!/bin/bash

# Dependencies:
#  - awscli     see https://docs.aws.amazon.com/cli/latest/userguide/installing.html for installation instructions
#  - jq         typically found as the package 'jq' on most distros

# AWS API keys
#AWS_ACCESS_KEY_ID=""
#AWS_SECRET_ACCESS_KEY=""

# (Optional) Manually set the Hosted Zone (e.g. - example.com); this is required if your hosted zone has either a country code second level domain or a subdomain
#HOSTED_ZONE=""

# (Optional) Manually set the Hosted Zone ID (e.g. - Z3M3LMPEXAMPLE)
#ZONEID=""

catch_error() {
  # print error
  echo "ERROR: ${@}"

  # cleanup tempfile if it exists
  if [ -f "${TMPFILE}" ]
  then
    rm ${TMPFILE}
  fi

  # exit script
  exit 1
}

dns-r53-add() {
  # save account keys
  _saveaccountconf AWS_ACCESS_KEY_ID "${AWS_ACCESS_KEY_ID}"
  _saveaccountconf AWS_SECRET_ACCESS_KEY "${AWS_SECRET_ACCESS_KEY}"

  # make sure AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are set
  if [ -z "${AWS_ACCESS_KEY_ID}" ] || [ -z "${AWS_SECRET_ACCESS_KEY}" ]
  then
    catch_error "Missing AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY"
  fi

  # DNS record to create/update
  RECORDSET=${1}

  # Record VALUE to set
  VALUE=${2}

  # Record TTL
  TTL=60

  # Record comment
  COMMENT="Auto updated by dns-r53 @ $(date)"

  if [ -z "${RECORDSET}" ]
  then
    echo "Missing RECORDSET as first parameter"
    exit 1
  fi

  if [ -z "${VALUE}" ]
  then
    echo "Missing VALUE as second parameter"
    exit 1
  fi

  # check to see if a Hosted Zone ID was manually set
  if [ -z "${ZONEID}" ]
  then
    # check to see if a HOSTED_ZONE was manually set
    if [ -z "${HOSTED_ZONE}" ]
    then
      # get top and second level domain names so we can query for the Hosted Zone ID
      # TODO: Fix this so that it works with a country code second level domains
      HOSTED_ZONE=$(echo ${RECORDSET} | awk -F '.' '{print $(NF-1) "." $NF}')
    fi

    # verify we have a HOSTED_ZONE
    if [ -z "${HOSTED_ZONE}" ]
    then
      catch_error "Failed to determine the HOSTED_ZONE"
    fi

    # get the Hosted Zone ID
    echo "Getting Hosted Zone ID for ${HOSTED_ZONE}..."
    ZONEID=$(AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \
      aws route53 list-hosted-zones |\
      jq -r '.HostedZones | .[] | select(.Name | contains("'${HOSTED_ZONE}'")) | .Id' |\
      awk -F '/' '{print $NF}')

    # verify we received a ZONEID
    if [ -z "${ZONEID}" ]
    then
      catch_error "Failed to retrive ZONEID for '${HOSTED_ZONE}'"
    else
     echo "Hosted Zone ID: ${ZONEID}"
    fi
  fi

  echo "Updating TXT record for ${RECORDSET} to ${VALUE}"

  # properly quote string for TXT value
  VALUE='\"'${VALUE}'\"'

  # Fill a temp file with valid JSON
  TMPFILE=$(mktemp /tmp/temporary-file.XXXXXXXX)
  cat > ${TMPFILE} << EOF
{
  "Comment": "${COMMENT}",
  "Changes": [
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "ResourceRecords": [
          {
            "Value": "${VALUE}"
          }
        ],
        "Name": "${RECORDSET}",
        "Type": "TXT",
        "TTL": ${TTL}
      }
    }
  ]
}
EOF

  # Update the Hosted Zone record
  AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \
    aws route53 change-resource-record-sets \
    --hosted-zone-id ${ZONEID} \
    --change-batch file://"${TMPFILE}" ||\
    catch_error "Failed to set TXT record"

  # Clean up temp file
  rm ${TMPFILE}
}