Last active
February 7, 2016 16:16
-
-
Save mbentley/d5da0bf962f050dd07ec to your computer and use it in GitHub Desktop.
le dnsapi plugin for AWS Route 53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Dependencies: | |
# - awscli see https://docs.aws.amazon.com/cli/latest/userguide/installing.html for installation instructions | |
# - jq typically found as the package 'jq' on most distros | |
# AWS API keys | |
#AWS_ACCESS_KEY_ID="" | |
#AWS_SECRET_ACCESS_KEY="" | |
# (Optional) Manually set the Hosted Zone (e.g. - example.com); this is required if your hosted zone has either a country code second level domain or a subdomain | |
#HOSTED_ZONE="" | |
# (Optional) Manually set the Hosted Zone ID (e.g. - Z3M3LMPEXAMPLE) | |
#ZONEID="" | |
catch_error() { | |
# print error | |
echo "ERROR: ${@}" | |
# cleanup tempfile if it exists | |
if [ -f "${TMPFILE}" ] | |
then | |
rm ${TMPFILE} | |
fi | |
# exit script | |
exit 1 | |
} | |
dns-r53-add() { | |
# save account keys | |
_saveaccountconf AWS_ACCESS_KEY_ID "${AWS_ACCESS_KEY_ID}" | |
_saveaccountconf AWS_SECRET_ACCESS_KEY "${AWS_SECRET_ACCESS_KEY}" | |
# make sure AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are set | |
if [ -z "${AWS_ACCESS_KEY_ID}" ] || [ -z "${AWS_SECRET_ACCESS_KEY}" ] | |
then | |
catch_error "Missing AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY" | |
fi | |
# DNS record to create/update | |
RECORDSET=${1} | |
# Record VALUE to set | |
VALUE=${2} | |
# Record TTL | |
TTL=60 | |
# Record comment | |
COMMENT="Auto updated by dns-r53 @ $(date)" | |
if [ -z "${RECORDSET}" ] | |
then | |
echo "Missing RECORDSET as first parameter" | |
exit 1 | |
fi | |
if [ -z "${VALUE}" ] | |
then | |
echo "Missing VALUE as second parameter" | |
exit 1 | |
fi | |
# check to see if a Hosted Zone ID was manually set | |
if [ -z "${ZONEID}" ] | |
then | |
# check to see if a HOSTED_ZONE was manually set | |
if [ -z "${HOSTED_ZONE}" ] | |
then | |
# get top and second level domain names so we can query for the Hosted Zone ID | |
# TODO: Fix this so that it works with a country code second level domains | |
HOSTED_ZONE=$(echo ${RECORDSET} | awk -F '.' '{print $(NF-1) "." $NF}') | |
fi | |
# verify we have a HOSTED_ZONE | |
if [ -z "${HOSTED_ZONE}" ] | |
then | |
catch_error "Failed to determine the HOSTED_ZONE" | |
fi | |
# get the Hosted Zone ID | |
echo "Getting Hosted Zone ID for ${HOSTED_ZONE}..." | |
ZONEID=$(AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \ | |
aws route53 list-hosted-zones |\ | |
jq -r '.HostedZones | .[] | select(.Name | contains("'${HOSTED_ZONE}'")) | .Id' |\ | |
awk -F '/' '{print $NF}') | |
# verify we received a ZONEID | |
if [ -z "${ZONEID}" ] | |
then | |
catch_error "Failed to retrive ZONEID for '${HOSTED_ZONE}'" | |
else | |
echo "Hosted Zone ID: ${ZONEID}" | |
fi | |
fi | |
echo "Updating TXT record for ${RECORDSET} to ${VALUE}" | |
# properly quote string for TXT value | |
VALUE='\"'${VALUE}'\"' | |
# Fill a temp file with valid JSON | |
TMPFILE=$(mktemp /tmp/temporary-file.XXXXXXXX) | |
cat > ${TMPFILE} << EOF | |
{ | |
"Comment": "${COMMENT}", | |
"Changes": [ | |
{ | |
"Action": "UPSERT", | |
"ResourceRecordSet": { | |
"ResourceRecords": [ | |
{ | |
"Value": "${VALUE}" | |
} | |
], | |
"Name": "${RECORDSET}", | |
"Type": "TXT", | |
"TTL": ${TTL} | |
} | |
} | |
] | |
} | |
EOF | |
# Update the Hosted Zone record | |
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \ | |
aws route53 change-resource-record-sets \ | |
--hosted-zone-id ${ZONEID} \ | |
--change-batch file://"${TMPFILE}" ||\ | |
catch_error "Failed to set TXT record" | |
# Clean up temp file | |
rm ${TMPFILE} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment