github.com/philhug/dnscontrol@v0.2.4-0.20180625181521-921fa9849001/docs/_providers/route53.md (about) 1 --- 2 name: Route 53 3 layout: default 4 jsId: ROUTE53 5 --- 6 # Amazon Route 53 Provider 7 8 ## Configuration 9 You can specify the API credentials in the credentials json file: 10 11 {% highlight json %} 12 { 13 "r53_main":{ 14 "KeyId": "your-aws-key", 15 "SecretKey": "your-aws-secret-key" 16 } 17 } 18 {% endhighlight %} 19 20 You can also use environment variables, but this is discouraged, unless your environment provides them already. 21 22 ``` 23 $ export AWS_ACCESS_KEY_ID=XXXXXXXXX 24 $ export AWS_SECRET_ACCESS_KEY=YYYYYYYYY 25 ``` 26 27 You can find some other ways to authenticate to Route53 in the [go sdk configuration](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html). 28 29 ## Metadata 30 This provider does not recognize any special metadata fields unique to route 53. 31 32 ## Usage 33 Example Javascript: 34 35 {% highlight js %} 36 var REG_NONE = NewRegistrar('none','NONE'); 37 var R53 = NewDnsProvider('r53_main', 'ROUTE53'); 38 39 D('example.tld', REG_NONE, DnsProvider(R53), 40 A('test','1.2.3.4') 41 ); 42 {%endhighlight%} 43 44 ## Activation 45 DNSControl depends on a standard [AWS access key](https://aws.amazon.com/developers/access-keys/) with permission to list, create and update hosted zones. 46 47 ## New domains 48 If a domain does not exist in your Route53 account, DNSControl will *not* automatically add it with the `create-domains` command. You can do that either manually via the control panel, or via the command `dnscontrol create-domains` command. 49 50 ## Caveats 51 This code may not function properly if a domain has R53 as a Registrar 52 but not as a DnsProvider. The situation is described in 53 [PR#155](https://github.com/StackExchange/dnscontrol/pull/155). 54 55 In this situation you will see a message like: 56 57 ``` 58 ----- Registrar: r53_main 59 Error getting corrections: AccessDeniedException: User: arn:aws:iam::868399730840:user/dnscontrol is not authorized to perform: route53domains:GetDomainDetail 60 status code: 400, request id: 48b534a1-7902-11e7-afa6-a3fffd2ce139 61 Done. 1 corrections. 62 ``` 63 64 If this happens to you, we'd appreciate it if you could help us fix the code. In the meanwhile, you can give the account additional IAM permissions so that it can do DNS-related actions, or simply use `NewRegistrar(..., 'NONE')` for now. 65 66 ## Error messages 67 68 ### Creds key mismatch 69 70 ``` 71 $ dnscontrol preview 72 Creating r53 dns provider: NoCredentialProviders: no valid providers in chain. Deprecated. 73 For verbose messaging see aws.Config.CredentialsChainVerboseErrors 74 ``` 75 76 This means that the creds.json entry isn't found. Either there is no entry, or the entry name doesn't match the first parameter in the `NewDnsProvider()` call. In the above example, note 77 that the string `r53_main` is specified in `NewDnsProvider('r53_main', 'ROUTE53')` and that is the exact key used in the creds file above. 78 79 ### Invalid KeyId 80 81 ``` 82 $ dnscontrol preview 83 Creating r53_main dns provider: InvalidClientTokenId: The security token included in the request is invalid. 84 status code: 403, request id: 8c006a24-e7df-11e7-9162-01963394e1df 85 ``` 86 87 This means the KeyId is unknown to AWS. 88 89 ### Invalid SecretKey 90 91 ``` 92 $ dnscontrol preview 93 Creating r53_main dns provider: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. 94 status code: 403, request id: 9171d89a-e7df-11e7-8586-cbea3ea4e710 95 ``` 96 97 This means the SecretKey is incorrect. It may be a quoting issue.