Deputy53

Overview

deputy53 is a commandline tool to delegate control of a subdomain to another hosted zone, and optionally grant control of that subdomain to an IAM user.

Rationale

It is often useful to allow a user or group of users limited access to DNS records. However, Route53 does not support granular access to a partial record set for a zone.

One solution to this is to create an additional zone, and delegate to that zone for a subset of records (a subdomain, for instance).

This process is cumbersome, and therefore prone to human error. deputy53 simplifies this process.

Installation

gem install deputy53

Usage

Delegate a subdomain to a new hosted zone

deputy53 delegate <subdomain>

Assign control of a subdomain to an IAM entity

If identity is omitted, it will be inferred from the subdomain.

deputy53 assign <subdomain> [identity]

Generate a policy granting control of this zone

If you need to review or modify the policy generated by deputy53, the policy command will dump it to STDOUT in a format suitable for use with tools such as awscli or piranha.

deputy53 policy <subdomain>

License

deputy53 is available under the MIT License. See LICENSE.txt for the full text.

Contributors

• Chris Olstrom | e-mail | Twitter