Skip to content
Python utlity to register an EC2 instance's hostname in Route 53
Python
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
LICENSE.md
README.md
ec2ddns.py
ec2ddns.spec

README.md

ec2ddns

Python utlity to register an EC2 instance's hostname in Route 53.

Usage

Register an instance:

/usr/bin/python /usr/sbin/ec2ddns.py -k ${AWS_KEY} -s ${AWS_SECRET} ${DESIRE_HOSTNAME} ${PUBLIC_HOSTNAME}

Unregister an instance:

/usr/bin/python /usr/sbin/ec2ddns.py -k ${AWS_KEY} -s ${AWS_SECRET} ${DESIRE_HOSTNAME} --delete

IAM policy

Create a new IAM user and policy using Fog:

require 'fog'
require 'pp'

@username = "ec2ddns"
@zone_id  = "XXX"

iam   = Fog::AWS::IAM.new()
user  = iam.create_user(@username)
keys  = iam.create_access_key("UserName" => @username)

pp keys.body["AccessKey"]
access_key_id     = keys.body["AccessKey"]["AccessKeyId"]
secret_access_key = keys.body["AccessKey"]["SecretAccessKey"]

policy_statement = {
  "Statement" => [
    {
      "Effect" => "Allow",
      "Action" => ["route53:ListHostedZones"],
      "Resource" => "*"
    },
    {
      "Effect" => "Allow",
      "Action" => [
         "route53:GetHostedZone",
         "route53:ListResourceRecordSets",
         "route53:ChangeResourceRecordSets"
       ],
      "Resource" => "arn:aws:route53:::hostedzone/" + @zone_id
    },
    {
      "Effect" => "Allow",
      "Action" => ["route53:GetChange"],
      "Resource" => "arn:aws:route53:::change/*"
    }
  ]
}

iam.put_user_policy(@username, @username, policy_statement)

TODO

  • Use ~/.boto credentials or user-data directly if not provided by CLI args.
  • Better logging.
  • Restrict record types to A|CNAME when deleting conflicting records?
  • Store SSH fingerprints in DNS.
  • Better permissions or logic for deletion of other records:
    • If another machine legitimately has that hostname.
    • Malicious deletion of another instance's record.
Something went wrong with that request. Please try again.