ddr53 provides a tool to update an Amazon Route53 resource record in the spirit of dyndns. I use this on a Ubiquiti EdgeLite router to maintain an entry for my external IP that runs in /etc/dhcp/dhclient-exit-hooks.d/
as a hook.
It uses the Amazon Go SDK (https://github.com/aws/aws-sdk-go) and relies on the credentials sourced by the SDK.
Dependencies
go get -u github.com/aws/aws-sdk-go/aws
or
gvt restore
QuickStart:
AWS_ACCESS_KEY_ID=xxx AWS_SECRET_ACCESS_KEY=zzz ddr53
--zoneid ZA9XF3OWSDQP1
--type A
--value 192.168.1.1
--fqdn foo.example.com
--ttl 300
Output:
2016/06/19 18:34:52 DynDnsRoute53 Tool v1.0
2016/06/19 18:34:52 Updating foo.example.com in ZA9XF3OWSDQP1 to 192.168.1.1 with type=A and ttl=300
2016/06/19 18:34:54 {
ChangeInfo: {
Id: "/change/C1RAZW3Y13BPG4",
Status: "PENDING",
SubmittedAt: 2016-06-20 01:34:53.975 +0000 UTC
}
}
Create a limited AWS IAM user and assign the policy below (changing the Hosted Zone ID) to limit the account.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/ZA9XF3OWSDQP1"
]
}
]
}
Example /etc/dhcp/dhclient-exit-hooks.d/ script
user@host:/etc/dhcp/dhclient-exit-hooks.d
> cat dyndns-route53.sh
#!/bin/bash
IP="$(/sbin/ifconfig eth0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}')"
echo $IP
AWS_ACCESS_KEY_ID=key AWS_SECRET_ACCESS_KEY=secret /config/scripts/ddr53 --zoneid ZA9XF3OWSDQP1 --type A --value ${IP} --fqdn foo.example.com >> /var/log/ddr53.log 2>&1
logger ${0##*/}: 'dyndns-route53 attempted to update foo.example.com to ' $IP