route-53

Registering a Domain with Amazon Route 53 via CLI

Register a domain with Amazon Route 53 via CLI is very straightforward, the only complicate thing is to generate the acceptable JSON structure, then somehow enter the JSON string in the command line without meddling from the shell.

The command is:

1
$ aws route53domains register-domain

The documentation can be found from the AWS CLI Command Reference or issuing:

1
$ aws route53domains register-domain help

Most the command line options require simple string values, but some options like --admin-contact requires a structure data, which is complex to enter in the command line. The easiest way is to forget all other options and use --cli-input-json to get everything in JSON.

First let’s generate the skeleton or template to use:

1
$ aws route53domains register-domain --generate-cli-skeleton

That should output something like:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
{
    "DomainName": "",
    "IdnLangCode": "",
    "DurationInYears": 0,
    "AutoRenew": true,
    "AdminContact": {
        "FirstName": "",
        "LastName": "",
        "ContactType": "",
        "OrganizationName": "",
        "AddressLine1": "",
        "AddressLine2": "",
        "City": "",
        "State": "",
        "CountryCode": "",
        "ZipCode": "",
        "PhoneNumber": "",
        "Email": "",
        "Fax": "",
        "ExtraParams": [
            {
                "Name": "",
                "Value": ""
            }
        ]
    },
    "RegistrantContact": {
        "FirstName": "",
        "LastName": "",
        "ContactType": "",
        "OrganizationName": "",
        "AddressLine1": "",
        "AddressLine2": "",
        "City": "",
        "State": "",
        "CountryCode": "",
        "ZipCode": "",
        "PhoneNumber": "",
        "Email": "",
        "Fax": "",
        "ExtraParams": [
            {
                "Name": "",
                "Value": ""
            }
        ]
    },
    "TechContact": {
        "FirstName": "",
        "LastName": "",
        "ContactType": "",
        "OrganizationName": "",
        "AddressLine1": "",
        "AddressLine2": "",
        "City": "",
        "State": "",
        "CountryCode": "",
        "ZipCode": "",
        "PhoneNumber": "",
        "Email": "",
        "Fax": "",
        "ExtraParams": [
            {
                "Name": "",
                "Value": ""
            }
        ]
    },
    "PrivacyProtectAdminContact": true,
    "PrivacyProtectRegistrantContact": true,
    "PrivacyProtectTechContact": true
}

Fill in the fields, leave out the ones not needed:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{
    "DomainName": "example.com",
    "DurationInYears": 1,
    "AutoRenew": true,
    "AdminContact": {
        "FirstName": "Joe",
        "LastName": "Doe",
        "ContactType": "PERSON",
        "AddressLine1": "101 Main St",
        "City": "New York",
        "State": "NY",
        "CountryCode": "US",
        "ZipCode": "10001",
        "PhoneNumber": "+1.8888888888",
        "Email": "[email protected]"
    },
    "RegistrantContact": {
        "FirstName": "Joe",
        "LastName": "Doe",
        "ContactType": "PERSON",
        "AddressLine1": "101 Main St",
        "City": "New York",
        "State": "NY",
        "CountryCode": "US",
        "ZipCode": "10001",
        "PhoneNumber": "+1.8888888888",
        "Email": "[email protected]"
    },
    "TechContact": {
        "FirstName": "Joe",
        "LastName": "Doe",
        "ContactType": "PERSON",
        "AddressLine1": "101 Main St",
        "City": "New York",
        "State": "NY",
        "CountryCode": "US",
        "ZipCode": "10001",
        "PhoneNumber": "+1.8888888888",
        "Email": "[email protected]"
    },
    "PrivacyProtectAdminContact": true,
    "PrivacyProtectRegistrantContact": true,
    "PrivacyProtectTechContact": true
}

Now let’s register by running through jq to clean up extra blanks and end of line characters, and then pipe to xargs command by using new line character as the delimiter instead of a blank by default:

1
2
3
4
5
$ cat input.json | jq -cM . | \
  xargs -d '\n' aws route53domains register-domain --cli-input-json
{
    "OperationId": "00000000-0000-0000-0000-00000000000"
}

Use CNAME for Resovling Private and Public IP Address in Amazon EC2

“A security group acts as a virtual firewall that controlls the traffic for one or more instances.” 1 The Amazon EC2 Security Groups are not just capable controlling traffic from an IP address, but also from all EC2 instances belong to a specific security group. I want to allow an instance belonging to one security group to access an instance belongs to another security group via a custom domain name (subdomain.example.com).

But when I configured the subdomain via Amazon Route 53, I have misconfigured it by assigning a A record, an IP address or the Elastic IP address of the instance. I should have used CNAME, and assigned the public DNS (the public hostname of the EC2 instance).

Amazon Route 53 via Command Line

Retrieve a list of hosted zones:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
$ aws route53 list-hosted-zones          
{
  "HostedZones": [
    {
        "ResourceRecordSetCount": 4,
        "CallerReference": "12345678-ABCD-EFGH-IJKL-ABCDEFGHIJKL",
        "Config": {},
        "Id": "/hostedzone/1234567890ABC",
        "Name": "realguess.net."
    }
  ], 
  "IsTruncated": false, 
  "MaxItems": "100"
}

Get a single hosted zone with delegation set (four Route 53 name servers that were assigned to the hosted zone):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
$ aws route53 get-hosted-zone --id 1234567890ABC
{
  "HostedZone": {
    "ResourceRecordSetCount": 4,
    "CallerReference": "12345678-ABCD-EFGH-IJKL-ABCDEFGHIJKL",
    "Config": {},
    "Id": "/hostedzone/1234567890ABC",
    "Name": "realguess.net."
  },
  "DelegationSet": {
    "NameServers": [
      "ns-1727.awsdns-23.co.uk",
      "ns-1312.awsdns-36.org",
      "ns-402.awsdns-50.com",
      "ns-587.awsdns-09.net"
    ]
  }
}

List all resource record sets in a hosted zone:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
$ aws route53 list-resource-record-sets --hosted-zone-id 1234567890ABC
{
  "IsTruncated": false,
  "ResourceRecordSets": [
    {
      "ResourceRecords": [
        {
          "Value": "192.168.153.123"
        }
      ],
      "Type": "A",
      "Name": "realguess.net.",
      "TTL": 172800
    },
    {
      "ResourceRecords": [
        {
          "Value": "ns-1727.awsdns-23.co.uk."
        },
        {
          "Value": "ns-1312.awsdns-36.org."
        },
        {
          "Value": "ns-402.awsdns-50.com."
        },
        {
          "Value": "ns-587.awsdns-09.net."
        }
      ], 
      "Type": "NS",
      "Name": "realguess.net.",
      "TTL": 172800
    }, 
    {
      "ResourceRecords": [
        {
          "Value": "ns-1727.awsdns-23.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"
        }
      ], 
      "Type": "SOA",
      "Name": "realguess.net.",
      "TTL": 900
    },
    {
      "ResourceRecords": [
        {
          "Value": "192.168.153.123"
        }
      ],
      "Type": "A",
      "Name": "www.realguess.net.",
      "TTL": 86400
    }
  ],
  "MaxItems": "100"
}

Retrieve a single record set:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
$ aws route53 list-resource-record-sets --hosted-zone-id 1234567890ABC \
  --start-record-name www.realguess.net --start-record-type A --max-items 1
{
  "IsTruncated": false,
  "ResourceRecordSets": [
    {
      "ResourceRecords": [
        {
          "Value": "192.168.153.123"
        }
      ],
      "Type": "A",
      "Name": "www.realguess.net.",
      "TTL": 86400
    }
  ],
  "MaxItems": "1"
}

In order to create a new record set, first create a JSON file to describe the new record:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
{
  "Comment": "A new record set for the zone.",
  "Changes": [
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "api.realguess.net.",
        "Type": "CNAME",
        "TTL": 60,
        "ResourceRecords": [
          {
            "Value": "www.realguess.net"
          }
        ]
      }
    }
  ]
}

Add a new record set (note that the JSON file must use file:// starting path):

1
2
3
4
5
6
7
8
9
10
$ aws route53 change-resource-record-sets --hosted-zone-id 1234567890ABC \
  --change-batch file:///path/to/record.json
{
  "ChangeInfo": {
    "Status": "PENDING",
    "Comment": "A new record set for the zone.",
    "SubmittedAt": "2013-12-06T00:00:00.000Z",
    "Id": "/change/CHANGEID123"
  }
}

The status of adding the new record is currently pending. Poll the server to get the updated status:

1
2
3
4
5
6
7
8
9
$ aws route53 get-change --id CHANGEID123
{
  "ChangeInfo": {
    "Status": "INSYNC",
    "Comment": "A new record set for the zone.",
    "SubmittedAt": "2013-12-06T00:00:00.000Z",
    "Id": "/change/CHANGEID123"
  }
}

A new record has been created and has been propagated to all hosts.