AWS Route53 transfer

AWS Route 53 hosted zone transfer to another account using CLI

Tweet
Share
Share
Pin

In this tutorial, we are going to migrate zone records of Route 53 to another AWS account. This can be handy when there are many zone records and manually creating them in another account takes a long time and could be easily error prone. This is why we are going to use the AWS CLI to speed up the process which can be completed in few seconds!

Requirements

  • AWS CLI configured with two profiles. (You should be able to switch profiles)
    • The two profiles should have permissions to manage Route53 records.

Step 1:

Download the hosting zone records of the current account.

1
aws route53 list-resource-record-sets --hosted-zone-id zone-id > zone.json

Replace zone-id with the ID of the zone you want to transfer to.

Zone-ID can be found on the AWS Route53 “Hosted zones” dashboard.

Step 2

Now that we have downloaded the zone file, we need to make a few changes to it so that it can be uploaded to the other account.

The changes are:

  1. Delete the following records from the downloaded file.
    • MaxItems
    • IsTruncated
    • NS – When you create a zone record a nameserver is created.
    • SOA – Same as NS, an SOA is created when a zone record is created.
  2. Add “Changes” element. (this is required!)
  3. Add an “Action” element. The value could be any of the below:
    1. CREATE – the record is created, if it exists the operation fails.
    2. DELETE – the record is deleted.
    3. UPSERT – recordset is created, if it does not exist it is created.
  4. Add “ResourceRecordSet“.

Example

We have all our settings under “CHANGES” and each configuration has an ACTION key.

{
    "Comment": "string",
    "Changes": [
        {
            "Action": "CREATE",
            "ResourceRecordSet":{
                "ResourceRecords": [
                    {
                        "Value": "45.69.239.69"
                    }                    
                ], 
                "Type": "A", 
                "TTL": 300
            }
        },
        {
            "Action": "UPSET",
            "ResourceRecords": [
                    {
                     "Value": "_4qweqwe123123127dd98dd86.wqeq.we."
                    }
                ],
                "Type": "CNAME",
                "Name": "_123123sdf32.infinitypp.com."
            }
        }
    ]
}

Step 3:

Now that we have the updated zone file, we need to create the records in the other account.
This can be accomplished using the “change-resource-record-sets” command of route53.

To switch the AWS CLI profile, pass the profile as a parameter to –profile.

aws route53 change-resource-record-sets --hosted-zone-id 1239qweqw21 --change-batch file://zone.json --profile demo2

It is a good practice to compare the records.

AWS CLI provides many options that can ease the management of ROUTE 53 operations. Many of the AWS CLI operations can be implemented in Ansible.

Tweet
Share
Share
Pin