In this post, we are going to see how to add and remove records in AWS route53 DNS using ansible.
If you are an AWS architect or a developer/devops executive managing your infrastructure hosted in AWS. you might have used the AWS route53 DNS web service. with route53 you can create private and public domain name services.
For example, If you want to have your entire infrastructure servers to have their internally available domain names like server1.gritfy.infra , server2.gritfy.infra and you can also use route53 as your DNS server for your publically available sites like gritfy.com and devopsjunction.com
we use AWS management console for these tasks usually. But using the AWS management console often is not a secure and efficient way. Here comes ansible an efficient automation tool to take care of your provisioning and configuration management tasks.
Configure Ansible to work with AWS modules
For ansible to connect amazon web services infrastructure you need to enable programmatic access first and get your AWS access key and secret key
Refer the following article to get your Key and Secret ready. Besides that, you would also need to check if you have the right version python installed in your control machine with boto packages. As ansible uses boto package to connect to the aws.
- How to create Programmatic access - Key and Secret
- How to setup Boto python module for Ansible aws module
Ansible Route53 examples to read add remove update DNS records
let us see the examples on how to use the route53 ansible module to read add remove and update the DNS records. Simply put we are going to see how to perform the CRUD (Create Read Update Delete) tasks.
Before proceeding further, I presume that you are well aware of the DNS records and its types. Ansible supports all the DNS record types such as
- A
- CNAME
- MX
- AAAA
- TXT
- PTR
- SRV
- SPF
- CAA
- NS
- SOA
with no further ado let us go the practical implementation of adding, removing, retrieving and deleting DNS records of various types mentioned above.
How to READ/RETRIEVE the DNS records from AWS route53 - Ansible
In this section we are going to see, How to read or retrieve the DNS records from AWS route53 DNS service using the ansible route53 module.
Create an ansible playbook with the following content
---
- hosts: localhost
tasks:
- name: Route 53 A Record addition
route53:
state: get
private_zone: yes
zone: gritfy.infra
record: server01.ffx.infra
type: A
register: record
- name: display the record
debug: var=record
In this playbook, we are trying to get the A record server01.ffx.infra since this is a private zone we are using the parameter private_zone: yes which is otherwise by default stays no
If it is a public zone like gritfy.com the playbook would be exactly the same except there would not any private_zone parameter.
This playbook is designed to get the CNAME record of www.grtify.com from the zone gritfy.com
---
- hosts: localhost
tasks:
- name: Retrieve the Record
route53:
state: get
zone: gritfy.com
record: www.gritfy.com
type: CNAME
register: record
- name: display the record
debug: var=record
Here is the sample result you can expect while retrieving the DNS records using the route53 module.
How to ADD/CREATE DNS records to AWS route53 using Ansible
In this section, we are going to see how to add a DNS record to route53 DNS service using the ansible route53 module.
Here is the playbook to add the DNS records
---
- hosts: localhost
tasks:
- name: Route 53 A Record addition
route53:
state: present
zone: gritfy.com
record: testrecord.gritfy.com
type: A
ttl: 300
value: 172.99.1.82
wait: yes
register: result
- name: display records
debug: var=result
Execution result of this playbook would look something like this
A quick look at the parameters used along with the route53 module.
state - to tell ansible to create or remove the records. we are creating here so the value is present
zone - domain name / zone name in the aws infrastructure.
record - the DNS record we are trying to work with
type - type of the record
ttl - time to live value of the domain name record. AWS supports creating records with very low values like 300 seconds
value - the IP address or the record value for the type of record we have chosen
wait - wait for the record to be created before exiting the playbook. With this parameter set playbook would continue to run until the route53 record gets created or failed.
How to UPDATE DNS records in AWS route53 using Ansible
In this section, we are going to see how to update the DNS records we have already created and overwrite. Let us take the same DNS record we have added in the last section testrecord.gritfy.com earlier it was pointing to the IP 172.99.1.82 Now let us change the IP to something else.
here is the playbook to update the DNS records and overwrite the existing the record information like ip, ttl value etc.
---
- hosts: localhost
tasks:
- name: Route 53 A Record Update
route53:
state: present
zone: gritfy.com
record: testrecord.gritfy.com
type: A
ttl: 300
value: 172.99.2.211
wait: yes
overwrite: yes
register: result
- name: display records
debug: var=result
Since we have already covered the route53 parameters already in the previous section, let us check what is newly added in this playbook.
overwrite - this tells ansible to overwrite the already existing record. it enables the in-place update possible
How to DELETE DNS records in AWS route53 using Ansible
To delete existing records in the AWS route53 using ansible route53 module. we can use the same playbook we have used to create the DNS record except that you have to change the value of state parameter to absent
Here is the playbook to delete the DNS records in AWS route 53 using Ansible
---
- hosts: localhost
tasks:
- name: Route 53 A Record addition
route53:
state: absent
zone: gritfy.com
record: testrecord.gritfy.com
type: A
ttl: 300
value: 172.99.1.211
wait: yes
register: result
- name: display records
debug: var=result
The problem with this playbook is that you have to enter all the fields manually. If the values specified are incorrect than the values available on the AWS route 53 you would get an error like this
fatal: [localhost]: FAILED! =>
{"changed": false, "msg": "[Tried to delete resource record set
[name='testrecord.gritfy.com.', type='A']
but the values provided do not match the current values]"}
The right approach to READ and DELETE the records
Rather filling all the values manually, which often result in some human typo or error. we can first read the DNS record and store the values in the register variable and use those values during the delete operation, in this way we avoid having to remember the values and filling it manually.
---
- hosts: localhost
tasks:
- name: Retrieve the Records First
route53:
state: get
zone: gritfy.com
record: testrecord.gritfy.com
type: A
register: rec
- name: display the record
debug: var=rec
- name: Route 53 Delete Records
route53:
state: absent
zone: gritfy.com
record: "{{ rec.set.record }}"
type: "{{ rec.set.type }}"
ttl: "{{ rec.set.ttl }}"
value: "{{ rec.set.value }}"
wait: yes
register: result
- name: display results
debug: var=result
In this playbook, we are reading the DNS record first and storing in a register variable named rec and using the variable in the next task to delete the record.
We have a debug task after READ and DELETE operation to show more details on this job
here is the execution result of this playbook
Conclusion
with Ansible route 53 module you can create, delete, update and read all types of DNS records and work with it. In this article, we have covered all CRUD tasks with ansible route53 module. If you have any questions or comments let me know on the comments section
Follow me on Linkedin My Profile Follow DevopsJunction onFacebook orTwitter For more practical videos and tutorials. Subscribe to our channel
Signup for Exclusive "Subscriber-only" Content
