update-route53

Script to update AWS Route 53 record set upon EC2 instance startup.

The public IP address given to an EC2 instance changes after an instance stops and starts again. This causes any Route53 recordsets to become instantly outdated. An easy fix is to use (VPC) Elastic IPs, which stick with the EC2 after a restart; however, you can only have 5 per region and need a good excuse when asking Amazon to increase it.

So, to get around this limitation, with the help of some other articles, I created a procedure that allows each EC2 instance to update their IP address to its corresponding Route53 recordset.

Table of Contents

  Pre-requisites
    IAM Role
    AWS CLI
  Download the Script
  Update Script Variables
  Set Script Permissions
  Add to Runlevels
  References

1. Pre-requisites

Create AWS IAM Role.

Your EC2 instance will need permissions to update a Route53 recordset. To avoid storing keys on the EC2 instance, you will setup a new role in IAM and attach it to your EC2 at launch. (We'll use the console to create the role.)

• Within IAM's navigation pane, click on 'Roles.'
• Click the 'Create New Role' button.
  

• Name your new role. I use route53-editor. Click Next Step.
  

• Select the Amazon EC2 service role, under the AWS Service Roles section.
  

• Attach a policy. In the filter, type route53. Choose the AmazonRoute53FullAccess policy and click Next Step.
  

• Review your settings on the next page, and if correct, click the Create Role button.

• Use this new role when launching your EC2 instances.

Note: If you have an existing role that you need to use, just attach the Route53 policy to your existing role.

Install the AWS Command Line Interface (AWS-CLI)

Install the AWS CLI using pip or use the bundled installer.

Note 1: I used an AMI from the marketplace and experienced several conflicts when installing pip. The bundled installer was much easier in this case.

Note 2: If using pip, you may need to add a symlink for the AWS-CLI to the /usr/bin directory. In the example below, awscli was installed in the /home/bitnami/.local/bin/aws directory.

sudo ln -s /home/bitnami/.local/bin/aws /usr/bin/aws

Note 3: If using the bundled installer, when running the executable (step 3), change the directory after the -b option to /usr/bin/aws to avoid creating a symlink manually.

sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/bin/aws

2. Download the Script

Download the script into your /etc/init.d directory.

cd /etc/init.d
curl -LO "https://raw.githubusercontent.com/jeremyhatfield/update-route53/master/update-route53.sh"

3. Update Script AWS Variables

Update the ZONEID and RECORDSET variables in the script to reflect the Zone and Route53 record you want to change.

4. Set Script Permissions

Give the script execute permissions.

sudo chmod +x /etc/init.d/update-route53.sh

5. Add to Runlevels

Add the script to the default runlevels so it will be called at runtime.

sudo update-rc.d update-route53.sh defaults

Note: To remove the script from runlevels...sudo update-rc.d /etc/init.d/update-route53.sh remove

References

Creating the script:

• http://www.spidersoft.com.au/2016/how-schedule-start-and-stop-ec2-instance-on-aws/

Running script at startup:

• http://xmodulo.com/how-to-automatically-start-program-on-boot-in-debian.html
• https://www.cyberciti.biz/tips/linux-how-to-run-a-command-when-boots-up.html
• http://askubuntu.com/questions/409025/permission-denied-when-running-sh-scripts

AWS Command Line Interface Installation:

• http://docs.aws.amazon.com/cli/latest/userguide/aws-cli.pdf
• http://docs.aws.amazon.com/cli/latest/userguide/awscli-install-linux.html

AWS IAM Policies:

• http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html