coredns/man/coredns-route53.7

.\" Generated by Mmark Markdown Processer - mmark.miek.nl
.TH "COREDNS-ROUTE53" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"

.SH "NAME"
.PP
\fIroute53\fP - enables serving zone data from AWS route53.

.SH "DESCRIPTION"
.PP
The route53 plugin is useful for serving zones from resource record
sets in AWS route53. This plugin supports all Amazon Route 53 records
(https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html
\[la]https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html\[ra]).
The route53 plugin can be used when coredns is deployed on AWS or elsewhere.

.SH "SYNTAX"
.PP
.RS

.nf
route53 [ZONE:HOSTED\_ZONE\_ID...] {
    aws\_access\_key [AWS\_ACCESS\_KEY\_ID AWS\_SECRET\_ACCESS\_KEY]
    credentials PROFILE [FILENAME]
    fallthrough [ZONES...]
    refresh DURATION
}

.fi
.RE

.IP \(bu 4
\fBZONE\fP the name of the domain to be accessed. When there are multiple zones with overlapping
domains (private vs. public hosted zone), CoreDNS does the lookup in the given order here.
Therefore, for a non-existing resource record, SOA response will be from the rightmost zone.
.IP \(bu 4
\fBHOSTED_ZONE_ID\fP the ID of the hosted zone that contains the resource record sets to be
accessed.
.IP \(bu 4
\fBAWS_ACCESS_KEY_ID\fP and \fBAWS_SECRET_ACCESS_KEY\fP the AWS access key ID and secret access key
to be used when query AWS (optional). If they are not provided, then coredns tries to access
AWS credentials the same way as AWS CLI, e.g., environmental variables, AWS credentials file,
instance profile credentials, etc.
.IP \(bu 4
\fB\fCcredentials\fR is used for reading the credential \fBFILENAME\fP and setting the \fBPROFILE\fP name for a given
zone. \fBPROFILE\fP is the AWS account profile name. Defaults to \fB\fCdefault\fR. \fBFILENAME\fP is the
AWS credentials filename, defaults to \fB\fC~/.aws/credentials\fR.
.IP \(bu 4
\fB\fCfallthrough\fR If zone matches and no record can be generated, pass request to the next plugin.
If \fBZONES\fP is omitted, then fallthrough happens for all zones for which the plugin is
authoritative. If specific zones are listed (for example \fB\fCin-addr.arpa\fR and \fB\fCip6.arpa\fR), then
only queries for those zones will be subject to fallthrough.
.IP \(bu 4
\fB\fCrefresh\fR can be used to control how long between record retrievals from Route 53. It requires
a duration string as a parameter to specify the duration between update cycles. Each update
cycle may result in many AWS API calls depending on how many domains use this plugin and how
many records are in each. Adjusting the update frequency may help reduce the potential of API
rate-limiting imposed by AWS.
.IP \(bu 4
\fBDURATION\fP A duration string. Defaults to \fB\fC1m\fR. If units are unspecified, seconds are assumed.


.SH "EXAMPLES"
.PP
Enable route53 with implicit AWS credentials and resolve CNAMEs via 10.0.0.1:

.PP
.RS

.nf
example.org {
    route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7
}

\&. {
    forward . 10.0.0.1
}

.fi
.RE

.PP
Enable route53 with explicit AWS credentials:

.PP
.RS

.nf
example.org {
    route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 {
      aws\_access\_key AWS\_ACCESS\_KEY\_ID AWS\_SECRET\_ACCESS\_KEY
    }
}

.fi
.RE

.PP
Enable route53 with fallthrough:

.PP
.RS

.nf
\&. {
    route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 example.gov.:Z654321543245 {
      fallthrough example.gov.
    }
}

.fi
.RE

.PP
Enable route53 with multiple hosted zones with the same domain:

.PP
.RS

.nf
example.org {
    route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 example.org.:Z93A52145678156
}

.fi
.RE

.PP
Enable route53 and refresh records every 3 minutes

.PP
.RS

.nf
example.org {
    route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 {
      refresh 3m
    }
}

.fi
.RE