coredns/plugin/route53/README.md

# route53

## Name

*route53* - enables serving zone data from AWS route53.

## Description

The route53 plugin is useful for serving zones from resource record
sets in AWS route53. This plugin supports all Amazon Route 53 records
([https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html)).
The route53 plugin can be used when coredns is deployed on AWS or elsewhere.

## Syntax

~~~ txt
route53 [ZONE:HOSTED_ZONE_ID...] {
    [aws_access_key AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY]
    upstream
    credentials PROFILE [FILENAME]
    fallthrough [ZONES...]
}
~~~

*   **ZONE** the name of the domain to be accessed. When there are multiple zones with overlapping
    domains (private vs. public hosted zone), CoreDNS does the lookup in the given order here.
    Therefore, for a non-existing resource record, SOA response will be from the rightmost zone.

*   **HOSTED_ZONE_ID** the ID of the hosted zone that contains the resource record sets to be
    accessed.

*   **AWS_ACCESS_KEY_ID** and **AWS_SECRET_ACCESS_KEY** the AWS access key ID and secret access key
    to be used when query AWS (optional). If they are not provided, then coredns tries to access
    AWS credentials the same way as AWS CLI, e.g., environmental variables, AWS credentials file,
    instance profile credentials, etc.

*   `upstream`is used for resolving services that point to external hosts (eg. used to resolve
    CNAMEs). CoreDNS will resolve against itself.

*   `credentials` is used for reading the credential file and setting the profile name for a given
    zone.

*   **PROFILE** AWS account profile name. Defaults to `default`.

*   **FILENAME** AWS credentials filename. Defaults to `~/.aws/credentials` are used.

*   `fallthrough` If zone matches and no record can be generated, pass request to the next plugin.
    If **[ZONES...]** is omitted, then fallthrough happens for all zones for which the plugin is
    authoritative. If specific zones are listed (for example `in-addr.arpa` and `ip6.arpa`), then
    only queries for those zones will be subject to fallthrough.

*   **ZONES** zones it should be authoritative for. If empty, the zones from the configuration block

## Examples

Enable route53 with implicit AWS credentials and an upstream:

~~~ txt
. {
	route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 {
	  upstream 10.0.0.1
	}
}
~~~

Enable route53 with explicit AWS credentials:

~~~ txt
. {
    route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 {
      aws_access_key AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
    }
}
~~~

Enable route53 with fallthrough:

~~~ txt
. {
    route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 example.gov.:Z654321543245 {
      fallthrough example.gov.
    }
}
~~~

Enable route53 with multiple hosted zones with the same domain:

~~~ txt
. {
    route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 example.org.:Z93A52145678156
}
~~~
Add route53 plugin (#1390) * Update vendor Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Add route53 plugin This fix adds route53 plugin so that it is possible to query route53 record through CoreDNS. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2018-01-15 09:59:29 -08:00			`# route53`

			`## Name`

			`route53 - enables serving zone data from AWS route53.`

			`## Description`

Default to upstream to self (#2436) * Default to upstream to self This is a backwards incompatible change. This is a massive (cleanup) PR where we default to resolving external names by the coredns process itself, instead of directly forwarding them to some upstream. This ignores any arguments `upstream` may have had and makes it depend on proxy/forward configuration in the Corefile. This allows resolved upstream names to be cached and we have better healthchecking of the upstreams. It also means there is only one way to resolve names, by either using the proxy or forward plugin. The proxy/forward lookup.go functions have been removed. This also lessen the dependency on proxy, meaning deprecating proxy will become easier. Some tests have been removed as well, or moved to the top-level test directory as they now require a full coredns process instead of just the plugin. For the etcd plugin, the entire StubZone resolving is dropped! This was a hacky (but working) solution to say the least. If someone cares deeply it can be brought back (maybe)? The pkg/upstream is now very small and almost does nothing. Also the New() function was changed to return a pointer to upstream.Upstream. It also returns only one parameter, so any stragglers using it will encounter a compile error. All documentation has been adapted. This affected the following plugins: * etcd * file * auto * secondary * federation * template * route53 A followup PR will make any upstream directives with arguments an error, right now they are ignored. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix etcd build - probably still fails unit test Signed-off-by: Miek Gieben <miek@miek.nl> * Slightly smarter lookup check in upstream Signed-off-by: Miek Gieben <miek@miek.nl> * Compilez Signed-off-by: Miek Gieben <miek@miek.nl> 2019-01-13 16:54:49 +00:00			`The route53 plugin is useful for serving zones from resource record`
			`sets in AWS route53. This plugin supports all Amazon Route 53 records`
			`([https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html)).`
[plugin/route53]: Support batch mode operation. (#2050) * [plugin/route53]: Support batch mode operation. Cache all Route53 records internally using `ListResourceRecordPagesWithContext` and serve them from memory. Bonus features: * Support additional r53 record types (`CNAME`, `SOA`, etc) * Support `upstream` option (#2099 filed to support argument optionality) Signed-off-by: Dmitry Ilyevskiy <dmitry.ilyevskiy@getcruise.com> Signed-off-by: Dmitry Ilyevskiy <ilyevsky@gmail.com> 2018-09-17 11:19:07 -07:00			`The route53 plugin can be used when coredns is deployed on AWS or elsewhere.`
Add route53 plugin (#1390) * Update vendor Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Add route53 plugin This fix adds route53 plugin so that it is possible to query route53 record through CoreDNS. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2018-01-15 09:59:29 -08:00
			`## Syntax`

			`~~~ txt`
			`route53 [ZONE:HOSTED_ZONE_ID...] {`
			`[aws_access_key AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY]`
Default to upstream to self (#2436) * Default to upstream to self This is a backwards incompatible change. This is a massive (cleanup) PR where we default to resolving external names by the coredns process itself, instead of directly forwarding them to some upstream. This ignores any arguments `upstream` may have had and makes it depend on proxy/forward configuration in the Corefile. This allows resolved upstream names to be cached and we have better healthchecking of the upstreams. It also means there is only one way to resolve names, by either using the proxy or forward plugin. The proxy/forward lookup.go functions have been removed. This also lessen the dependency on proxy, meaning deprecating proxy will become easier. Some tests have been removed as well, or moved to the top-level test directory as they now require a full coredns process instead of just the plugin. For the etcd plugin, the entire StubZone resolving is dropped! This was a hacky (but working) solution to say the least. If someone cares deeply it can be brought back (maybe)? The pkg/upstream is now very small and almost does nothing. Also the New() function was changed to return a pointer to upstream.Upstream. It also returns only one parameter, so any stragglers using it will encounter a compile error. All documentation has been adapted. This affected the following plugins: * etcd * file * auto * secondary * federation * template * route53 A followup PR will make any upstream directives with arguments an error, right now they are ignored. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix etcd build - probably still fails unit test Signed-off-by: Miek Gieben <miek@miek.nl> * Slightly smarter lookup check in upstream Signed-off-by: Miek Gieben <miek@miek.nl> * Compilez Signed-off-by: Miek Gieben <miek@miek.nl> 2019-01-13 16:54:49 +00:00			`upstream`
plugins/route53: add AWS credentials file support (#2118) Automatically submitted. 2018-09-25 15:57:16 -07:00			`credentials PROFILE [FILENAME]`
plugin/route53: add fallthrough (#2132) Automatically submitted. 2018-09-25 11:41:05 -07:00			`fallthrough [ZONES...]`
Add route53 plugin (#1390) * Update vendor Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Add route53 plugin This fix adds route53 plugin so that it is possible to query route53 record through CoreDNS. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2018-01-15 09:59:29 -08:00			`}`
			`~~~`

Default to upstream to self (#2436) * Default to upstream to self This is a backwards incompatible change. This is a massive (cleanup) PR where we default to resolving external names by the coredns process itself, instead of directly forwarding them to some upstream. This ignores any arguments `upstream` may have had and makes it depend on proxy/forward configuration in the Corefile. This allows resolved upstream names to be cached and we have better healthchecking of the upstreams. It also means there is only one way to resolve names, by either using the proxy or forward plugin. The proxy/forward lookup.go functions have been removed. This also lessen the dependency on proxy, meaning deprecating proxy will become easier. Some tests have been removed as well, or moved to the top-level test directory as they now require a full coredns process instead of just the plugin. For the etcd plugin, the entire StubZone resolving is dropped! This was a hacky (but working) solution to say the least. If someone cares deeply it can be brought back (maybe)? The pkg/upstream is now very small and almost does nothing. Also the New() function was changed to return a pointer to upstream.Upstream. It also returns only one parameter, so any stragglers using it will encounter a compile error. All documentation has been adapted. This affected the following plugins: * etcd * file * auto * secondary * federation * template * route53 A followup PR will make any upstream directives with arguments an error, right now they are ignored. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix etcd build - probably still fails unit test Signed-off-by: Miek Gieben <miek@miek.nl> * Slightly smarter lookup check in upstream Signed-off-by: Miek Gieben <miek@miek.nl> * Compilez Signed-off-by: Miek Gieben <miek@miek.nl> 2019-01-13 16:54:49 +00:00			`* ZONE the name of the domain to be accessed. When there are multiple zones with overlapping`
			`domains (private vs. public hosted zone), CoreDNS does the lookup in the given order here.`
			`Therefore, for a non-existing resource record, SOA response will be from the rightmost zone.`

Doc tweaks (#2763) * fix date on 150 release notes * fix syntax in route53 plugin Signed-off-by: Miek Gieben <miek@miek.nl> 2019-04-06 08:43:19 +01:00			`* HOSTED_ZONE_ID the ID of the hosted zone that contains the resource record sets to be`
Default to upstream to self (#2436) * Default to upstream to self This is a backwards incompatible change. This is a massive (cleanup) PR where we default to resolving external names by the coredns process itself, instead of directly forwarding them to some upstream. This ignores any arguments `upstream` may have had and makes it depend on proxy/forward configuration in the Corefile. This allows resolved upstream names to be cached and we have better healthchecking of the upstreams. It also means there is only one way to resolve names, by either using the proxy or forward plugin. The proxy/forward lookup.go functions have been removed. This also lessen the dependency on proxy, meaning deprecating proxy will become easier. Some tests have been removed as well, or moved to the top-level test directory as they now require a full coredns process instead of just the plugin. For the etcd plugin, the entire StubZone resolving is dropped! This was a hacky (but working) solution to say the least. If someone cares deeply it can be brought back (maybe)? The pkg/upstream is now very small and almost does nothing. Also the New() function was changed to return a pointer to upstream.Upstream. It also returns only one parameter, so any stragglers using it will encounter a compile error. All documentation has been adapted. This affected the following plugins: * etcd * file * auto * secondary * federation * template * route53 A followup PR will make any upstream directives with arguments an error, right now they are ignored. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix etcd build - probably still fails unit test Signed-off-by: Miek Gieben <miek@miek.nl> * Slightly smarter lookup check in upstream Signed-off-by: Miek Gieben <miek@miek.nl> * Compilez Signed-off-by: Miek Gieben <miek@miek.nl> 2019-01-13 16:54:49 +00:00			`accessed.`

Doc tweaks (#2763) * fix date on 150 release notes * fix syntax in route53 plugin Signed-off-by: Miek Gieben <miek@miek.nl> 2019-04-06 08:43:19 +01:00			`* AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY the AWS access key ID and secret access key`
Default to upstream to self (#2436) * Default to upstream to self This is a backwards incompatible change. This is a massive (cleanup) PR where we default to resolving external names by the coredns process itself, instead of directly forwarding them to some upstream. This ignores any arguments `upstream` may have had and makes it depend on proxy/forward configuration in the Corefile. This allows resolved upstream names to be cached and we have better healthchecking of the upstreams. It also means there is only one way to resolve names, by either using the proxy or forward plugin. The proxy/forward lookup.go functions have been removed. This also lessen the dependency on proxy, meaning deprecating proxy will become easier. Some tests have been removed as well, or moved to the top-level test directory as they now require a full coredns process instead of just the plugin. For the etcd plugin, the entire StubZone resolving is dropped! This was a hacky (but working) solution to say the least. If someone cares deeply it can be brought back (maybe)? The pkg/upstream is now very small and almost does nothing. Also the New() function was changed to return a pointer to upstream.Upstream. It also returns only one parameter, so any stragglers using it will encounter a compile error. All documentation has been adapted. This affected the following plugins: * etcd * file * auto * secondary * federation * template * route53 A followup PR will make any upstream directives with arguments an error, right now they are ignored. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix etcd build - probably still fails unit test Signed-off-by: Miek Gieben <miek@miek.nl> * Slightly smarter lookup check in upstream Signed-off-by: Miek Gieben <miek@miek.nl> * Compilez Signed-off-by: Miek Gieben <miek@miek.nl> 2019-01-13 16:54:49 +00:00			`to be used when query AWS (optional). If they are not provided, then coredns tries to access`
			`AWS credentials the same way as AWS CLI, e.g., environmental variables, AWS credentials file,`
			`instance profile credentials, etc.`

			* `upstream`is used for resolving services that point to external hosts (eg. used to resolve
			`CNAMEs). CoreDNS will resolve against itself.`

Fix some typos in documents (#2592) Signed-off-by: Xiao An <hac@zju.edu.cn> 2019-02-21 15:15:17 +08:00			* `credentials` is used for reading the credential file and setting the profile name for a given
Default to upstream to self (#2436) * Default to upstream to self This is a backwards incompatible change. This is a massive (cleanup) PR where we default to resolving external names by the coredns process itself, instead of directly forwarding them to some upstream. This ignores any arguments `upstream` may have had and makes it depend on proxy/forward configuration in the Corefile. This allows resolved upstream names to be cached and we have better healthchecking of the upstreams. It also means there is only one way to resolve names, by either using the proxy or forward plugin. The proxy/forward lookup.go functions have been removed. This also lessen the dependency on proxy, meaning deprecating proxy will become easier. Some tests have been removed as well, or moved to the top-level test directory as they now require a full coredns process instead of just the plugin. For the etcd plugin, the entire StubZone resolving is dropped! This was a hacky (but working) solution to say the least. If someone cares deeply it can be brought back (maybe)? The pkg/upstream is now very small and almost does nothing. Also the New() function was changed to return a pointer to upstream.Upstream. It also returns only one parameter, so any stragglers using it will encounter a compile error. All documentation has been adapted. This affected the following plugins: * etcd * file * auto * secondary * federation * template * route53 A followup PR will make any upstream directives with arguments an error, right now they are ignored. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix etcd build - probably still fails unit test Signed-off-by: Miek Gieben <miek@miek.nl> * Slightly smarter lookup check in upstream Signed-off-by: Miek Gieben <miek@miek.nl> * Compilez Signed-off-by: Miek Gieben <miek@miek.nl> 2019-01-13 16:54:49 +00:00			`zone.`

			* PROFILE AWS account profile name. Defaults to `default`.

			* FILENAME AWS credentials filename. Defaults to `~/.aws/credentials` are used.

			* `fallthrough` If zone matches and no record can be generated, pass request to the next plugin.
			`If [ZONES...] is omitted, then fallthrough happens for all zones for which the plugin is`
			authoritative. If specific zones are listed (for example `in-addr.arpa` and `ip6.arpa`), then
			`only queries for those zones will be subject to fallthrough.`

			`* ZONES zones it should be authoritative for. If empty, the zones from the configuration block`
Add route53 plugin (#1390) * Update vendor Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Add route53 plugin This fix adds route53 plugin so that it is possible to query route53 record through CoreDNS. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2018-01-15 09:59:29 -08:00
			`## Examples`

plugins/route53: add AWS credentials file support (#2118) Automatically submitted. 2018-09-25 15:57:16 -07:00			`Enable route53 with implicit AWS credentials and an upstream:`
Add route53 plugin (#1390) * Update vendor Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Add route53 plugin This fix adds route53 plugin so that it is possible to query route53 record through CoreDNS. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2018-01-15 09:59:29 -08:00
			`~~~ txt`
			`. {`
Add the missed braces. (#2330) 2018-11-21 16:44:17 +01:00			`route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 {`
			`upstream 10.0.0.1`
			`}`
Add route53 plugin (#1390) * Update vendor Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Add route53 plugin This fix adds route53 plugin so that it is possible to query route53 record through CoreDNS. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2018-01-15 09:59:29 -08:00			`}`
			`~~~`

plugins/route53: add AWS credentials file support (#2118) Automatically submitted. 2018-09-25 15:57:16 -07:00			`Enable route53 with explicit AWS credentials:`
Add route53 plugin (#1390) * Update vendor Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Add route53 plugin This fix adds route53 plugin so that it is possible to query route53 record through CoreDNS. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2018-01-15 09:59:29 -08:00
			`~~~ txt`
			`. {`
			`route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 {`
			`aws_access_key AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY`
plugin/route53: add fallthrough (#2132) Automatically submitted. 2018-09-25 11:41:05 -07:00			`}`
			`}`
			`~~~`

			`Enable route53 with fallthrough:`

			`~~~ txt`
			`. {`
			`route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 example.gov.:Z654321543245 {`
			`fallthrough example.gov.`
			`}`
Add route53 plugin (#1390) * Update vendor Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Add route53 plugin This fix adds route53 plugin so that it is possible to query route53 record through CoreDNS. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2018-01-15 09:59:29 -08:00			`}`
			`~~~`
plugins/route53: add AWS credentials file support (#2118) Automatically submitted. 2018-09-25 15:57:16 -07:00
plugin/route53: add split zone support (#2160) Automatically submitted. 2018-10-10 10:55:54 -07:00			`Enable route53 with multiple hosted zones with the same domain:`

			`~~~ txt`
			`. {`
			`route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 example.org.:Z93A52145678156`
			`}`
			`~~~`