DNS manager with API Gateway, Lambda, Route53

In this article we will describe how we have automated a workflow thanks to the services managed by Amazon AWS. This has allowed us to have a unique and centralized service that can be managed by anyone.

Let’s come to the problem.

To manage hundreds of DNS zones for our customers automatically, where possible, or to delegate them to people without technical skills.

We thought about the solution, which seemed more reasonable to us. To create a webservice, interact with it through an API. We wanted to do it without installing on our servers anything or almost nothing, not to have another service to manage and maintain.

So we immediately thought about the integration of Amazon AWS services.
To move the management of all our areas on Route53.
To use Gateway API as an API to perform the set of operations that interest us, each with their own call.
To have the ability to perform a code-side check on API calls before they are turned to Route53. Here the choice fell on the Lambda functions.

API Gateway, Route53, Lambda function, Ansible

In this way our API can easily be passed to automation scripts for creating, modifying, deleting zones, records or settings in general.
Or through simple web forms gived to our customers or any person in our company in order to provide the ability to manage DNS in a simple and controlled way. Possibly without creating problems!

Well we have the idea, now we need to move on to the realization, studying the abundant documentation of AWS on the three selected services.

To maintain the “infrastructure as code” approach that we are always trying to carry out, we decided to configure all the services, not through the convenient manual console of AWS, but through Ansible. This allows us in case of problems or updates to completely recreate our API very quickly and automatically.

To create functions we used the procedure described in this previous article.

So according to the scheme described, we created the python file manage_dns.py, controls and logic for DNS management are managed. The following is an excerpt:

The vars_manage_dns.yml file where variables are placed:

Finally, a hook_post_manage_dns.yml where, after creating the lambda function, we proceed to the creation and configuration of Gateway API.

In this case, not being the modules for ansible complete with all the parts necessary for us, we decided to call the aws command line from ansible.

At this point after running the script to generate the lambda function:

we will have activated the manage_dns function and the API Gateway.
We do not go into the details of the customization of the API, all the details on how we configured it can be found in the sample code published above or in general in the AWS documentation. We focus only on some points.
As you can see, in the image below, Gateway API shows us how our API is configured. Making a POST call to the invoke URL calls our Lambda function, which in turn performs the operations specified in the code. The Lambda function at the end of the invocation responds with an HTTP Status code.

Our invoke URL can be found on the following page:

This is the URL that we have to recall with our POST and on which we must authenticate.

Doing a POST on our API:

With this API call, we call the lambda function via Gateway API, which creates the record on our zone through the SDK of Route53.

Obviously it is possible, through the SDK of Route53 to do any operation on the DNS and thanks to the flexibility of Lambda we can insert any logic or intelligence in our function.

In the Gateway API console there are several interesting features to monitor our API, for example:

Or set usage limits to our Gateway API:

This API can be used with an API development environment like Postman, or integrated into an automated script/procedure.
Through the services and tools offered by AWS, we soon managed to create a complete and easy to use API. Thanks to Ansible we are able to make the deploy of a new version of API in a few tens of seconds.

The goal we set ourselves has been achieved.

Good development of your API!

Loreno Edelmondo
Loreno Edelmondo
Articoli: 24

Lascia una risposta

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.