About the connector
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
This document provides information about the AWS (Amazon Web Services) Route 53 connector, which facilitates automated interactions, with AWS Route 53 services using FortiSOAR™ playbooks. Add the AWS Route 53 connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching a new instance, taking snapshots of volumes, detaching volumes, and terminating an instance.
Version information
Connector Version: 1.0.0
Authored By: Community
Certified: No
Installing the connector
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-aws-route53
Prerequisites to configuring the connector
- You must know the configuration type, either IAM Role or access credentials that you will use to connect to AWS. If you choose access credentials, then you must know your account's AWS region that you will use to access AWS services and have the AWS access key ID and the AWS secret access key to access AWS services.
- The FortiSOAR™ server should have outbound connectivity to port 443 on the AWS Route 53 server.
Minimum Permissions Required
Configuring the connector
For the procedure to configure a connector, click here
Configuration parameters
In FortiSOAR™, on the Connectors page, click the AWS Route 53 connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:
| Parameter |
Description |
| Configuration Type |
AWS configuration type that determines the authentication mechanism that you will use to provide credentials and access AWS.
You can choose either IAM Role or Access Credentials to connect to AWS. AWS Identity and Access Management (IAM) role is an IAM entity that defines a set of permissions for making AWS service requests. IAM roles are not associated with a specific user or group. Instead, trusted entities assume roles, such as IAM users, applications, or AWS services.
If you choose IAM Role, then you must specify the following parameter:
- AWS Instance IAM Role: IAM Role of your AWS instance to access AWS services.
If you choose Access Credentials, then you must specify the following parameters:
- AWS Region: Your account's AWS region that you will use to access AWS services.
- AWS Access Key ID: ID of the AWS Access Key to access AWS services.
- AWS Secret Access Key: Key of the AWS Secret Access to access AWS services.
|
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
| Function |
Description |
Annotation and Category |
| Create Record |
Creates a resource record set in AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. |
create_record
Investigation |
| Upsert Record |
Upserts a resource record set in AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified.
Upsert means that if a resource record set does not already exist, then AWS Route 53 creates the record based on the values you have specified in the request. If the resource record does exist, then AWS Route 53 updates the record based on the values you have specified in the request. |
upsert_record
Investigation |
| Delete Record |
Deletes an existing resource record set from AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. |
delete_record
Investigation |
| Get Hosted Zones |
Retrieves a list of all the public and private hosted zones that are associated with the current AWS account. |
get_hosted_zones
Investigation |
| Get Resource Record Sets |
Retrieves a list of resource record sets in a specified hosted zone from AWS Route 53 based on the hosted zone ID and other input parameters you have specified. |
get_resource_record_sets
Investigation |
| Waiter Resource Record Sets Changed |
A waiter function that waits until record set change is successful in AWS Route 53 based on the ID of the change batch request and other input parameters you have specified. |
waiter_resource_record_sets_changed
Investigation |
| Test DNS Answer |
Retrieves the value that AWS Route 53 returns in response to a DNS request for a specified hosted zone ID, record name, and type. |
test_dns_answer
Investigation |
operation: Create Record
Input parameters
| Parameter |
Description |
| Assume a Role |
Select this option to assume a role.
Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional.
If you select this option, then you must specify the following parameters:
- AWS Region: Your account's AWS region that you will use to access AWS services.
- Role ARN: ARN of the role that you want to assume to execute this action on AWS.
- Session Name: Name of the session that will be created to execute this action on AWS.
|
| Source |
Specify the Fully Qualified Domain Name (FQDN) from which you want to create the record. |
| Target |
Specify the value of the current or new DNS for the record. |
| Time to Live |
Specify the resource records cache time to live (TTL), in seconds. |
| Hosted Zone ID |
Specify the value of the regional Hosted Zone ID for the created record. |
| Type |
Select the type of DNS to be set for the resource record. |
| Comment |
(Optional) Comment content that you want to include while creating the record. |
Output
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
operation: Upsert Record
Input parameters
| Parameter |
Description |
| Assume a Role |
Select this option to assume a role.
Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional.
If you select this option, then you must specify the following parameters:
- AWS Region: Your account's AWS region that you will use to access AWS services.
- Role ARN: ARN of the role that you want to assume to execute this action on AWS.
- Session Name: Name of the session that will be created to execute this action on AWS.
|
| Source |
Specify the Fully Qualified Domain Name (FQDN) from which you want to upsert the record. |
| Target |
Specify the value of the current or new DNS for the record. |
| Time to Live |
Specify the resource records cache time to live (TTL), in seconds. |
| Hosted Zone ID |
Specify the value of the regional Hosted Zone ID for the resource record. |
| Type |
Select the type of DNS to be set for the resource record. |
| Comment |
(Optional) Comment content that you want to include while creating the record. |
Output
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"Comment": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
operation: Delete Record
Input parameters
| Parameter |
Description |
| Assume a Role |
Select this option to assume a role.
Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional.
If you select this option, then you must specify the following parameters:
- AWS Region: Your account's AWS region that you will use to access AWS services.
- Role ARN: ARN of the role that you want to assume to execute this action on AWS.
- Session Name: Name of the session that will be created to execute this action on AWS.
|
| Source |
Specify the Fully Qualified Domain Name (FQDN) from which you want to delete the record. |
| Target |
Specify the value of the current or new DNS for the record. |
| Time to Live |
Specify the resource records cache time to live (TTL), in seconds. |
| Hosted Zone ID |
Specify the value of the regional Hosted Zone ID for the resource record. |
| Type |
Select the type of DNS to be set for the resource record. |
Output
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
operation: Get Hosted Zones
Input parameters
| Parameter |
Description |
| Assume a Role |
Select this option to assume a role.
Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional.
If you select this option, then you must specify the following parameters:
- AWS Region: Your account's AWS region that you will use to access AWS services.
- Role ARN: ARN of the role that you want to assume to execute this action on AWS.
- Session Name: Name of the session that will be created to execute this action on AWS.
|
Output
The output contains the following populated JSON schema:
{
"MaxItems": "",
"HostedZones": [
{
"Id": "",
"Name": "",
"Config": {
"Comment": "",
"PrivateZone": ""
nbsp; },
"CallerReference": "",
"ResourceRecordSetCount": ""
}
],
"IsTruncated": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
operation: Get Resource Record Sets
Input parameters
| Parameter |
Description |
| Assume a Role |
Select this option to assume a role.
Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional.
If you select this option, then you must specify the following parameters:
- AWS Region: Your account's AWS region that you will use to access AWS services.
- Role ARN: ARN of the role that you want to assume to execute this action on AWS.
- Session Name: Name of the session that will be created to execute this action on AWS.
|
| Hosted Zone ID |
The ID of the hosted zone that contains the resource record sets that you want to list from AWS Route 53. |
| Start Record Name |
The first name in the lexicographic ordering of resource record sets that you want to list. If the specified record name does not exist, then the results begin with the first resource record set that has a name greater than the value of the name. |
| Start Record Type |
The type of the resource record set from which you want to begin the record listing. |
| Start Record Identifier |
The ID of the resource record set from which you want to begin the record listing.
Note: This parameter is applicable to Weighted resource record sets only. |
Output
The output contains the following populated JSON schema:
{
"MaxItems": "",
"IsTruncated": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
},
"ResourceRecordSets": [
{
"TTL": "",
"Name": "",
"Type": "",
"ResourceRecords": [
{
"Value": ""
}
]
},
{
"TTL": "",
"Name": "",
"Type": "",
"ResourceRecords": [
{
"Value": ""
}
]
}
]
}
operation: Waiter Resource Record Sets Changed
Input parameters
| Parameter |
Description |
| Assume a Role |
Select this option to assume a role.
Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional.
If you select this option, then you must specify the following parameters:
- AWS Region: Your account's AWS region that you will use to access AWS services.
- Role ARN: ARN of the role that you want to assume to execute this action on AWS.
- Session Name: Name of the session that will be created to execute this action on AWS.
|
| ID |
The ID of the change batch request based on which the waiter function will wait until the record set change is successful.
Note: The value that you specify here is the value that ChangeResourceRecordSets returns in its ID element when you submit the request. |
| Delay |
Specify the amount of time in seconds to wait between attempts. By default, this is set to 30. |
| Max Attempts |
Specify the maximum number of attempts to be made. By default, this is set to 60. |
Output
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
operation: Test DNS Answer
Input parameters
| Parameter |
Description |
| Assume a Role |
Select this option to assume a role.
Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional.
If you select this option, then you must specify the following parameters:
- AWS Region: Your account's AWS region that you will use to access AWS services.
- Role ARN: ARN of the role that you want to assume to execute this action on AWS.
- Session Name: Name of the session that will be created to execute this action on AWS.
|
| Hosted Zone ID |
Specify the value of the regional Hosted Zone ID for which you want AWS Route 53 to simulate a query. |
| Record Name |
Specify the name of the resource record set for which you want AWS Route 53 to simulate a query. |
| Record Type |
Select the type of resource record set for which you want AWS Route 53 to simulate a query. |
| Resolver IP |
Specify the IP address of the resolver, if you want to simulate a request from a specific DNS resolver.
If you do not specify this value, then TestDnsAnswer uses the IP address of a DNS resolver in the AWS US East (N. Virginia) Region (us-east-1 ). |
Output
The output contains the following populated JSON schema:
{
"Protocol": "",
"Nameserver": "",
"RecordData": [],
"RecordName": "",
"RecordType": "",
"ResponseCode": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Included playbooks
The Sample - AWS Route 53 - 1.0.0 playbook collection comes bundled with the AWS Route 53 connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS Route 53 connector.
- Create Record
- Delete Record
- Get Hosted Zones
- Get Resource Record Sets
- Test DNS Answer
- Upsert Record
- Waiter Resource Record Sets Changed
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
