Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
This document provides information about the AWS (Amazon Web Services) Route 53 connector, which facilitates automated interactions, with AWS Route 53 services using FortiSOAR™ playbooks. Add the AWS Route 53 connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching a new instance, taking snapshots of volumes, detaching volumes, and terminating an instance.
Connector Version: 1.0.0
Authored By: Community
Certified: No
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command as a root user to install the connector:
yum install cyops-connector-aws-route53
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the AWS Route 53 connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Configuration Type | AWS configuration type that determines the authentication mechanism that you will use to provide credentials and access AWS. You can choose either IAM Role or Access Credentials to connect to AWS. AWS Identity and Access Management (IAM) role is an IAM entity that defines a set of permissions for making AWS service requests. IAM roles are not associated with a specific user or group. Instead, trusted entities assume roles, such as IAM users, applications, or AWS services. If you choose IAM Role, then you must specify the following parameter:
|
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Record | Creates a resource record set in AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. | create_record Investigation |
Upsert Record | Upserts a resource record set in AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. Upsert means that if a resource record set does not already exist, then AWS Route 53 creates the record based on the values you have specified in the request. If the resource record does exist, then AWS Route 53 updates the record based on the values you have specified in the request. |
upsert_record Investigation |
Delete Record | Deletes an existing resource record set from AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. | delete_record Investigation |
Get Hosted Zones | Retrieves a list of all the public and private hosted zones that are associated with the current AWS account. | get_hosted_zones Investigation |
Get Resource Record Sets | Retrieves a list of resource record sets in a specified hosted zone from AWS Route 53 based on the hosted zone ID and other input parameters you have specified. | get_resource_record_sets Investigation |
Waiter Resource Record Sets Changed | A waiter function that waits until record set change is successful in AWS Route 53 based on the ID of the change batch request and other input parameters you have specified. | waiter_resource_record_sets_changed Investigation |
Test DNS Answer | Retrieves the value that AWS Route 53 returns in response to a DNS request for a specified hosted zone ID, record name, and type. | test_dns_answer Investigation |
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
Source | Specify the Fully Qualified Domain Name (FQDN) from which you want to create the record. |
Target | Specify the value of the current or new DNS for the record. |
Time to Live | Specify the resource records cache time to live (TTL), in seconds. |
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for the created record. |
Type | Select the type of DNS to be set for the resource record. |
Comment | (Optional) Comment content that you want to include while creating the record. |
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
Source | Specify the Fully Qualified Domain Name (FQDN) from which you want to upsert the record. |
Target | Specify the value of the current or new DNS for the record. |
Time to Live | Specify the resource records cache time to live (TTL), in seconds. |
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for the resource record. |
Type | Select the type of DNS to be set for the resource record. |
Comment | (Optional) Comment content that you want to include while creating the record. |
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"Comment": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
Source | Specify the Fully Qualified Domain Name (FQDN) from which you want to delete the record. |
Target | Specify the value of the current or new DNS for the record. |
Time to Live | Specify the resource records cache time to live (TTL), in seconds. |
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for the resource record. |
Type | Select the type of DNS to be set for the resource record. |
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"MaxItems": "",
"HostedZones": [
{
"Id": "",
"Name": "",
"Config": {
"Comment": "",
"PrivateZone": ""
nbsp; },
"CallerReference": "",
"ResourceRecordSetCount": ""
}
],
"IsTruncated": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
Hosted Zone ID | The ID of the hosted zone that contains the resource record sets that you want to list from AWS Route 53. |
Start Record Name | The first name in the lexicographic ordering of resource record sets that you want to list. If the specified record name does not exist, then the results begin with the first resource record set that has a name greater than the value of the name. |
Start Record Type | The type of the resource record set from which you want to begin the record listing. |
Start Record Identifier | The ID of the resource record set from which you want to begin the record listing. Note: This parameter is applicable to Weighted resource record sets only. |
The output contains the following populated JSON schema:
{
"MaxItems": "",
"IsTruncated": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
},
"ResourceRecordSets": [
{
"TTL": "",
"Name": "",
"Type": "",
"ResourceRecords": [
{
"Value": ""
}
]
},
{
"TTL": "",
"Name": "",
"Type": "",
"ResourceRecords": [
{
"Value": ""
}
]
}
]
}
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
ID | The ID of the change batch request based on which the waiter function will wait until the record set change is successful. Note: The value that you specify here is the value that ChangeResourceRecordSets returns in its ID element when you submit the request. |
Delay | Specify the amount of time in seconds to wait between attempts. By default, this is set to 30. |
Max Attempts | Specify the maximum number of attempts to be made. By default, this is set to 60. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for which you want AWS Route 53 to simulate a query. |
Record Name | Specify the name of the resource record set for which you want AWS Route 53 to simulate a query. |
Record Type | Select the type of resource record set for which you want AWS Route 53 to simulate a query. |
Resolver IP | Specify the IP address of the resolver, if you want to simulate a request from a specific DNS resolver. If you do not specify this value, then TestDnsAnswer uses the IP address of a DNS resolver in the AWS US East (N. Virginia) Region (us-east-1 ). |
The output contains the following populated JSON schema:
{
"Protocol": "",
"Nameserver": "",
"RecordData": [],
"RecordName": "",
"RecordType": "",
"ResponseCode": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
The Sample - AWS Route 53 - 1.0.0
playbook collection comes bundled with the AWS Route 53 connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS Route 53 connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
This document provides information about the AWS (Amazon Web Services) Route 53 connector, which facilitates automated interactions, with AWS Route 53 services using FortiSOAR™ playbooks. Add the AWS Route 53 connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching a new instance, taking snapshots of volumes, detaching volumes, and terminating an instance.
Connector Version: 1.0.0
Authored By: Community
Certified: No
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command as a root user to install the connector:
yum install cyops-connector-aws-route53
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the AWS Route 53 connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Configuration Type | AWS configuration type that determines the authentication mechanism that you will use to provide credentials and access AWS. You can choose either IAM Role or Access Credentials to connect to AWS. AWS Identity and Access Management (IAM) role is an IAM entity that defines a set of permissions for making AWS service requests. IAM roles are not associated with a specific user or group. Instead, trusted entities assume roles, such as IAM users, applications, or AWS services. If you choose IAM Role, then you must specify the following parameter:
|
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Record | Creates a resource record set in AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. | create_record Investigation |
Upsert Record | Upserts a resource record set in AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. Upsert means that if a resource record set does not already exist, then AWS Route 53 creates the record based on the values you have specified in the request. If the resource record does exist, then AWS Route 53 updates the record based on the values you have specified in the request. |
upsert_record Investigation |
Delete Record | Deletes an existing resource record set from AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. | delete_record Investigation |
Get Hosted Zones | Retrieves a list of all the public and private hosted zones that are associated with the current AWS account. | get_hosted_zones Investigation |
Get Resource Record Sets | Retrieves a list of resource record sets in a specified hosted zone from AWS Route 53 based on the hosted zone ID and other input parameters you have specified. | get_resource_record_sets Investigation |
Waiter Resource Record Sets Changed | A waiter function that waits until record set change is successful in AWS Route 53 based on the ID of the change batch request and other input parameters you have specified. | waiter_resource_record_sets_changed Investigation |
Test DNS Answer | Retrieves the value that AWS Route 53 returns in response to a DNS request for a specified hosted zone ID, record name, and type. | test_dns_answer Investigation |
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
Source | Specify the Fully Qualified Domain Name (FQDN) from which you want to create the record. |
Target | Specify the value of the current or new DNS for the record. |
Time to Live | Specify the resource records cache time to live (TTL), in seconds. |
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for the created record. |
Type | Select the type of DNS to be set for the resource record. |
Comment | (Optional) Comment content that you want to include while creating the record. |
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
Source | Specify the Fully Qualified Domain Name (FQDN) from which you want to upsert the record. |
Target | Specify the value of the current or new DNS for the record. |
Time to Live | Specify the resource records cache time to live (TTL), in seconds. |
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for the resource record. |
Type | Select the type of DNS to be set for the resource record. |
Comment | (Optional) Comment content that you want to include while creating the record. |
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"Comment": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
Source | Specify the Fully Qualified Domain Name (FQDN) from which you want to delete the record. |
Target | Specify the value of the current or new DNS for the record. |
Time to Live | Specify the resource records cache time to live (TTL), in seconds. |
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for the resource record. |
Type | Select the type of DNS to be set for the resource record. |
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"MaxItems": "",
"HostedZones": [
{
"Id": "",
"Name": "",
"Config": {
"Comment": "",
"PrivateZone": ""
nbsp; },
"CallerReference": "",
"ResourceRecordSetCount": ""
}
],
"IsTruncated": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
Hosted Zone ID | The ID of the hosted zone that contains the resource record sets that you want to list from AWS Route 53. |
Start Record Name | The first name in the lexicographic ordering of resource record sets that you want to list. If the specified record name does not exist, then the results begin with the first resource record set that has a name greater than the value of the name. |
Start Record Type | The type of the resource record set from which you want to begin the record listing. |
Start Record Identifier | The ID of the resource record set from which you want to begin the record listing. Note: This parameter is applicable to Weighted resource record sets only. |
The output contains the following populated JSON schema:
{
"MaxItems": "",
"IsTruncated": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
},
"ResourceRecordSets": [
{
"TTL": "",
"Name": "",
"Type": "",
"ResourceRecords": [
{
"Value": ""
}
]
},
{
"TTL": "",
"Name": "",
"Type": "",
"ResourceRecords": [
{
"Value": ""
}
]
}
]
}
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
ID | The ID of the change batch request based on which the waiter function will wait until the record set change is successful. Note: The value that you specify here is the value that ChangeResourceRecordSets returns in its ID element when you submit the request. |
Delay | Specify the amount of time in seconds to wait between attempts. By default, this is set to 30. |
Max Attempts | Specify the maximum number of attempts to be made. By default, this is set to 60. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
Parameter | Description |
---|---|
Assume a Role | Select this option to assume a role. Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the Configuration Type. If you have specified Access Credentials as the Configuration Type, then this parameter is optional. If you select this option, then you must specify the following parameters:
|
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for which you want AWS Route 53 to simulate a query. |
Record Name | Specify the name of the resource record set for which you want AWS Route 53 to simulate a query. |
Record Type | Select the type of resource record set for which you want AWS Route 53 to simulate a query. |
Resolver IP | Specify the IP address of the resolver, if you want to simulate a request from a specific DNS resolver. If you do not specify this value, then TestDnsAnswer uses the IP address of a DNS resolver in the AWS US East (N. Virginia) Region (us-east-1 ). |
The output contains the following populated JSON schema:
{
"Protocol": "",
"Nameserver": "",
"RecordData": [],
"RecordName": "",
"RecordType": "",
"ResponseCode": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
The Sample - AWS Route 53 - 1.0.0
playbook collection comes bundled with the AWS Route 53 connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS Route 53 connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.