Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
This document provides information about the AWS (Amazon Web Services) Route 53 connector, which facilitates automated interactions, with AWS Route 53 services using FortiSOAR™ playbooks. Add the AWS Route 53 connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching a new instance, taking snapshots of volumes, detaching volumes, and terminating an instance.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.2.2-1098
Authored By: Fortinet
Certified: Yes
The following enhancements have been made to the AWS Route 53 connector in version 1.1.0:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-aws-route53
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the AWS Route 53 connector card. On the connector popup, click the Configurations tab to enter the required configuration details:
Parameter | Description |
---|---|
Configuration Type | Select the Configuration Type from IAM Role or Access Credentials. The selected configuration type determines the type of credentials that you require to access AWS CloudWatch Log and perform automated actions. Enter the requested details as per the following:
|
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Record | Creates a resource record set in AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. | create_record Investigation |
Upsert Record | Upserts a resource record set in AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. Upsert means that if a resource record set does not already exist, then AWS Route 53 creates the record based on the values you have specified in the request. If the resource record does exist, then AWS Route 53 updates the record based on the values you have specified in the request. |
upsert_record Investigation |
Delete Record | Deletes an existing resource record set from AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. | delete_record Investigation |
Get Hosted Zones | Retrieves a list of all the public and private hosted zones that are associated with the current AWS account. | get_hosted_zones Investigation |
Get Resource Record Sets | Retrieves a list of resource record sets in a specified hosted zone from AWS Route 53 based on the hosted zone ID and other input parameters you have specified. | get_resource_record_sets Investigation |
Waiter Resource Record Sets Changed | A waiter function that waits until record set change is successful in AWS Route 53 based on the ID of the change batch request and other input parameters you have specified. | waiter_resource_record_sets_changed Investigation |
Test DNS Answer | Retrieves the value that AWS Route 53 returns in response to a DNS request for a specified hosted zone ID, record name, and type. | test_dns_answer Investigation |
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
Source | Specify the Fully Qualified Domain Name (FQDN) from which you want to create the record. |
Target | Specify the value of the current or new DNS for the record. |
Time to Live | Specify the resource records cache time to live (TTL), in seconds. |
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for the created record. |
Type | Select the type of DNS to be set for the resource record. |
Comment | (Optional) Content of the comment that you want to include while creating the record. |
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
Source | Specify the Fully Qualified Domain Name (FQDN) from which you want to upsert the record. |
Target | Specify the value of the current or new DNS for the record. |
Time to Live | Specify the resource records cache time to live (TTL), in seconds. |
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for the resource record. |
Type | Select the type of DNS to be set for the resource record. |
Comment | (Optional) Content of the comment that you want to include while creating the record. |
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"Comment": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
Source | Specify the Fully Qualified Domain Name (FQDN) from which you want to delete the record. |
Target | Specify the value of the current or new DNS for the record. |
Time to Live | Specify the resource records cache time to live (TTL), in seconds. |
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for the resource record. |
Type | Select the type of DNS to be set for the resource record. |
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
The output contains the following populated JSON schema:
{
"MaxItems": "",
"HostedZones": [
{
"Id": "",
"Name": "",
"Config": {
"Comment": "",
"PrivateZone": ""
},
"CallerReference": "",
"ResourceRecordSetCount": ""
}
],
"IsTruncated": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
Hosted Zone ID | The ID of the hosted zone that contains the resource record sets that you want to list from AWS Route 53. |
Start Record Name** | The first name in the lexicographic ordering of resource record sets that you want to list. If the specified record name does not exist, then the results begin with the first resource record set that has a name greater than the value of the name. |
Start Record Type** | The type of resource record set from which you want to begin the record listing. |
Start Record Identifier** | The ID of the resource record set from which you want to begin the record listing. Note: This parameter is applicable to Weighted resource record sets only. |
**: The Start Record Name, Start Record Type, and Start Record Identifier parameters require to be used in a particular combination to get an appropriate response. For more information on the combinations, see the Listing Resource Record Sets. |
The output contains the following populated JSON schema:
{
"MaxItems": "",
"IsTruncated": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
},
"ResourceRecordSets": [
{
"TTL": "",
"Name": "",
"Type": "",
"ResourceRecords": [
{
"Value": ""
}
]
},
{
"TTL": "",
"Name": "",
"Type": "",
"ResourceRecords": [
{
"Value": ""
}
]
}
]
}
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
ID | The ID of the change batch request using which you want the waiter function to wait until the record set change is successful. Note: The value that you specify here is the value that ChangeResourceRecordSets returns in its ID element when you submit the request. |
Delay | Specify the amount of time in seconds to wait between attempts. By default, this is set to 30. |
Max Attempts | Specify the maximum number of attempts to be made. By default, this is set to 60. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for which you want AWS Route 53 to simulate a query. |
Record Name | Specify the name of the resource record set for which you want AWS Route 53 to simulate a query. |
Record Type | Select the type of resource record set for which you want AWS Route 53 to simulate a query. |
Resolver IP | Specify the IP address of the resolver, if you want to simulate a request from a specific DNS resolver. If you do not specify this value, then TestDnsAnswer uses the IP address of a DNS resolver in the AWS US East (N. Virginia) Region (us-east-1 ). |
The output contains the following populated JSON schema:
{
"Protocol": "",
"Nameserver": "",
"RecordData": [],
"RecordName": "",
"RecordType": "",
"ResponseCode": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
The Sample - AWS Route 53 - 1.1.0
playbook collection comes bundled with the AWS Route 53 connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS Route 53 connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
This document provides information about the AWS (Amazon Web Services) Route 53 connector, which facilitates automated interactions, with AWS Route 53 services using FortiSOAR™ playbooks. Add the AWS Route 53 connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching a new instance, taking snapshots of volumes, detaching volumes, and terminating an instance.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.2.2-1098
Authored By: Fortinet
Certified: Yes
The following enhancements have been made to the AWS Route 53 connector in version 1.1.0:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-aws-route53
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the AWS Route 53 connector card. On the connector popup, click the Configurations tab to enter the required configuration details:
Parameter | Description |
---|---|
Configuration Type | Select the Configuration Type from IAM Role or Access Credentials. The selected configuration type determines the type of credentials that you require to access AWS CloudWatch Log and perform automated actions. Enter the requested details as per the following:
|
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Record | Creates a resource record set in AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. | create_record Investigation |
Upsert Record | Upserts a resource record set in AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. Upsert means that if a resource record set does not already exist, then AWS Route 53 creates the record based on the values you have specified in the request. If the resource record does exist, then AWS Route 53 updates the record based on the values you have specified in the request. |
upsert_record Investigation |
Delete Record | Deletes an existing resource record set from AWS Route 53 based on the source and destination FQDN, hosted zone ID, type, and other input parameters you have specified. | delete_record Investigation |
Get Hosted Zones | Retrieves a list of all the public and private hosted zones that are associated with the current AWS account. | get_hosted_zones Investigation |
Get Resource Record Sets | Retrieves a list of resource record sets in a specified hosted zone from AWS Route 53 based on the hosted zone ID and other input parameters you have specified. | get_resource_record_sets Investigation |
Waiter Resource Record Sets Changed | A waiter function that waits until record set change is successful in AWS Route 53 based on the ID of the change batch request and other input parameters you have specified. | waiter_resource_record_sets_changed Investigation |
Test DNS Answer | Retrieves the value that AWS Route 53 returns in response to a DNS request for a specified hosted zone ID, record name, and type. | test_dns_answer Investigation |
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
Source | Specify the Fully Qualified Domain Name (FQDN) from which you want to create the record. |
Target | Specify the value of the current or new DNS for the record. |
Time to Live | Specify the resource records cache time to live (TTL), in seconds. |
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for the created record. |
Type | Select the type of DNS to be set for the resource record. |
Comment | (Optional) Content of the comment that you want to include while creating the record. |
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
Source | Specify the Fully Qualified Domain Name (FQDN) from which you want to upsert the record. |
Target | Specify the value of the current or new DNS for the record. |
Time to Live | Specify the resource records cache time to live (TTL), in seconds. |
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for the resource record. |
Type | Select the type of DNS to be set for the resource record. |
Comment | (Optional) Content of the comment that you want to include while creating the record. |
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"Comment": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
Source | Specify the Fully Qualified Domain Name (FQDN) from which you want to delete the record. |
Target | Specify the value of the current or new DNS for the record. |
Time to Live | Specify the resource records cache time to live (TTL), in seconds. |
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for the resource record. |
Type | Select the type of DNS to be set for the resource record. |
The output contains the following populated JSON schema:
{
"ChangeInfo": {
"Id": "",
"Status": "",
"SubmittedAt": ""
},
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
The output contains the following populated JSON schema:
{
"MaxItems": "",
"HostedZones": [
{
"Id": "",
"Name": "",
"Config": {
"Comment": "",
"PrivateZone": ""
},
"CallerReference": "",
"ResourceRecordSetCount": ""
}
],
"IsTruncated": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
Hosted Zone ID | The ID of the hosted zone that contains the resource record sets that you want to list from AWS Route 53. |
Start Record Name** | The first name in the lexicographic ordering of resource record sets that you want to list. If the specified record name does not exist, then the results begin with the first resource record set that has a name greater than the value of the name. |
Start Record Type** | The type of resource record set from which you want to begin the record listing. |
Start Record Identifier** | The ID of the resource record set from which you want to begin the record listing. Note: This parameter is applicable to Weighted resource record sets only. |
**: The Start Record Name, Start Record Type, and Start Record Identifier parameters require to be used in a particular combination to get an appropriate response. For more information on the combinations, see the Listing Resource Record Sets. |
The output contains the following populated JSON schema:
{
"MaxItems": "",
"IsTruncated": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
},
"ResourceRecordSets": [
{
"TTL": "",
"Name": "",
"Type": "",
"ResourceRecords": [
{
"Value": ""
}
]
},
{
"TTL": "",
"Name": "",
"Type": "",
"ResourceRecords": [
{
"Value": ""
}
]
}
]
}
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
ID | The ID of the change batch request using which you want the waiter function to wait until the record set change is successful. Note: The value that you specify here is the value that ChangeResourceRecordSets returns in its ID element when you submit the request. |
Delay | Specify the amount of time in seconds to wait between attempts. By default, this is set to 30. |
Max Attempts | Specify the maximum number of attempts to be made. By default, this is set to 60. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
Parameter | Description |
---|---|
Assume a Role | Select this checkbox if you have specified IAM Role as the configuration type in Configuration Parameters. Enabling this option makes the following parameters mandatory:
|
Hosted Zone ID | Specify the value of the regional Hosted Zone ID for which you want AWS Route 53 to simulate a query. |
Record Name | Specify the name of the resource record set for which you want AWS Route 53 to simulate a query. |
Record Type | Select the type of resource record set for which you want AWS Route 53 to simulate a query. |
Resolver IP | Specify the IP address of the resolver, if you want to simulate a request from a specific DNS resolver. If you do not specify this value, then TestDnsAnswer uses the IP address of a DNS resolver in the AWS US East (N. Virginia) Region (us-east-1 ). |
The output contains the following populated JSON schema:
{
"Protocol": "",
"Nameserver": "",
"RecordData": [],
"RecordName": "",
"RecordType": "",
"ResponseCode": "",
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
The Sample - AWS Route 53 - 1.1.0
playbook collection comes bundled with the AWS Route 53 connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS Route 53 connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.