Skip to main content

Introduction

A JSON backup of our DSD Route 53 estate lives in a S3 bucket in cloud platform, this backup can be used to restore Route 53 records in the event of a failure.

The JSON backup has the following structure:

{
    'hosted_zone_id': 
        {
            'name': 'somename.aws.com.', 
            'records': 
                [
                    {
                        'Name': 'somename.aws.com.', 
                        'Type': 'NS', 
                        'TTL': 172800, 
                        'ResourceRecords': ['some-nameserver']
                    }, 
                    {
                        'Name': 'somename.aws.com.', 
                        'Type': 'SOA', 
                        'TTL': 900, 
                        'ResourceRecords': ['some-nameserver']
                    }
                ]
        }
}

Pulling the JSON backup from CP

  1. Authenticate to the Cloud Platform route 53 backup IAM role operations-engineering-route53-backup-prod-state-role.
  2. Pull the backup data from the S3 bucket: 
aws s3api get-object --bucket cloud-platform-50ad54b3b789d9fba7b301cce9d35f39 --key hosted_zones.json hosted_zones.json

Restoring a Hosted Zone

This implementation uses the Python boto3 SDK for AWS

  1. Authenticate to the DSD admin account.
  2. Setup:
import boto3

r53_client = boto3.client("route53")
  1. Create a new hosted zone: 
new_zone_id = r53_client.create_hosted_zone(Name=hosted_zone_name, CallerReference=str(hash(hosted_zone_id)))

print(new_zone_id)

Make a note of the new hosted zone id, as this will be required to create records in the new hosted zone.

  1. Create Resource Record Sets:

You will have to create a change request for each new resource record set, for example:

response = r53_client.change_resource_record_sets(
    HostedZoneId=hosted_zone_id,
    ChangeBatch={
        'Changes': 
            [
                {
                    "Action": "CREATE",
                    "ResourceRecordSet": 
                        {
                            "Name": "somename.aws.com.",
                            "Type": "MX",
                            "TTL": 1800,
                            "ResourceRecords": ['some-nameserver']
                        }
                },
                {
                    "Action": "CREATE",
                    "ResourceRecordSet": 
                        {
                            "Name": "somealias.somename.aws.com.",
                            "Type": "A",
                            "AliasTarget": 
                                {
                                    "HostedZoneId": "hosted_zone_id",
                                    "DNSName": "somename",
                                    "EvaluateTargetHealth": False
                                }   
                        },
                }

            ]
    }
)

print("Change info:", response)
This page was last reviewed on 1 March 2024. It needs to be reviewed again on 1 September 2024 by the page owner #operations-engineering-alerts .
This page was set to be reviewed before 1 September 2024 by the page owner #operations-engineering-alerts. This might mean the content is out of date.