Introduction
A JSON backup of our DSD Route 53 estate lives in a S3 bucket in cloud platform, this backup can be used to restore Route 53 records in the event of a failure.
The JSON backup has the following structure:
{
'hosted_zone_id':
{
'name': 'somename.aws.com.',
'records':
[
{
'Name': 'somename.aws.com.',
'Type': 'NS',
'TTL': 172800,
'ResourceRecords': ['some-nameserver']
},
{
'Name': 'somename.aws.com.',
'Type': 'SOA',
'TTL': 900,
'ResourceRecords': ['some-nameserver']
}
]
}
}
Pulling the JSON backup from CP
- Authenticate to the Cloud Platform route 53 backup IAM role
operations-engineering-route53-backup-prod-state-role
. - Pull the backup data from the S3 bucket:
aws s3api get-object --bucket cloud-platform-50ad54b3b789d9fba7b301cce9d35f39 --key hosted_zones.json hosted_zones.json
Restoring a Hosted Zone
This implementation uses the Python boto3 SDK for AWS
- Authenticate to the DSD admin account.
- Setup:
import boto3
r53_client = boto3.client("route53")
- Create a new hosted zone:
new_zone_id = r53_client.create_hosted_zone(Name=hosted_zone_name, CallerReference=str(hash(hosted_zone_id)))
print(new_zone_id)
Make a note of the new hosted zone id, as this will be required to create records in the new hosted zone.
- Create Resource Record Sets:
You will have to create a change request for each new resource record set, for example:
response = r53_client.change_resource_record_sets(
HostedZoneId=hosted_zone_id,
ChangeBatch={
'Changes':
[
{
"Action": "CREATE",
"ResourceRecordSet":
{
"Name": "somename.aws.com.",
"Type": "MX",
"TTL": 1800,
"ResourceRecords": ['some-nameserver']
}
},
{
"Action": "CREATE",
"ResourceRecordSet":
{
"Name": "somealias.somename.aws.com.",
"Type": "A",
"AliasTarget":
{
"HostedZoneId": "hosted_zone_id",
"DNSName": "somename",
"EvaluateTargetHealth": False
}
},
}
]
}
)
print("Change info:", response)
This page was last reviewed on 1 March 2024.
It needs to be reviewed again on 1 September 2024
by the page owner #operations-engineering-alerts
.
This page was set to be reviewed before 1 September 2024
by the page owner #operations-engineering-alerts.
This might mean the content is out of date.