You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+14-16Lines changed: 14 additions & 16 deletions
Original file line number
Diff line number
Diff line change
@@ -2,9 +2,9 @@
2
2
3
3
##Introduction
4
4
5
-
Dynamic registration of resource records is useful when you have instances that are not behind a load balancer that you would like address by a host name and domain suffix of your choosing rather than the default \<region\>.compute.internal or ec2.internal.
5
+
Dynamic registration of resource records is useful when you have instances that are not behind a load balancer and that you would like address by a host name and domain suffix of your choosing rather than the default \<region\>.compute.internal or ec2.internal assigned by VPC DNS.
6
6
7
-
In this project we explore how you can use [CloudWatch Events](https://aws.amazon.com/cloudwatch) and Lambda to create a Dynamic DNS for Route 53. Besides creating A records, this project lets you to create alias, i.e. CNAME records, for when you want to address a server by a "friendly" or alternate name. Although this is antithetical to treating instances as disposable resources, there are still a lot of shops that find this useful.
7
+
In this project we explore how you can use [CloudWatch Events](https://aws.amazon.com/cloudwatch) and Lambda to create a Dynamic DNS for Route 53. Besides creating A records, this project allows you to create alias, i.e. CNAME records, for when you want to address a server by a "friendly" or alternate name. Although this is antithetical to treating instances as disposable resources, there are still a lot of shops that find this useful.
8
8
9
9
##Using CloudWatch and Lambda to respond to infrastructure changes in real-time
10
10
@@ -18,7 +18,7 @@ The example provided in this project works precisely this way. It uses informat
18
18
19
19
Route 53 offers the convenience of domain name services without having to build a globally distributed highly reliable DNS infrastructure. It allows instances within your VPC to resolve the names of resources that run within your AWS environment. It also lets clients on the Internet resolve names of your public-facing resources. This is accomplished by querying resource record sets that reside within a Route 53 public or private hosted zone.
20
20
21
-
A private hosted zone is basically a container that holds information about how you want to route traffic for a domain and its subdomains within one or more VPC whereas a public hosted zone is a container that holds information about how you want to route traffic from the Internet.
21
+
A private hosted zone is basically a container that holds information about how you want to route traffic for a domain and its subdomains within one or more VPCs whereas a public hosted zone is a container that holds information about how you want to route traffic from the Internet.
22
22
23
23
##Choosing between VPC DNS or Route 53 Private Hosted Zones
24
24
@@ -28,11 +28,9 @@ Unless you create a DHCP option set with a custom domain name and disable hostna
28
28
29
29
Private hosted zones help you overcome these challenges by allowing you to create different resource record types with a custom domain suffix. Moreover, with Route 53 you can create a subdomain for your current DNS namespace or you can migrate an existing subdomain to Route 53. By using these options, you can create a contiguous DNS namespace between your on-premises environment and AWS.
30
30
31
-
So while VPC DNS can provide basic name resolution for your VPC, Route 53 private hosted zones offer richer functionality by comparison. It also has a programmable API that can be used to automate the creation/removal of records sets and hosted zones which we’re going leverage extensively in this project.
31
+
So, while VPC DNS can provide basic name resolution for your VPC, Route 53 private hosted zones offer richer functionality by comparison. It also has a programmable API that can be used to automate the creation/removal of records sets and hosted zones which we’re going leverage extensively in this project.
32
32
33
-
##Use case
34
-
35
-
Route 53 doesn't offer support for dynamic registration of resource record sets for public or private hosted zones. This can pose challenges when an automatic scaling event occurs and the instances are not behind a load balancer. A common workaround is to use an automation framework like Chef, Puppet, Ansible, or Salt to create resource records, or by adding instance user data to the launch profile of the Auto Scaling group. The drawbacks to these approaches is that:
33
+
Route 53 doesn't offer support for dynamic registration of resource record sets for public or private hosted zones. This can pose challenges when an automatic scaling event occurs and the instances are not behind a load balancer. A common workaround is to use an automation framework like Chef, Puppet, Ansible, or Salt to create resource records, or by adding instance user data to the launch profile of the Auto Scaling group. The drawbacks to these approaches are that:
36
34
37
35
1. automation frameworks typically require you to manage additional infrastructure.
38
36
2. instance user data doesn't handle the removal of resource records when the instance is terminated.
@@ -43,19 +41,19 @@ This was the motivation for creating a serverless architecture that dynamically
43
41
44
42
Make sure that you have the latest version of the AWS CLI installed locally. For more information, see [Getting Set Up with the AWS Command Line Interface](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-set-up.html).
45
43
46
-
For this example, create a new VPC configured with a private and public subnet, using [Scenario 2: VPC with Public and Private Subnets (NAT)](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html) from the Amazon VPC User Guide. Ensure that the VPC has the DNS resolution and DNS hostnames options set to yes.
44
+
For this example, create a new VPC configured with a private and public subnet, using [Scenario 2: VPC with Public and Private Subnets (NAT)](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html) from the Amazon VPC User Guide. Ensure that the VPC has the **DNS resoluti
8000
on** and **DNS hostnames** options set to **yes**.
47
45
48
46
After the VPC is created, you can proceed to the next steps.
49
47
50
48
#####Step 1 – Create an IAM role for the Lambda function
51
49
52
-
In this step, you use the AWS Command Line Interface (AWS CLI) to create the Identity and Access Management (IAM) role that the Lambda function assumes when the function is invoked. You need to create an IAM policy with the required permissions and then attach this policy to the role.
50
+
In this step, you will use the AWS Command Line Interface (AWS CLI) to create the Identity and Access Management (IAM) role that the Lambda function assumes when the function is invoked. You also need to create an IAM policy with the required permissions and then attach this policy to the role.
53
51
54
52
1) Download the **ddns-policy.json** and **ddns-trust.json** files from the [AWS Labs GitHub repo](https://github.com/awslabs/aws-lambda-ddns-function).
55
53
56
54
_ddns-policy.json_
57
55
58
-
The policy includes **ec2:Describe permission**, required for the function to obtain the EC2 instance’s attributes, including the private IP address, public IP address, and DNS hostname. The policy also includes DynamoDB and Route 53 full access, required for the function to create the DynamoDB table and to update the Route 53 DNS records. The policy also allows the function to create log groups and log events.
56
+
The policy includes **ec2:Describe permission**, required for the function to obtain the EC2 instance’s attributes, including the private IP address, public IP address, and DNS hostname. The policy also includes DynamoDB and Route 53 full access which the function uses to create the DynamoDB table and update the Route 53 DNS records. The policy also allows the function to create log groups and log events.
59
57
```JSON
60
58
{
61
59
"Version": "2012-10-17",
@@ -106,11 +104,11 @@ The **ddns-trust.json** file contains the trust policy that grants the Lambda se
106
104
]
107
105
}
108
106
```
109
-
2) Create the policy using the policy document in the **ddns-pol.json** file. You need to replace **\<LOCAL PATH\>** with your local path to the **
8000
ddns-pol.json** file. The output of the **aws iam create-policy** command includes the Amazon Resource Locator (ARN). Save the ARN as you need it for future steps.
107
+
2) Create the policy using the policy document in the **ddns-pol.json** file. You need to replace **\<LOCAL PATH\>** with your local path to the **ddns-pol.json** file. The output of the **aws iam create-policy** command includes the Amazon Resource Locator (ARN). Save the ARN since you will need it for future steps.
110
108
```
111
109
aws iam create-policy --policy-name ddns-lambda-policy --policy-document file://<LOCAL PATH>/ddns-pol.json
112
110
```
113
-
3) Create the **ddns-lambda-role IAM role** using the trust policy in the **ddns-trust.json** file. You need to replace **\<LOCAL PATH\>** with your local path to the **ddns-trust.json** file. The output of the **aws iam create-role** command includes the ARN associated with the role that you created. Save this ARN as you need it when you create the Lambda function in the next section.
111
+
3) Create the **ddns-lambda-role IAM role** using the trust policy in the **ddns-trust.json** file. You need to replace **\<LOCAL PATH\>** with your local path to the **ddns-trust.json** file. The output of the **aws iam create-role** command includes the ARN associated with the role that you created. Save this ARN since you will need it when you create the Lambda function in the next section.
114
112
```
115
113
aws iam create-role --role-name ddns-lambda-role --assume-role-policy-document file://<LOCAL PATH>/ddns-trust.json
The Lambda function uses modules included in the Python 2.7 Standard Library and the AWS SDK for Python module (boto3), which is preinstalled as part of the Lambda service. As such, you do not need to create a deployment package for this example.
121
+
The Lambda function uses modules included in the Python 2.7 Standard Library and the AWS SDK for Python module (boto3), which is preinstalled as part of the Lambda service. As such, you do not need to create a deployment package for this function.
124
122
125
123
- The function first checks if the “DDNS” table exists in DynamoDB and creates the table if it does not. The table is used to keep a record of instances that have been created, along with their attributes. It is necessary to do this because after an EC2 instance is terminated, its attributes are no longer available, so they must be fetched from the table.
126
124
@@ -138,19 +136,19 @@ Use the AWS CLI to create the Lambda function:
138
136
139
137
1) Download the **union.py.zip** file from the [AWS Labs GitHub repo](https://github.com/awslabs/aws-lambda-ddns-function).
140
138
141
-
2) Execute the following command to create the function. Note that you need to update the command to use the ARN of the role that you created earlier, as well as the local path to the union.py.zip file containing the Python code for the Lambda function.
139
+
2) Execute the following command to create the function. Note that you will need to update the command to use the ARN of the role that you created earlier, as well as the local path to the union.py.zip file containing the Python code for the Lambda function.
3) The output of the command returns the ARN of the newly-created function. Save this ARN, as you need it in the next section.
143
+
3) The output of the command returns the ARN of the newly-created function. Save this ARN, since you will need it in the next section.
146
144
147
145
#####Step 3 – Create the CloudWatch Events Rule
148
146
149
147
In this step, you create the CloudWatch Events rule that triggers the Lambda function whenever CloudWatch detects a change to the state of an EC2 instance. You configure the rule to fire when any EC2 instance state changes to “running”, “shutting down”, or “stopped”. Use the **aws events put-rule** command to create the rule and set the Lambda function as the execution target:
The output of the command returns the ARN to the newly created CloudWatch Events rule, named **ec2\_lambda\_ddns\_rule**. Save the ARN, as you need it to associate the rule with the Lambda function and to set the appropriate Lambda permissions.
151
+
The output of the command returns the ARN to the newly created CloudWatch Events rule, named **ec2\_lambda\_ddns\_rule**. Save the ARN, as you will need it to associate the rule with the Lambda function and to set the appropriate Lambda permissions.
154
152
155
153
Next, set the target of the rule to the Lambda function. Note that the **--targets** input parameter requires that you include a unique identifier for the **Id** target. You also need to update the command to use the ARN of the Lambda function that you created previously.
0 commit comments