amazon.aws.route53 module – add or delete entries in Amazons Route 53 DNS service
Note
This module is part of the amazon.aws collection (version 9.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install amazon.aws
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: amazon.aws.route53
.
New in amazon.aws 5.0.0
Synopsis
Creates and deletes DNS records in Amazons Route 53 service.
This module was originally added to
community.aws
in release 1.0.0.
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.6
boto3 >= 1.28.0
botocore >= 1.31.0
Parameters
Parameter |
Comments |
---|---|
AWS access key ID. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The aws_access_key and profile options are mutually exclusive. The aws_access_key_id alias was added in release 5.1.0 for consistency with the AWS botocore SDK. The ec2_access_key alias has been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
Indicates if this is an alias record. Mutually exclusive with Defaults to Choices:
|
|
Whether or not to evaluate an alias target health. Useful for aliases to Elastic Load Balancers. Choices:
|
|
The hosted zone identifier. |
|
The location of a CA Bundle to use when validating SSL certificates. The |
|
A dictionary to modify the botocore configuration. Parameters can be found in the AWS documentation https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config. |
|
Use a The Choices:
|
|
URL to connect to instead of the default AWS endpoints. While this can be used to connection to other AWS-compatible services the amazon.aws and community.aws collections are only tested against AWS. The The ec2_url and s3_url aliases have been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
Allows to control how Amazon Route 53 responds to DNS queries based on the geographic origin of the query. Two geolocation resource record sets that specify same geographic location cannot be created. Non-geolocation resource record sets that have the same values for the Name and Type elements as geolocation resource record sets cannot be created. |
|
The two-letter code for the continent. Specifying |
|
The two-letter code for a country. Amazon Route 53 uses the two-letter country codes that are specified in ISO standard 3166-1 alpha-2 . |
|
The two-letter code for a state of the United States. To specify |
|
Health check to associate with this record |
|
The Hosted Zone ID of the DNS zone to modify. This is a required parameter, if parameter |
|
Have to be specified for Weighted, latency-based and failover resource record sets only. An identifier that differentiates among multiple resource record sets that have the same combination of DNS name and type. |
|
Whether an existing record should be overwritten on create if values do not match. Choices:
|
|
If set to The default is to use the public zone. Choices:
|
|
A named AWS profile to use for authentication. See the AWS documentation for more information about named profiles https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html. The The profile option is mutually exclusive with the aws_access_key, aws_secret_key and security_token options. |
|
The full DNS record to create or delete. |
|
In the case that Route 53 is still servicing a prior request, this module will wait and try again after this many seconds. If you have many domain names, the default of Default: |
|
AWS secret access key. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The secret_key and profile options are mutually exclusive. The aws_secret_access_key alias was added in release 5.1.0 for consistency with the AWS botocore SDK. The ec2_secret_key alias has been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
AWS STS session token for use with temporary credentials. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The security_token and profile options are mutually exclusive. Aliases aws_session_token and session_token were added in release 3.2.0, with the parameter being renamed from security_token to session_token in release 6.0.0. The security_token, aws_security_token, and access_token aliases have been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
Specifies the state of the resource record. Choices:
|
|
The type of DNS record to create. Choices:
|
|
When set to Setting validate_certs=false is strongly discouraged, as an alternative, consider setting aws_ca_bundle instead. Choices:
|
|
The new value when creating a DNS record. YAML lists or multiple comma-spaced values are allowed for non-alias records. |
|
When used in conjunction with This allows you to have multiple private hosted zones, all with the same name, attached to different VPCs. |
|
Wait until the changes have been replicated to all Amazon Route 53 DNS servers. Choices:
|
|
How long to wait for the changes to be replicated, in seconds. Default: |
|
The DNS zone to modify. This is a required parameter, if parameter |
Notes
Note
Caution: For modules, environment variables and configuration files are read from the Ansible ‘host’ context and not the ‘controller’ context. As such, files may need to be explicitly copied to the ‘host’. For lookup and connection plugins, environment variables and configuration files are read from the Ansible ‘controller’ context and not the ‘host’ context.
The AWS SDK (boto3) that Ansible uses may also read defaults for credentials and other settings, such as the region, from its configuration files in the Ansible ‘host’ context (typically
~/.aws/credentials
). See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html for more information.
Examples
- name: Add new.foo.com as an A record with 3 IPs and wait until the changes have been replicated
amazon.aws.route53:
state: present
zone: foo.com
record: new.foo.com
type: A
ttl: 7200
value: 1.1.1.1,2.2.2.2,3.3.3.3
wait: true
- name: Update new.foo.com as an A record with a list of 3 IPs and wait until the changes have been replicated
amazon.aws.route53:
state: present
zone: foo.com
record: new.foo.com
type: A
ttl: 7200
value:
- 1.1.1.1
- 2.2.2.2
- 3.3.3.3
wait: true
- name: Retrieve the details for new.foo.com
amazon.aws.route53:
state: get
zone: foo.com
record: new.foo.com
type: A
register: rec
- name: Delete new.foo.com A record using the results from the get command
amazon.aws.route53:
state: absent
zone: foo.com
record: "{{ rec.set.record }}"
ttl: "{{ rec.set.ttl }}"
type: "{{ rec.set.type }}"
value: "{{ rec.set.value }}"
# Add an AAAA record. Note that because there are colons in the value
# that the IPv6 address must be quoted. Also shows using the old form command=create.
- name: Add an AAAA record
amazon.aws.route53:
command: create
zone: foo.com
record: localhost.foo.com
type: AAAA
ttl: 7200
value: "::1"
# For more information on SRV records see:
# https://en.wikipedia.org/wiki/SRV_record
- name: Add a SRV record with multiple fields for a service on port 22222
amazon.aws.route53:
state: present
zone: foo.com
record: "_example-service._tcp.foo.com"
type: SRV
value: "0 0 22222 host1.foo.com,0 0 22222 host2.foo.com"
# Note that TXT and SPF records must be surrounded
# by quotes when sent to Route 53:
- name: Add a TXT record.
amazon.aws.route53:
state: present
zone: foo.com
record: localhost.foo.com
type: TXT
ttl: 7200
value: '"bar"'
- name: Add an alias record that points to an Amazon ELB
amazon.aws.route53:
state: present
zone: foo.com
record: elb.foo.com
type: A
value: "{{ elb_dns_name }}"
alias: true
alias_hosted_zone_id: "{{ elb_zone_id }}"
- name: Retrieve the details for elb.foo.com
amazon.aws.route53:
state: get
zone: foo.com
record: elb.foo.com
type: A
register: rec
- name: Delete an alias record using the results from the get command
amazon.aws.route53:
state: absent
zone: foo.com
record: "{{ rec.set.record }}"
ttl: "{{ rec.set.ttl }}"
type: "{{ rec.set.type }}"
value: "{{ rec.set.value }}"
alias: true
alias_hosted_zone_id: "{{ rec.set.alias_hosted_zone_id }}"
- name: Add an alias record that points to an Amazon ELB and evaluates it health
amazon.aws.route53:
state: present
zone: foo.com
record: elb.foo.com
type: A
value: "{{ elb_dns_name }}"
alias: true
alias_hosted_zone_id: "{{ elb_zone_id }}"
alias_evaluate_target_health: true
- name: Add an AAAA record with Hosted Zone ID
amazon.aws.route53:
state: present
zone: foo.com
hosted_zone_id: Z2AABBCCDDEEFF
record: localhost.foo.com
type: AAAA
ttl: 7200
value: "::1"
- name: Use a routing policy to distribute traffic
amazon.aws.route53:
state: present
zone: foo.com
record: www.foo.com
type: CNAME
value: host1.foo.com
ttl: 30
# Routing policy
identifier: "host1@www"
weight: 100
health_check: "d994b780-3150-49fd-9205-356abdd42e75"
- name: Add a CAA record (RFC 6844)
amazon.aws.route53:
state: present
zone: example.com
record: example.com
type: CAA
value:
- 0 issue "ca.example.net"
- 0 issuewild ";"
- 0 iodef "mailto:[email protected]"
- name: Create a record with geo_location - country_code
amazon.aws.route53:
state: present
zone: '{{ zone_one }}'
record: 'geo-test.{{ zone_one }}'
identifier: "geohost@www"
type: A
value: 1.1.1.1
ttl: 30
geo_location:
country_code: US
- name: Create a record with geo_location - subdivision code
amazon.aws.route53:
state: present
zone: '{{ zone_one }}'
record: 'geo-test.{{ zone_one }}'
identifier: "geohost@www"
type: A
value: 1.1.1.1
ttl: 30
geo_location:
country_code: US
subdivision_code: TX
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Nameservers associated with the zone. Returned: when state is ‘get’ Sample: |
|
Info specific to the resource record. Returned: when state is ‘get’ |
|
Whether this is an alias. Returned: always Sample: |
|
Whether this is the primary or secondary resource record set. Returned: always Sample: |
|
Geograpic location based on which Route53 resonds to DNS queries. Returned: when configured Sample: |
|
Health check associated with this record. Returned: always |
|
An identifier that differentiates among multiple resource record sets that have the same combination of DNS name and type. Returned: always |
|
Domain name for the record set. Returned: always Sample: |
|
Domain name for the record set. Returned: always Sample: |
|
Which region this should be associated with for latency-based routing. Returned: always Sample: |
|
Information about the resource records to act upon. Returned: always Sample: |
|
Resource record cache TTL. Returned: always Sample: |
|
Resource record set type. Returned: always Sample: |
|
Record value. Returned: always Sample: |
|
Record Values. Returned: always Sample: |
|
Weight of the record. Returned: always Sample: |
|
Zone this record set belongs to. Returned: always Sample: |
|
The wait ID for the applied change. Can be used to wait for the change to propagate later on when Returned: when changed |