amazon-route53 interview questions
Top amazon-route53 frequently asked interview questions
Since Godaddy went down for some hours my client and I are very upset and want to change everything to AWS.
Everything is done so far, only the domains (blablabla.com) are missing, I'm having a hard time trying to migrate from godaddy to Route 53, Do I have to remove from one and create from scratch from AWS?
Does anyone have any experience on how to do this?
Source: (StackOverflow)
I'm trying to setup forwarding in Amazon Route53. My last DNS service (Nettica) allowed me to route requests to "aws.example.com" to "https://myaccount.signin.aws.amazon.com/console/".
Is this functionality supported by Route53?
How does Nettica achieve this? Does it insert a special A, CNAME, PTR, or TXT record(s)?
Source: (StackOverflow)
We're using Route 53 DNS to point to an EC2 instance. Is there any way to get Route 53 to point to the instance directly, instead of to an Elastic IP or CNAME?
I have multiple reasons for this:
I don't want to burn an IP.
CNAMEs are unreliable, because if an instance goes down and comes back up, the full name, ec2-X-X-X-X.compute-1.amazonaws.com, will change.
In the future, I need to spin up instances programmatically and address them with a subdomain, and I see no easy way to do this with either elastic IPs or CNAMEs.
What's the best approach?
Source: (StackOverflow)
I own foo.com
and bar.com
. I am managing both in Route53. foo.com
hosts my site, and I'd like to direct traffic from bar.com
to foo.com
. I tried to set up a CNAME
record for bar.com
pointing to foo.com
, but I got the error message:
RRSet of type CNAME with DNS name foo.com. is not permitted at apex in zone bar.com.
Why doesn't this work, and what can I do instead?
Source: (StackOverflow)
I have configured a set of DNS records at a new DNS provider. The configuration is complex, with load-balancing, SSL, etc, there are things that could go wrong.
I want to test this configuration before changing the namespace records at registrar.
- Is there any way to locally provide my machine with the new nameserver for the domain?
- Are there any tools that might help with this?
Please note: I don't want to just update the A records (e.g. in /etc/hosts
) - I want to specifically check the nameserver is returning the A and CNAME records.
Source: (StackOverflow)
My implementation of AWS Request Authentication in Google Go lang
package main
import "fmt"
import "crypto/hmac"
import "crypto/sha256"
import "time"
import "encoding/base64"
func main() {
AWSAccessKeyId := "MHAPUBLICKEY"
AWSSecretKeyId := "MHAPRIVATEKEY"
sha256 := sha256.New
time := time.Now().UTC().Format(time.ANSIC)
hash := hmac.New(sha256, []byte(AWSSecretKeyId))
hash.Write([]byte(time))
sha := base64.URLEncoding.EncodeToString(hash.Sum(nil))
fmt.Println("Date", time)
fmt.Println("Content-Type","text/xml; charset=UTF-8")
fmt.Println("AWS3-HTTPS AWSAccessKeyId=" + AWSAccessKeyId + ",Algorithm=HmacSHA256,Signature=" + sha)
}
I get valid output from Amazon but only when the 'sha' hash does not contain any _ or -
Working
'WFKzWNQlZEyTC9JFGFyqdf8AYj54aBj5btxPIaGTDbM='
Not Working HTTP/1.1 403 Forbidden SignatureDoesNotMatch
'h-FIs7of_CJ7LusAoQPzSWVt9hlXF_5gCQgedn_85lk='
How do I encode the AWS3-HTTPS header so it works in either circumstance? Just incase it's relevant, I am currently copy and pasting the output into cURL. I plan on implementing the request in Google Go once I have it working reliably.
Source: (StackOverflow)
I am trying to use aws change-resource-record-sets to add an alias. The idea is to allow access to a Cloudfront distribution via URL on our domain (e.g. mydomainname.mycompany.co.uk rather than mydomainname.cloudfront.net where mydomainname=something like d4dzc6m38sq0mk)
After working through various other JSON errors, which I solved, I am still getting a problem.
A client error (InvalidChangeBatch) occurred: RRSet with DNS name
mydomainname.cloudfront.net. is not permitted in zone mycompany.co.uk.
What have I got wrong?
JSON:
{
"Comment": "Recordset for mydomainname",
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "mydomainname",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z2FDTNDATAQYW2",
"DNSName": "mydomainname.cloudfront.net.",
"EvaluateTargetHealth": false
}
}
}
]
}
EDITED to clarify the HostedZoneID.
Source: (StackOverflow)
I'm using Amazon SES and Route53 and confused how I specify the TXT value to include the proper SPF config. Amazon gave me a SES TXT name/value pair which looks something like this:
Name: "_amazonses.xxx.com"
Value: "bInxJfnRbxxxxx9uFXgmxxxxxQHd08UxxxxxxsG+k="
I plugged this into my Route53 Record Set (same as "Zone file" on Godaddy). Sure enough after adding my SMTP credentials to my app and having Amazon verify my account ("grant production access"), it works and I can send email from my site to a variety of accounts (Gmail, Yahoo, Hotmail, my .edu university account).
I know nothing about SPF but hear it is good include in one's email server configuration. By googling about Amazon SES, I keep seeing to include the flowing snippets:
"v=spf1 include:amazonses.com ~all"
"spf2.0/pra include:amazonses.com ~all"
Currently, these 2 snippets are included in the same TXT value field as that big, ugly value above("bInxJfnRb...") and my emails still get sent ok.
Two related questions:
- Whether putting all 3 of the snippets in a single TXT value field is the right place for these snippets?
- What are the circumstances under which "v=spf1 include:amazonses.com ~all" and "spf2..." come into play? Basically, how do I know if they are doing anything?
Source: (StackOverflow)
Can I restrict my AWS IAM Users to list only selected hosted zones that I would like them to see using AWS IAM Policies?
Suppose I have three hosted zones A, B & C and I would like to hide A from my AWS IAM Users. What changes I need to do in this policy -
{
"Statement":[{
"Effect":"Allow",
"Action":["route53:GetHostedZone",
"route53:ListResourceRecordSets"],
"Resource":"arn:aws:route53::123456789012:change/*"
},
{
"Effect":"Allow",
"Action":,
"Resource":"*"
}
]
}
Source: (StackOverflow)
Currently I have my webserver at mydomain.com and two CDNs at static.mydomain.com and media.mydomain.com.
Would it be possible to have all under mydomain.com? e.g.
mydomain.com - webserver
mydomain.com/static - static CDN
mydomain.com/media - media CDN
Source: (StackOverflow)
EC2 gives instances a new IP address when they're stopped then restarted, so I need to be able to automatically manage a route53 record set so that I can access things consistently. Sadly the documentation for the route53 portion of the sdk is not nearly as robust as it is for ec2 (understandably) and so I'm a bit stuck. From what I've seen so far, it seems like change_resource_record_sets
(link) is the way to go, but I'm confused as to what needs go into :chages
since it mentions a Change
object but fails to provide a link to a description of said object.
Here's what my code currently looks like for a creation:
r53.client.change_resource_record_sets(:hosted_zone_id => 'MY_ID', :change_batch => {
:changes => 'I DONT KNOW WHAT GOES HERE',
:action => 'CREATE',
:resource_record_set => {
:name => @instance.instance_name,
:type => 'CNAME',
:ttl => 330,
:value => @instance.ip_address
}})
EDIT: Okay, since I haven't had any help either here or on the official forums I've been messing around with it myself. So it turns out that the documentation is just plain awful. All of the values are stored in a Change
object, and not given there. So it actually looks more like this:
some_change = AWS::Route53::CreateRequest.new(@instance.instance_name,
'CNAME',
:ttl => 330,
:resource_records => [
{:value => @instance.ip_address}
])
r53.client.change_resource_record_sets(:hosted_zone_id => 'MY_ZONE', :change_batch => {
:changes => [some_change],
})
Source: (StackOverflow)
I am using the following to delete route53 records. I get no error messages.
conn = Route53Connection(aws_access_key_id, aws_secret_access_key)
changes = ResourceRecordSets(conn, zone_id)
change = changes.add_change("DELETE",sub_domain, "A", 60,weight=weight,identifier=identifier)
change.add_value(ip_old)
changes.commit()
all required fields are present and they match..weight, identifier,
ttl=60 etc.\
e.g.
test.com. A 111.111.111.111 60 1 id1
test.com. A 111.111.111.222 60 1 id2
I want to delete 111.111.111.222 and the record set.
So, what is the proper way to delete a record set?
For a record set, I will have multiple values that are distinguished
by a unique identifier. When an ip address becomes in active I want
to remove from route53. I am using a a poor mans load balancing.
Here is the meta of the record want to delete.
{'alias_dns_name': None,
'alias_hosted_zone_id': None,
'identifier': u'15754-1',
'name': u'hui.com.',
'resource_records': [u'103.4.xxx.xxx'],
'ttl': u'60',
'type': u'A',
'weight': u'1'}
Traceback (most recent call last):
File "/home/ubuntu/workspace/rtbopsConfig/classes/redis_ha.py", line 353, in <module>
deleteRedisSubDomains(aws_access_key_id, aws_secret_access_key,platform=platform,sub_domain=sub_domain,redis_domain=redis_domain,zone_id=zone_id,ip_address=ip_address,weight=1,identifier=identifier)
File "/home/ubuntu/workspace/rtbopsConfig/classes/redis_ha.py", line 341, in deleteRedisSubDomains
changes.commit()
File "/usr/local/lib/python2.7/dist-packages/boto-2.3.0-py2.7.egg/boto/route53/record.py", line 131, in commit
return self.connection.change_rrsets(self.hosted_zone_id, self.to_xml())
File "/usr/local/lib/python2.7/dist-packages/boto-2.3.0-py2.7.egg/boto/route53/connection.py", line 291, in change_rrsets
body)
boto.route53.exception.DNSServerError: DNSServerError: 400 Bad Request
<?xml version="1.0"?>
<ErrorResponse xmlns="https://route53.amazonaws.com/doc/2011-05-05/"><Error><Type>Sender</Type><Code>InvalidChangeBatch</Code><Message>Tried to delete resource record set hui.com., type A, SetIdentifier 15754-1 but it was not found</Message></Error><RequestId>9972af89-cb69-11e1-803b-7bde5b9c457d</RequestId></ErrorResponse>
Thanks
Source: (StackOverflow)
I am trying to point my domain name to my Amazon Instance using Route53. I am hoping someone with Route53 experience can tell my what I'm doing wrong.
I created a new hosted zone for my domain in Route53. The zone file
gave me name servers which I applied to my registar.
Then, in EC2, I created an elastic IP address and associated it with
my instance. I then created a new record set in my zone file and put
the IP address down as an A-Record.
I then waited 24 hours, but my pointing isn't working. The website is
still not being pointed to the Ec2 instance.
Any ideas?
Source: (StackOverflow)