EzDevInfo.com

amazon-route53 interview questions

Top amazon-route53 frequently asked interview questions

Amazon Route 53 Client Exception on creation

I have a problem with amazon sdk for .net while creating an Amazon Route 53 Client calling

AWSClientFactory.CreateAmazonRoute53Client(AccessKeyID, SecretAccessKeyID);

I get an Exception that tells

"No RegionEndPoint or ServiceURL configured".

Also tried the region endpoint indicated there http://docs.aws.amazon.com/general/latest/gr/rande.html#r53_region with no result.

Can anybody help me?


Source: (StackOverflow)

Advertisements

How to move a domain from Godaddy to AWS Route 53

Since Godaddy went down for some hours my client and I are very upset and want to change everything to AWS.

Everything is done so far, only the domains (blablabla.com) are missing, I'm having a hard time trying to migrate from godaddy to Route 53, Do I have to remove from one and create from scratch from AWS?

Does anyone have any experience on how to do this?


Source: (StackOverflow)

Set up DNS based URL forwarding in Amazon Route53

I'm trying to setup forwarding in Amazon Route53. My last DNS service (Nettica) allowed me to route requests to "aws.example.com" to "https://myaccount.signin.aws.amazon.com/console/".

Is this functionality supported by Route53?

How does Nettica achieve this? Does it insert a special A, CNAME, PTR, or TXT record(s)?


Source: (StackOverflow)

Have Route 53 point to an instance instead of an IP or CNAME?

We're using Route 53 DNS to point to an EC2 instance. Is there any way to get Route 53 to point to the instance directly, instead of to an Elastic IP or CNAME?

I have multiple reasons for this:

  1. I don't want to burn an IP.

  2. CNAMEs are unreliable, because if an instance goes down and comes back up, the full name, ec2-X-X-X-X.compute-1.amazonaws.com, will change.

  3. In the future, I need to spin up instances programmatically and address them with a subdomain, and I see no easy way to do this with either elastic IPs or CNAMEs.

What's the best approach?


Source: (StackOverflow)

RRSet of type CNAME with DNS name foo.com. is not permitted at apex in zone bar.com

I own foo.com and bar.com. I am managing both in Route53. foo.com hosts my site, and I'd like to direct traffic from bar.com to foo.com. I tried to set up a CNAME record for bar.com pointing to foo.com, but I got the error message:

RRSet of type CNAME with DNS name foo.com. is not permitted at apex in zone bar.com.

Why doesn't this work, and what can I do instead?


Source: (StackOverflow)

How can I test a new nameserver before updating the registrar records?

I have configured a set of DNS records at a new DNS provider. The configuration is complex, with load-balancing, SSL, etc, there are things that could go wrong.

I want to test this configuration before changing the namespace records at registrar.

  • Is there any way to locally provide my machine with the new nameserver for the domain?
  • Are there any tools that might help with this?

Please note: I don't want to just update the A records (e.g. in /etc/hosts) - I want to specifically check the nameserver is returning the A and CNAME records.


Source: (StackOverflow)

AWS Request Authentication: Encode Header

My implementation of AWS Request Authentication in Google Go lang

package main

import "fmt"
import "crypto/hmac"
import "crypto/sha256"
import "time"
import "encoding/base64"

func main() {
  AWSAccessKeyId := "MHAPUBLICKEY"
  AWSSecretKeyId := "MHAPRIVATEKEY"
  sha256         := sha256.New
  time           := time.Now().UTC().Format(time.ANSIC)
  hash           := hmac.New(sha256, []byte(AWSSecretKeyId))
  hash.Write([]byte(time))
  sha            := base64.URLEncoding.EncodeToString(hash.Sum(nil))

  fmt.Println("Date", time)
  fmt.Println("Content-Type","text/xml; charset=UTF-8")
  fmt.Println("AWS3-HTTPS AWSAccessKeyId=" + AWSAccessKeyId + ",Algorithm=HmacSHA256,Signature=" + sha)
}

I get valid output from Amazon but only when the 'sha' hash does not contain any _ or -

Working

'WFKzWNQlZEyTC9JFGFyqdf8AYj54aBj5btxPIaGTDbM='

Not Working HTTP/1.1 403 Forbidden SignatureDoesNotMatch

'h-FIs7of_CJ7LusAoQPzSWVt9hlXF_5gCQgedn_85lk='

How do I encode the AWS3-HTTPS header so it works in either circumstance? Just incase it's relevant, I am currently copy and pasting the output into cURL. I plan on implementing the request in Google Go once I have it working reliably.


Source: (StackOverflow)

Error on using aws change-resource-record-sets to add an alias

I am trying to use aws change-resource-record-sets to add an alias. The idea is to allow access to a Cloudfront distribution via URL on our domain (e.g. mydomainname.mycompany.co.uk rather than mydomainname.cloudfront.net where mydomainname=something like d4dzc6m38sq0mk)

After working through various other JSON errors, which I solved, I am still getting a problem.

A client error (InvalidChangeBatch) occurred: RRSet with DNS name 
mydomainname.cloudfront.net. is not permitted in zone mycompany.co.uk.

What have I got wrong?

JSON:

{
  "Comment": "Recordset for mydomainname",
  "Changes": [
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "mydomainname",
        "Type": "A",
        "AliasTarget": {
          "HostedZoneId": "Z2FDTNDATAQYW2",
          "DNSName": "mydomainname.cloudfront.net.",
          "EvaluateTargetHealth": false
        }
      }
    }
  ]
}

EDITED to clarify the HostedZoneID.


Source: (StackOverflow)

How to know if the SPF config is working (Amazon SES/Route53)?

I'm using Amazon SES and Route53 and confused how I specify the TXT value to include the proper SPF config. Amazon gave me a SES TXT name/value pair which looks something like this:

Name: "_amazonses.xxx.com"
Value: "bInxJfnRbxxxxx9uFXgmxxxxxQHd08UxxxxxxsG+k="

I plugged this into my Route53 Record Set (same as "Zone file" on Godaddy). Sure enough after adding my SMTP credentials to my app and having Amazon verify my account ("grant production access"), it works and I can send email from my site to a variety of accounts (Gmail, Yahoo, Hotmail, my .edu university account).

I know nothing about SPF but hear it is good include in one's email server configuration. By googling about Amazon SES, I keep seeing to include the flowing snippets:

"v=spf1 include:amazonses.com ~all"
"spf2.0/pra include:amazonses.com ~all"

Currently, these 2 snippets are included in the same TXT value field as that big, ugly value above("bInxJfnRb...") and my emails still get sent ok.

Two related questions:

  1. Whether putting all 3 of the snippets in a single TXT value field is the right place for these snippets?
  2. What are the circumstances under which "v=spf1 include:amazonses.com ~all" and "spf2..." come into play? Basically, how do I know if they are doing anything?

Source: (StackOverflow)

Can I hide some hosted zone from AWS IAM Users?

Can I restrict my AWS IAM Users to list only selected hosted zones that I would like them to see using AWS IAM Policies?

Suppose I have three hosted zones A, B & C and I would like to hide A from my AWS IAM Users. What changes I need to do in this policy -

{
"Statement":[{
"Effect":"Allow",
"Action":["route53:GetHostedZone",
"route53:ListResourceRecordSets"],
"Resource":"arn:aws:route53::123456789012:change/*"
},
{
"Effect":"Allow",
"Action":,
"Resource":"*"
}
]
} 

Source: (StackOverflow)

AWS CloudFront distributions under same domain as web server

Currently I have my webserver at mydomain.com and two CDNs at static.mydomain.com and media.mydomain.com.

Would it be possible to have all under mydomain.com? e.g.

mydomain.com - webserver

mydomain.com/static - static CDN

mydomain.com/media - media CDN


Source: (StackOverflow)

How do I create a route53 record set using the aws sdk for ruby?

EC2 gives instances a new IP address when they're stopped then restarted, so I need to be able to automatically manage a route53 record set so that I can access things consistently. Sadly the documentation for the route53 portion of the sdk is not nearly as robust as it is for ec2 (understandably) and so I'm a bit stuck. From what I've seen so far, it seems like change_resource_record_sets (link) is the way to go, but I'm confused as to what needs go into :chages since it mentions a Change object but fails to provide a link to a description of said object.

Here's what my code currently looks like for a creation:

r53.client.change_resource_record_sets(:hosted_zone_id => 'MY_ID', :change_batch => {
    :changes => 'I DONT KNOW WHAT GOES HERE',
    :action => 'CREATE',
    :resource_record_set => {
        :name => @instance.instance_name,
        :type => 'CNAME',
        :ttl => 330,
        :value => @instance.ip_address
}})

EDIT: Okay, since I haven't had any help either here or on the official forums I've been messing around with it myself. So it turns out that the documentation is just plain awful. All of the values are stored in a Change object, and not given there. So it actually looks more like this:

some_change = AWS::Route53::CreateRequest.new(@instance.instance_name,
                                             'CNAME',
                                             :ttl => 330,
                                             :resource_records => [
                                                 {:value => @instance.ip_address}
                                             ])

r53.client.change_resource_record_sets(:hosted_zone_id => 'MY_ZONE', :change_batch => {
    :changes => [some_change],
})

Source: (StackOverflow)

Boto - How to delete a record set from route53 -Tried to delete resource record set but it was not found

I am using the following to delete route53 records. I get no error messages.

conn = Route53Connection(aws_access_key_id, aws_secret_access_key)
changes = ResourceRecordSets(conn, zone_id)
change = changes.add_change("DELETE",sub_domain, "A", 60,weight=weight,identifier=identifier)
change.add_value(ip_old)
changes.commit()

all required fields are present and they match..weight, identifier, ttl=60 etc.\

e.g.

test.com. A 111.111.111.111 60 1 id1
test.com. A 111.111.111.222 60 1 id2

I want to delete 111.111.111.222 and the record set.

So, what is the proper way to delete a record set?

For a record set, I will have multiple values that are distinguished by a unique identifier. When an ip address becomes in active I want to remove from route53. I am using a a poor mans load balancing.

Here is the meta of the record  want to delete.  
{'alias_dns_name': None,
  'alias_hosted_zone_id': None,
  'identifier': u'15754-1',
  'name': u'hui.com.',
  'resource_records': [u'103.4.xxx.xxx'],
  'ttl': u'60',
  'type': u'A',
  'weight': u'1'}



Traceback (most recent call last):
  File "/home/ubuntu/workspace/rtbopsConfig/classes/redis_ha.py", line 353, in <module>
    deleteRedisSubDomains(aws_access_key_id, aws_secret_access_key,platform=platform,sub_domain=sub_domain,redis_domain=redis_domain,zone_id=zone_id,ip_address=ip_address,weight=1,identifier=identifier)
  File "/home/ubuntu/workspace/rtbopsConfig/classes/redis_ha.py", line 341, in deleteRedisSubDomains
    changes.commit()
  File "/usr/local/lib/python2.7/dist-packages/boto-2.3.0-py2.7.egg/boto/route53/record.py", line 131, in commit
    return self.connection.change_rrsets(self.hosted_zone_id, self.to_xml())
  File "/usr/local/lib/python2.7/dist-packages/boto-2.3.0-py2.7.egg/boto/route53/connection.py", line 291, in change_rrsets
    body)
boto.route53.exception.DNSServerError: DNSServerError: 400 Bad Request
<?xml version="1.0"?>
<ErrorResponse xmlns="https://route53.amazonaws.com/doc/2011-05-05/"><Error><Type>Sender</Type><Code>InvalidChangeBatch</Code><Message>Tried to delete resource record set hui.com., type A, SetIdentifier 15754-1  but it was not found</Message></Error><RequestId>9972af89-cb69-11e1-803b-7bde5b9c457d</RequestId></ErrorResponse>

Thanks


Source: (StackOverflow)

Point my domain name to amazon instance

I am trying to point my domain name to my Amazon Instance using Route53. I am hoping someone with Route53 experience can tell my what I'm doing wrong.

  • I created a new hosted zone for my domain in Route53. The zone file gave me name servers which I applied to my registar.

  • Then, in EC2, I created an elastic IP address and associated it with my instance. I then created a new record set in my zone file and put the IP address down as an A-Record.

  • I then waited 24 hours, but my pointing isn't working. The website is still not being pointed to the Ec2 instance.

Any ideas?


Source: (StackOverflow)