The aws-route53 mod contains resource, control and policy definitions for AWS Route 53 service.

Resource Types

Resource types covered by this mod:

Permissions

Taking a look at permissions and associated grant levels for each permission for Route 53:

PermissionGrant LevelHelp
cloudfront:ListDistributionsMetadataRequired for AWS console access to Route 53 per http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/UsingWithIAM.html
ec2:DescribeRegionsMetadataRequired for AWS console access to Route 53 per http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/UsingWithIAM.html
ec2:DescribeVpcsMetadataRequired for AWS console access to Route 53 per http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/UsingWithIAM.html
elasticloadbalancing:DescribeLoadBalancersMetadataRequired for AWS console access to Route 53 per http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/UsingWithIAM.html
route53:AssociateVPCWithHostedZoneAdminAllowed since network admins control the DNS servers (through VPC settings) so this will only work if they have chosen to use AmazonProvidedDNS.
route53:ChangeResourceRecordSetsAdmin
route53:ChangeTagsForResourceAdminTypically Operator but no sense creating Operator group just for tagging permissions.
route53:CreateHealthCheckAdminPublic zones only.
route53:CreateHostedZoneAdmin
route53:CreateQueryLoggingConfigAdminAdmin can create a configuration for DNS query logging to publish log data to an Amazon CloudWatch Logs log group.
route53:CreateReusableDelegationSetAdmin
route53:CreateTrafficPolicyAdminAdmins manage traffic policies.
route53:CreateTrafficPolicyInstanceAdminAdmins manage traffic policies.
route53:CreateTrafficPolicyVersionAdminAdmins manage traffic policies.
route53:CreateVPCAssociationAuthorizationAdmin
route53:DeleteHealthCheckAdminPublic zones only.
route53:DeleteHostedZoneAdmin
route53:DeleteQueryLoggingConfigAdminAdmin can delete a configuration for DNS query logging to stop publishing log data to an Amazon CloudWatch Logs log group.
route53:DeleteReusableDelegationSetAdmin
route53:DeleteTrafficPolicyAdminAdmins manage traffic policies.
route53:DeleteTrafficPolicyInstanceAdminAdmins manage traffic policies.
route53:DeleteVPCAssociationAuthorizationAdmin
route53:DisassociateVPCFromHostedZoneAdminAllowed since network admins control the DNS servers (through VPC settings) so this will only work if they have chosen to use AmazonProvidedDNS.
route53:GetAccountLimitMetadata
route53:GetChangeMetadata
route53:GetChangeDetailsMetadata
route53:GetCheckerIpRangesMetadata
route53:GetGeoLocationMetadata
route53:GetHealthCheckMetadata
route53:GetHealthCheckCountMetadata
route53:GetHealthCheckLastFailureReasonMetadata
route53:GetHealthCheckStatusMetadata
route53:GetHostedZoneMetadata
route53:GetHostedZoneCountMetadata
route53:GetHostedZoneLimitMetadata
route53:GetQueryLoggingConfigMetadataGets information about a specified configuration for DNS query logging.
route53:GetReusableDelegationSetMetadata
route53:GetReusableDelegationSetLimitMetadata
route53:GetTrafficPolicyMetadata
route53:GetTrafficPolicyInstanceMetadata
route53:GetTrafficPolicyInstanceCountMetadata
route53:ListChangeBatchesByHostedZoneMetadata
route53:ListChangeBatchesByRRSetMetadata
route53:ListGeoLocationsMetadata
route53:ListHealthChecksMetadata
route53:ListHostedZonesMetadata
route53:ListHostedZonesByNameMetadata
route53:ListQueryLoggingConfigsMetadataLists the configurations for DNS query logging that are associated with the current AWS account
route53:ListResourceRecordSetsMetadata
route53:ListReusableDelegationSetsMetadata
route53:ListTagsForResourceMetadata
route53:ListTagsForResourcesMetadata
route53:ListTrafficPoliciesMetadata
route53:ListTrafficPolicyInstancesMetadata
route53:ListTrafficPolicyInstancesByHostedZoneMetadata
route53:ListTrafficPolicyInstancesByPolicyMetadata
route53:ListTrafficPolicyVersionsMetadata
route53:ListVPCAssociationAuthorizationsMetadata
route53:TestDNSAnswerMetadataNot listed in policy simulator.
route53:UpdateHealthCheckAdminPublic zones only.
route53:UpdateHostedZoneCommentAdmin
route53:UpdateTrafficPolicyCommentAdminAdmins manage traffic policies.
route53:UpdateTrafficPolicyInstanceAdminAdmins manage traffic policies.
route53domains:CheckDomainAvailabilityMetadata
route53domains:CheckDomainTransferabilityMetadata
s3:ListBucketMetadataRequired for AWS console access to Route 53 per http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/UsingWithIAM.html

Learn More About Turbot

Version
6.4.0
Released On
Jun 01, 2023
Depends On

Resource Types

Control Types

Policy Types

Release Notes

6.4.0 (2023-06-01)

What's new?

  • Resource's metadata will now also include createdBy details in Turbot CMDB.
  • README.md file is now available for users to check details about the resource types and service permissions that the mod covers.

6.3.1 (2022-12-16)

Bug fixes

  • The AWS > Route 53 > Hosted Zone > CMDB control would fetch data for a maximum of 100 records for a hosted zone due to lack of pagination support. This is fixed and the control will now fetch details for all records for a hosted zone.

Action Types

Added

  • AWS > Route 53 > Hosted Zone > Delete from AWS
  • AWS > Route 53 > Hosted Zone > Set Tags
  • AWS > Route 53 > Hosted Zone > Skip alarm for Active control
  • AWS > Route 53 > Hosted Zone > Skip alarm for Active control [90 days]
  • AWS > Route 53 > Hosted Zone > Skip alarm for Approved control
  • AWS > Route 53 > Hosted Zone > Skip alarm for Approved control [90 days]
  • AWS > Route 53 > Hosted Zone > Skip alarm for Tags control
  • AWS > Route 53 > Hosted Zone > Skip alarm for Tags control [90 days]

6.3.0 (2022-06-23)

What's new?

  • Users can now create their own custom checks against resource attributes in the Approved control using the Approved > Custom policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.

Bug fixes

  • We've improved the process of deleting resources from Turbot if their CMDB policy was set to Enforce: Disabled. The CMDB controls will now not look to resolve credentials via Turbot's IAM role while deleting resources from Turbot. This will allow the CMDB controls to process resource deletions from Turbot more reliably than before.

Policy Types

Added

  • AWS > Route 53 > Hosted Zone > Approved > Custom

6.2.0 (2021-07-21)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

6.1.2 (2020-12-28)

Bug fixes

  • Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

6.1.1 (2020-12-14)

Bug fixes

  • Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

6.1.0 (2020-10-09)

What's new?

  • We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.

6.0.4 (2020-09-22)

Bug fixes

  • We've made some improvements to our real-time event handling that reduces the risk of creating resources in CMDB with malformed AKAs. There's no noticeable difference, but things should run more reliably now.

6.0.3 (2020-08-13)

Bug fixes

  • In various Active controls, we were outputting log messages that did not properly show how many days were left until we'd delete the inactive resources (we were still deleting them after the correct number of days). These log messages have been fixed and now contain the correct number of days.

6.0.2 (2020-07-10)

Bug fixes

  • Updated various resource configurations to provide better compatibility with AWS China regions.

6.0.1 (2020-07-01)

Bug fixes

  • Sometimes when updating CMDB for resources with tags that have empty string values, e.g., [{Key: "Empty", Value: ""}, {Key: "Turbot is great", Value: "true"}], we would not store all of the tags correctly. This has been fixed and now all tags are accounted for.

6.0.0 (2020-06-12)

Warning

  • Permissions for Route 53 Domains have been moved into the aws-route53domains mod in order to allow granting of Route 53 and Route 53 Domains permissions separately. If you are currently using Route 53 Domains permissions, please install the latest version of the aws-route53domains mod, enable permissions through the AWS > Route 53 Domains > Permissions policy, and assign the correct grant levels before updating to this version.

5.2.2 (2020-06-11)

What's new?

  • All resource Router actions now run even if Turbot is outside of its allowed change window. This allows Turbot to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Turbot's ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.

5.2.1 (2020-05-08)

Bug fixes

  • Removed AWS > Route 53 > Stack controls and policies. They were released incorrectly, stacks will be defined at VPC level.

Control Types

Removed

  • AWS > Route 53 > Stack

Policy Types

Removed

  • AWS > Route 53 > Stack
  • AWS > Route 53 > Stack > Secret Variables
  • AWS > Route 53 > Stack > Source
  • AWS > Route 53 > Stack > Variables

5.2.0 (2020-04-30)

Control Types

Added

  • AWS > Route 53 > Hosted Zone > Configured
  • AWS > Route 53 > Stack

Policy Types

Added

  • AWS > Route 53 > Hosted Zone > Configured
  • AWS > Route 53 > Hosted Zone > Configured > Claim Precedence
  • AWS > Route 53 > Hosted Zone > Configured > Source
  • AWS > Route 53 > Stack
  • AWS > Route 53 > Stack > Secret Variables
  • AWS > Route 53 > Stack > Source
  • AWS > Route 53 > Stack > Variables