Today we’ll be looking at how to backup/export an Amazon (AWS) Route 53 Hosted Zone to file. AWS makes it’s really easy for you to move your domain to them but really difficult to take all your entries out of Route 53. We recently felt the need to backup 200+ Hosted Zones and realized that AWS does not offer a native tool to help you with this.
To accomplish this we’ll use cli53. cli53 is a tool specifically for managing AWS Route 53 zone operations. Here’s what you can do with cli53:
- import and export BIND format - create, delete and list hosted zones - create, delete and update individual records - create AWS extensions: failover, geolocation, latency, weighted and ALIAS records - create, delete and use reusable delegation sets
To install cli53, simply head over to their GitHub release page and download the latest release based on your operating system and architecture. We’ll use the Linux version.
The file you download is the binary itself, no zip or anything. Simply rename the file for ease of use:
mv cli53-linux-amd64 cli53
Next, make the cli53 binary available globally, meaning you won’t have to add the full path to the file whenever you want to use it.
mv cli53 /usr/local/bin/cli53
Finally, make the cli53 binary executable
chmod +x /usr/local/bin/cli53
The next step is to create the credentials with which cli53 will log in to your account to download the DNS hosted zone files.
Navigate to Identity and Access Management (IAM) from the Services drop-down menu. Click on Add user.
Step 1: You should now be in the IAM new user wizard. Select a username and check Programmatic Access from the Access Type section, click Next.
Step 2: Select the Attach Existing Policies Directly tile from above, enter Route53 in the Filter Policies field. Scroll down until you see AmazonRoute53ReadOnlyAccess (Note: You can restrict these even further by selecting: AmazonRoute53DomainsReadOnlyAccess) and click Next.
Step 3: Click Next
Step 4: Click Create User
Step 5: Copy the Access key ID and Secret Access Key presented, the Secret Access Key will not be presented again so note this at this step.
Now you need to create a file in a hidden folder in your home directory, ~/.aws/credentials, and place these keys in there.
[default] aws_access_key_id = AKID1934434660RTE aws_secret_access_key = MY-SECRET-KEY
If you’ve set-up everything as explained in the steps above then you are ready to use cli53. Let’s test this first, issue the following command at the shell:
This should return a list of all the domains you host on Route 53.
To export all the DNS entries you’ve set for a domain to a file issue the following command:
cli53 export domain.com
This will throw all the entries to your screen, to export the entries to a file modify the command above as follows:
cli53 export domain.com >> domain.com.txt