kali ini saya akan berbagi tutorial tentang route53 aws. Amazon Route 53 adalah layanan web Sistem Nama Domain (DNS) cloud dengan ketersediaan dan penskalaan tinggi. Amazon Route 53 dirancang untuk memberikan pengembang dan bisnis cara yang sangat tepercaya dengan biaya hemat untuk merutekan pengguna akhir ke aplikasi internet dengan menerjemahkan nama seperti www.example.com ke alamat IP numerik seperti 192.0.2.1 yang digunakan komputer untuk saling menghubungkan. Amazon Route 53 juga sangat sesuai dengan IPv6.
Keuntungannya adalah kita tidak perlu menghapal IP lagi apabila ingin masuk ke server atau mengetaui karena kita sudah memberikan penamaan untuk masing2 ec2 instance. Hal ini juga mempermudah kita dalam pemetaan infrastruktur kita pada aws. Sangat disarankan anda harus memahami tentang aws terlebih dahulu sebelum memulai tutorial dibawah ini.
- Buka dashboard aws, pilih service lalu cari route53, kemudian create hosted zone. Setelah mengisi keterangan domain. Cari hosted zone id yang akan kita gunakan nanti pada script register domain.
- Buat Custom IAM Policy untuk akses ke route53 aws.
- Buat IAM Policy DescribeTagEC2
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeAggregateIdFormat", "ec2:DescribeVolumesModifications", "ec2:DescribeSnapshots", "ec2:DescribePlacementGroups", "ec2:DescribeHostReservationOfferings", "ec2:DescribeInternetGateways", "ec2:DescribeVolumeStatus", "ec2:DescribeScheduledInstanceAvailability", "ec2:DescribeSpotDatafeedSubscription", "ec2:DescribeVolumes", "ec2:DescribeFpgaImageAttribute", "ec2:DescribeExportTasks", "ec2:DescribeAccountAttributes", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeReservedInstances", "ec2:DescribeKeyPairs", "ec2:DescribeNetworkAcls", "ec2:DescribeRouteTables", "ec2:DescribeReservedInstancesListings", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeSpotFleetRequestHistory", "ec2:DescribeLaunchTemplates", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpnConnections", "ec2:DescribeSnapshotAttribute", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeReservedInstancesOfferings", "ec2:DescribeIdFormat", "ec2:DescribeFleetInstances", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribePrefixLists", "ec2:DescribeVolumeAttribute", "ec2:DescribeInstanceCreditSpecifications", "ec2:DescribeVpcClassicLink", "ec2:DescribeImportSnapshotTasks", "ec2:DescribeVpcEndpointServicePermissions", "ec2:DescribeScheduledInstances", "ec2:DescribeImageAttribute", "ec2:DescribeFleets", "ec2:DescribeVpcEndpoints", "ec2:DescribeReservedInstancesModifications", "ec2:DescribeElasticGpus", "ec2:DescribeSubnets", "ec2:DescribeVpnGateways", "ec2:DescribeMovingAddresses", "ec2:DescribeFleetHistory", "ec2:DescribePrincipalIdFormat", "ec2:DescribeAddresses", "ec2:DescribeInstanceAttribute", "ec2:DescribeRegions", "ec2:DescribeFlowLogs", "ec2:DescribeDhcpOptions", "ec2:DescribeVpcEndpointServices", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeVpcAttribute", "ec2:DescribeSpotPriceHistory", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeInstanceStatus", "ec2:DescribeHostReservations", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeTags", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeBundleTasks", "ec2:DescribeIdentityIdFormat", "ec2:DescribeImportImageTasks", "ec2:DescribeClassicLinkInstances", "ec2:DescribeNatGateways", "ec2:DescribeCustomerGateways", "ec2:DescribeVpcEndpointConnectionNotifications", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotFleetRequests", "ec2:DescribeHosts", "ec2:DescribeImages", "ec2:DescribeFpgaImages", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeVpcs", "ec2:DescribeConversionTasks", "ec2:DescribeStaleSecurityGroups" ], "Resource": "*" } ] } - Buat EC2 user dan group only read access, kemudian assign group pada langkah ke 4 diatas
- Buat ec2 instance dengan tag seperti dibawah ini:
Name : test.nostra.local
Service: test - Install python, pip, awscli, ec-metadata and cli53 in the EC2 instance
yum install python curl -O https://bootstrap.pypa.io/get-pip.py python3 get-pip.py pip install awscli --upgrade cd wget http://s3.amazonaws.com/ec2metadata/ec2-metadata chmod u+x ec2-metadata wget https://github.com/barnybug/cli53/releases/download/0.8.7/cli53-linux-amd64 sudo mv cli53-linux-amd64 /usr/local/bin/cli53 sudo chmod +x /usr/local/bin/cli53 - Buat script register domain to route53
sudo touch /usr/sbin/update-route53-dns sudo chmod +x /usr/sbin/update-route53-dns sudo nano /usr/sbin/update-route53-dns
- Sesuaikan onfigurasi file ~/.aws/credentials untuk route53 profile yang sudah dibuat sebelumnya
nano .aws/credentials [default] aws_access_key_id = EC2 user Key Id aws_secret_access_key = EC2 user Secret Key [route53user] aws_access_key_id = Route53user Key Id aws_secret_access_key = Route53user secret key
- Sesuaikan konfigurasi zone pada file ~/.aws/config
nano ./aws/config [default] region=your region output=json
- Untuk membuatnya otomatis run saat ec2 server reboot:
chmod +x /etc/rc.local cat /etc/rc.local # # THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES # # It is highly advisable to create own systemd services or udev rules # to run scripts during boot instead of using this file. # # In contrast to previous versions due to parallel execution during boot # this script will NOT be run after all other services. # # Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure # that this script will be executed during boot. touch /var/lock/subsys/local # Add this line before exit 0
/usr/sbin/update-route53-dns
- Instalasi telah selesai, untuk mencoba nya dapan menjalankan script:
/usr/sbin/update-route53-dns
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"route53:GetHostedZone",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/ZH3L54A2ZOHEN"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListHostedZonesByName"
],
"Resource": "*"
}
]
Isi file tersebut seperti dibawah ini:
#!/bin/sh # Load configuration and export access key ID and secret for cli53 and aws cli . /etc/route53/config export AWS_ACCESS_KEY_ID export AWS_SECRET_ACCESS_KEY #export ZONE="AKIAJJX2XQNEA4D6UTPQ" # The TimeToLive in seconds we use for the DNS records TTL="300" # Get the private and public hostname from EC2 resource tags REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep region | awk -F\" '{print $4}') INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) INTERNAL_HOSTNAME=$(aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" "Name=key,Values=Service" --region=$REGION --output=text | cut -f5) #PUBLIC_HOSTNAME=$(aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" "Name=key,Values=Name" --region=$REGION --output=text | cut -f5) # Get the local and public IP Address that is assigned to the instance LOCAL_IPV4=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) #PUBLIC_IPV4=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4) # Create a new or update the A-Records on Route53 with public and private IP address cli53 rrcreate --replace "$ZONE" "$INTERNAL_HOSTNAME $TTL A $LOCAL_IPV4" hostnamectl set-hostname ${INTERNAL_HOSTNAME}.nostra.local #cli53 rrcreate --replace "$ZONE" "$PUBLIC_HOSTNAME $TTL A $PUBLIC_IPV4"
No comments:
Post a Comment