Route 53 Policy to Change Records

Here’s the IAM policy you’ll need to change Route 53 DNS records. Substitute with your own hosted zone id.

{
   "Statement":[{
      "Effect":"Allow",
      "Action":["route53:ChangeResourceRecordSets"],
      "Resource":"arn:aws:route53:::hostedzone/*HOSTEDZONEID*"
      }
   ],
   "Statement":[{
      "Effect":"Allow",
      "Action":["route53:GetChange"],
      "Resource":"arn:aws:route53:::change/*"
      }
   ]
}

Add to policy to a user.

Change DNS Records in Route 53 via CLI

How to change DNS records in Route 53 via AWS CLI.

  • Assuming AWS CLI is already configured
  • Uses Route53 change-resource-record-sets to update DNS records
  • Substitute with your own hosted-zone-id
  • Uses JSON files containing record sets
  • See JSON file examples below
cd /path/to/scripts/
# the command to switch to the elb
aws route53 change-resource-record-sets --hosted-zone-id xxxxxxxxxxxxxx --change-batch file://elb.json
# the command to switch to standard site
aws route53 change-resource-record-sets --hosted-zone-id xxxxxxxxxxxxxx --change-batch file://live.json

elb.json = points to AWS ELB (elastic load balancer)

{
   "Comment": "back to elb",
   "Changes": [
      {
         "Action": "UPSERT",
         "ResourceRecordSet": {
            "Name": "yourdomain.com",
            "Type": "A",
            "AliasTarget": {
               "HostedZoneId": "xxxxxxxxxxxxxx",
               "EvaluateTargetHealth": false,
               "DNSName": "xxxxxxxxxxxxx.us-east-1.elb.amazonaws.com."
            }
         }
      }
   ]
}

live.json = points to your standard site. Value is your IP Address.

{
   "Comment": "back to live",
   "Changes": [
      {
         "Action": "UPSERT",
         "ResourceRecordSet": {
            "Name": "yourdomain.com",
            "Type": "A",
            "TTL": 60,
            "ResourceRecords": [
               {
                  "Value": "xxx.xxx.xxx.xxx"
               }
            ]
         }
      }
   ]
}

CloudFront SSL Certificates

If you have SSL on your website, you can import your own SSL certificates into CloudFront, which is a content delivery network service by AWS. You will need to work a few AWS services to get it working.

  • CloudFront – create a distribution
  • Route 53 – create a hosted zone and add a CNAME
  • Certificate Manager – import your SSL certificate

Finally, on the WordPress side, enable the use CloudFront in your SuperCache plugin.

Seems simple, but you’ll need some patience to get it working.

Look at your HTML source to see if your CDN is really working.

Multiple TXT DNS Records

I recently moved my website hosting from Linode to AWS LightSail. Part of the move was working with Route 53 for DNS, as well as setting up my domain’s email, e.g. the MX record. I’m using ProtonMail for email and they require that I add multiple TXT records. Part of the problem is Route 53 will not allow duplicate TXT records. After a few searches, I learned that you can enter in multiple values in the TXT record as long as you place them on multiple lines. That solved the problem for me.