Custom chef recipe to integrate OpsWorks with Route53

0
votes

I'd like to add a custom recipe to my OpsWorks stack to create a Route53 DNS record whenever a new instance is started and remove the DNS record whenever it is stopped.

There's a Route53 Chef cookbook that looks like it can do this. It takes the following form:

route53_record "create a record" do
  name  "test"
  value "16.8.4.2"
  type  "A"
  zone_id               node[:route53][:zone_id]
  aws_access_key_id     node[:route53][:aws_access_key_id]
  aws_secret_access_key node[:route53][:aws_secret_access_key]
  overwrite true
  action :create
end

My question is: is there a way to get the AWS credentials from OpsWorks attributes that this chef recipe requires? What would be the best practice for passing in these credentials? Custom JSON?

1
dnschef-infraamazon-route53aws-opsworks
No - you have to supply them. Why would Opsworks expose those credentials for you?sethvargo

1 Answers

5
votes

You should be using IAM Instance Profiles for your servers. This is the best security practice. ( link aws blog post

It will also work with the route53 cookbook. Without specifying the authkey/secretkey pair, you will force the use of the instance profile access details.