How can I be notified when changes are made to Route 53 hosted zone records?

Last updated: 2020-04-10

How can I receive an email response with a custom notification when resource record sets are created or deleted from Amazon Route 53?

Short Description

Use a custom event pattern with an Amazon EventBridge or Amazon CloudWatch Events rule that triggers when ChangeResourceRecordSets API activity is logged in AWS CloudTrail. Then, route the response to an Amazon Simple Notification Service (Amazon SNS) topic.

Resolution

If you haven't already created an Amazon SNS topic, follow the instructions for Getting Started with Amazon SNS.

Note: The Amazon SNS topic must be in the US East (N. Virginia) Region. For more information, see Logging Route 53 API Calls with CloudTrail.

Use Amazon EventBridge to trigger email notifications

1.    Open the EventBridge console.

2.    In the navigation pane, choose Rules, and then choose Create rule.

3.    In Name and description, enter a name and description for the rule.

4.    In Define pattern, choose Event pattern, and then choose Pre-defined pattern by service.

5.    In the Service provider drop-down menu, choose AWS.

6.    In the Service name drop-down menu, choose Route 53.

7.    In the Event type drop-down menu, choose AWS PLI Call via CloudTrail.

8.    To trigger the rule for specific API calls, choose Specific operation(s).

9.    In the text box, enter ChangeResourceRecordSets.

10.    In the Target drop-down menu, choose SNS topic.

11.    In the Topic drop-down menu, choose your SNS topic.

12.    Expand Configure input, and then choose Input transformer.

13.    Copy the following input paths. Then, paste it in Input Path.

{
"eventTime":"$.detail.eventTime",
"hostedZone":"$.detail.requestParameters.hostedZoneId",
"userName": "$.detail.userIdentity.sessionContext.sessionIssuer.userName",
"eventID":"$.detail.eventID"
}

14.    Copy the following input template. Then, paste it in Input Template.

"At <eventTime>, one or more Route 53 records within Hosted Zone <hostedZone> were modified by user <userName>. To view the event directly in your Event History and review these changes, use the following link. Note that the event may take up to 15 minutes to be available in your Event History: https://console.aws.amazon.com/cloudtrail/home?region=us-east-1#/events?EventId=<eventID>"

15.    Choose Create.

16.    If an event type is triggered, you receive an SNS email notification with the custom fields populated from step 14 containing a console link to your event history similar to the following:

"At 2020-01-08T17:34:13Z, one or more Route53 records within Hosted Zone
 Z2QQOQ12345678 were modified by user exampleuser. To view the event 
directly in your Event History and review these changes, use the 
following link. Note that the event may take up to 15 minutes to 
be available in your Event History: 
https://console.aws.amazon.com/cloudtrail/home?region=us-east-1#/events?EventId=18c12bff-c379-1234-993f-41d3312342f99"

CloudWatch Events to trigger email notifications

1.    Open the CloudWatch console.

2.    In the navigation pane, choose Rules, and then choose Create rule.

3.    In the Service Name drop-down menu, choose Route 53.

4.    In the Event Type drop-down menu, choose AWS API Call via CloudTrail.

5.    To trigger the rule for specific API calls, choose Specific operation(s).

6.    In the text box, enter ChangeResourceRecordSets.

7.    In Targets, choose Add target.

8.    In Select Target, choose SNS topic.

9.    In the Targets drop-down menu, choose SNS topic.

10.    In the Topic drop-down menu, choose your SNS topic.

11.    Expand Configure input, and then choose Input Transformer.

12.    Copy the following input paths. Then, paste it in Input Path.

{
"eventTime":"$.detail.eventTime",
"hostedZone":"$.detail.requestParameters.hostedZoneId",
"userName": "$.detail.userIdentity.sessionContext.sessionIssuer.userName",
"eventID":"$.detail.eventID"
}

13.    Copy the following input template. Then, paste it in Input Template.

"At <eventTime>, one or more Route 53 records within Hosted Zone <hostedZone> were modified by user <userName>. To view the event directly in your Event History and review these changes, use the following link. Note that the event may take up to 15 minutes to be available in your Event History: https://console.aws.amazon.com/cloudtrail/home?region=us-east-1#/events?EventId=<eventID>"

14.    Choose Configure details.

15.    In Configure rule details, enter a name and description for the rule, and then choose Create rule.

16.    If an event type is triggered, you receive an SNS email notification with the custom fields populated from step 13 similar to the following:

"At 2020-01-08T17:34:13Z, one or more Route 53 records within Hosted Zone Z2QQOQ12345678 were modified by user exampleuser. To view the event directly in your Event History and review these changes, use the following link. Note that the event may take up to 15 minutes to be available in your Event History: https://console.aws.amazon.com/cloudtrail/home?region=us-east-1#/events?EventId=18c12bff-c379-4d5f-993f-41d3312342f99"

Parsing outputs

You can display specific change actions, record names, record types, and values passed as part of a ChangeResourceRecordSets API call with an SNS topic notification. However, in the following examples the output can be difficult to parse for batches with multiple changes:

Example input paths:

{
"eventTime":"$.detail.eventTime",
"hostedZone":"$.detail.requestParameters.hostedZoneId",
"userName": "$.detail.userIdentity.sessionContext.sessionIssuer.userName",
"eventID":"$.detail.eventID",
"action":"$.detail.requestParameters.changeBatch.changes[*].action",
"recordType":"$.detail.requestParameters.changeBatch.changes[*].resourceRecordSet.type",
"recordName":"$.detail.requestParameters.changeBatch.changes[*].resourceRecordSet.name",
"value":"$.detail.requestParameters.changeBatch.changes[*].resourceRecordSet.resourceRecords[*].value"
}

Example input template:

"At <eventTime>, Route 53 record(s) <recordName> of record type(s) <recordType> within Hosted Zone <hostedZone> were modified by user <userName>. The record values were configured to <value>. To view the event directly in your Event History and review these changes, use the following link. Note that the event may take up to 15 minutes to be available in your Event History: https://console.aws.amazon.com/cloudtrail/home?region=us-east-1#/events?EventId=<eventID>"

Example notification:

"At 2020-01-08T18:38:25Z, Route 53 record(s) 
[eventtest1.example.com,eventtest2.example.com,eventtest3.example.com] 
of record type(s) [A,A,A] within Hosted Zone Z2QQOQG4PLKFJ3 were 
modified by user testuser. The record values were configured to 
[1.1.1.1,2.2.2.2,3.3.3.3,4.4.4.4,5.5.5.5,6.6.6.6,10.10.10.10,15.15.15.15,20.20.20.20].
 To view the event directly in your Event History and review these 
changes, use the following link. Note that the event may 
take up to 15 minutes to be available in your Event History: 
https://console.aws.amazon.com/cloudtrail/home?region=us-east-1#/events?EventId=6ce46abc-12345678-a286-090aded68b29"

If you want to receive all details of the changes with an SNS topic notification and display them in a more readable format, consider using AWS Lambda. For example, you can pass the full JSON event to a Lambda function target for parsing the data array for the actions, record types, record names, and values.