Simple and cost-efficient Dynamic DNS build with AWS Lamda and Route 53.
This project provides an AWS Lambda function with which you can set A-records dynamically for one domain you have configured in AWS Route 53. For authentication, a token is used which is stored using AWS Secrets Manager.
Usually consumer grade routers (Linksys, AVM, etc.) provide a dynamic DNS feature which just supports calling a URL with HTTP GET method. All dynamic DNS settings need to be sent via URL query parameters.
This project uses an ARM64 Docker image as it is more cost-efficient to run AWS Lambda functions on ARM64 architecture.
If you want to cover this use case, this project is for you.
I like infrastructure-as-code, so deployment is fully automated with OpenTofu.
Prerequisites:
- AWS CLI installed and configured
- OpenTofu installed
Add .env and .secrets files in opentofu directory following the examples then you are ready to go. In opentofu directory
just do what you usually need to do:
tofu init
tofu plan
tofu applyState isn't persisted in this repository as this is a public one. So you probably want to fork/clone this repository and tweak the .gitignore file.
The Lambda function URL is provided as output.
- Create a private container registry in AWS ECR
- Build and push the Docker image to that registry:
aws ecr get-login-password --region <your region> | docker login --username AWS --password-stdin <your ECR registry> docker build -t simple-dyn-dns --platform linux/arm64 -f ./container/Dockerfile . docker tag simple-dyn-dns:latest <your ECR registry>simple-dyn-dns:latest docker push <your ECR registry>/simple-dyn-dns:latest
- Add secret in AWS Secrets Manager:
- configure a secure token for your client_id
- Create a AWS Lambda function:
- use the just created Docker image from AWS ECR for the function
- configure environment variables for the function:
- ROUTE_53_HOSTED_ZONE_ID (required)
- ROUTE_53_RECORD_TTL (optional, default=3600sec)
- SECRETS_MANAGER_REFRESH_INTERVAL (optional, default=86400sec)
- configure an URL for AWS Lambda function
- configure permissions for AWS Lambda function (execution role):
- read secret from AWS Secrets Manager
- read and write DNS Records with AWS Route 53
Configure your router to call the AWS Lambda function URL with query parameters like this:
https://uwigefgf8437rgeydbea2q40jedbl.lambda-url.eu-central-1.on.aws/?domain=www.example.com&ip=123.45.56.78&client_id=linksys_router&token=78234rtgf438g7g43r4bfi3784fgh