How to retrieve DNS records for a specific domain in AWS Route 53 via PowerShell
To be able to retrieve DNS records from AWS, you need 3 things:
- AWS user account that has permissions to READ such DNS zone
- DNS zone ID
- Powershell function that will give you the results
Create a user account
Login to AWS and create a new user account in AWS IAM
Create a Security policy
This policy will grant members rights to READ data for selected DNS zone
In IAM
you create new policy:
- This policy needs to grant following permissions:
- You can find
Hosted Zone ID
forResources
restriction like
Assign created policy to the user
Use PowerShell function to retrieve the results
Now when you have the user account that can be used to retrieve DNS data from AWS, use it in bellow Get-AWSDNSZoneRecord
function with domainZoneID
retrieved earlier
function Get-AWSDNSZoneRecord {
<#
.SYNOPSIS
Function will return DNS records for given DNS zone hosted in AWS.
.DESCRIPTION
Function will return DNS records for given DNS zone hosted in AWS.
.PARAMETER domainZoneID
Zone ID.
.PARAMETER credential
Credentials for user that has read permission on given DNZ zone.
.EXAMPLE
Get-AWSDNSZoneRecord -domainZoneID Z019043928439
#>
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[string] $domainZoneID
,
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential] $credential
)
try {
Import-Module AWS.Tools.Common -ea stop
Import-Module AWS.Tools.Route53 -ea stop
} catch {
throw "Important module is missing (AWS.Tools.Common or AWS.Tools.Route53). To download this modules use:`n`n
Install-Module -Name AWS.Tools.Installer -Force
Install-AWSToolsModule AWS.Tools.Common,AWS.Tools.Route53 -CleanUp"
}
$accessKey = $credential.UserName
$secretKey = $credential.GetNetworkCredential().password
Set-AWSCredential -AccessKey $accessKey -SecretKey $secretKey
# because results are returned by 100 items, you have to iterate (there is maxItem parameter but is limited to 300)
# https://forums.aws.amazon.com/message.jspa?messageID=463427
$nextIdentifier = $null
$nextType = $null
$nextName = $null
[System.Collections.ArrayList] $result = @()
do {
$recordSet = Get-R53ResourceRecordSet -HostedZoneId "/hostedzone/$domainZoneID" -StartRecordIdentifier $nextIdentifier -StartRecordName $nextName -StartRecordType $nextType
$recordSet.ResourceRecordSets | select @{n = "name"; e = { $name = $_.name; if ([string]::IsNullOrEmpty($name)) { "@" } else { $name } } }, type , @{n = "value"; e = { $_.ResourceRecords.value } } | % {
$name = $_.name
$type = $_.type
if ($_.value.getType().name -ne "String") {
# for each value create separate object
$_.value | % {
[void] $result.add(
[PSCustomObject]@{
name = $name
type = $type
value = $_
}
)
}
} else {
# value is string, there is no need to expand it
[void] $result.add(
[PSCustomObject]@{
name = $name
type = $type
value = $_.value
}
)
}
}
# set up for the next call
if ($recordSet.IsTruncated) {
$nextIdentifier = $recordSet.NextRecordIdentifier
$nextType = $recordSet.NextRecordType
$nextName = $recordSet.NextRecordName
}
} while ($recordSet.IsTruncated)
return $result
}
Get-AWSDNSZoneRecord -domainZoneID 'Z01whatever'
Similar approach can be used to retrieve any information from AWS.