Migrate AWS DNS records by using cli35

Introduction

When you migrate resources from one Amazon Web Services© (AWS) account to another, you might be asked to migrate the Amazon Route 53™; Domain Name Service (DNS) records as well. To do this, use cli53, a command line tool for Amazon Route 53, to migrate Route 53 DNS records from the source to the target. cli53 exports all the DNS records into a JSON file. After cli53 moves the records, you need to make some complex changes to the file before finally importing it to the target. This blog explains how to simplify the process of migrating all Route 53 DNS records from the source to the target.

Overview

Use the following steps to migrate DNS records by using cli53:

1. Download and install cli53 from GitHub.
2. Create an identity and access management (IAM) user in both the AWS source and
   target accounts.
3. Export the Route 53 DNS records from the source AWS account.
4. Import the Route 53 DNS records to the target AWS account.

 Download and install cli53

Download the cli53 utility from GitHub

To install cli53, select from the following installation instructions based on your operating system.

 Linux

To install cli53 on Linux© , run the following commands:

    $ sudo mv cli53-my-platform /usr/local/bin/cli53
    $ sudo chmod +x /usr/local/bin/cli53

 Apple Mac

To install cli53 on an Apple© Mac© , run the following command:

    $ brew install cli53

 Microsoft Windows

You can run the cli53 executable (extension .exe) on Microsoft© Windows© without installing it.

To verify cli53 on Windows, perform the following tasks:

1. Open a command prompt.
2. Change directory to the location where you downloaded the cli53 executable.
3. Run the cli35 list command, as shown in the following image:

 Create an IAM user 

You need to create an IAM user on both the AWS accounts. cli53 requires one IAM user on the source AWS account to export all the DNS records to a plain text file and one IAM user on the target AWS account to import all the DNS records.

Use the following instructions to create an IAM user:

1. Log in to the source AWS account.
2. Go to the IAM service console and click Users.
3. Click Add User
4. Enter your user name, select Access type -> Programmatic Access and click Next: Permissions as shown in the following image.

Use the following instructions to create an IAM user:

1. Log in to the source AWS account.
2. Go to the IAM service console and click Users.
3. Click Add User
4. Enter your user name, select Access type -> Programmatic Access and click Next: Permissions as shown in the following image.

Select Attach existing policies directly, type route53 in the filter policies search bar, select the  AmazonRoute53FullAccess
  policy, and click Next: Review as shown in the following image:

 The following screen displays:

   Click Create User. On the confirmation screen, shown in the following image, make note of your IAM Access key ID and Secret
  access key. We recommend that you download your keys to a .csv file on your local machine.

Repeat the preceding steps for the target AWS account

 Export Route 53 DNS records from the source account 

The cli53 utility exports all Route 53 DNS records to a plain text file. This file has all the records. You can easily edit all the DNS records and their parameters. Use the following instructions to export Route 53 DNS records:

1. Go to your .aws home directory and find the credentials file as shown in the following image:

Open the editor and update the file, credentials, with your Access key id and Secret access key from the IAM user that you
  created on the source AWS account as shown in the following image. Save the file. 

Open a command prompt and run the list command to verify that you are on the source AWS account as shown in the following image: 

Run the following command to export the Route 53 hosted zones into the file from the source AWS account to create a plain text file with all the Route 53 DNS records.

    C:\> cli53-windows-386.exe export <hosted-zone-name> > /path/to/file 

 Import Route 53 records to the target account 

To import the DNS records to the target AWS account, you need to create hosted zones before importing the DNS records. Delete the NS and SOA DNS records from the plain text export file because these records are available in the target hosted zone. You should also update the credentials file with the target AWS account, IAM user Access key ID, and Secret access key.

Use the following steps to import the DNS records to the target AWS account:

1. Delete the NS and SOA records from the export file.  Also, if there is a different domain name on the target AWS account, update the domain
name under $ORIGIN in the plain text file and save the file.

The following image shows the DNS file before the record deletion:

The following image shows the DNS file after the record deletion:

.Update the credentials file in your home directory to add the target AWS account IAM user Access key ID and Secret access key as shown in the following image:

Open a command prompt and verify that you have successfully switched to the target AWS account. Run the list command to check the hosted zones at the target site as shown in the following image: 

 If there is not already a hosted zone in the target AWS account, create one to use to import the DNS records from the plain text file by running the following command:

    C:\> cli53-windows-386.exe create <hosted-zone name> --comment ‘<comments>’

Import the DNS records to the hosted zone on the target AWS account. Copy the hosted zone ID and run the following command:

    C:\> cli53-windows-386.exe import --file </path/to/file> <hosted-zone-name>

Verify all of the DNS records on the target AWS account under the Route 53 management console and check that all the records are in place as   shown in the following images: 

  Conclusion

Migrating DNS is a crucial activity in every migration. Manual changes in DNS record sets are error-prone and can lead to unavoidable outages. The cli53 utility makes it easy to migrate all DNS records to the target AWS environment by creating a plain text file that is both easy to understand and update.