AWS Route 53 DCV Provisioner

Prerequisites

  • You need an AWS account with Route 53 hosted zones for the target domains.

  • You need either:

    • An IAM user with the route53:ChangeResourceRecordSets and route53:ListHostedZones permissions, and an access key/secret for that user, or

    • An IAM role attached to the Horizon host with the same permissions (no credentials required in that case).

How to configure a DCV Provisioner

1. Log in to Horizon Administration Interface.

2. Access DCV Provisioners from the drawer or card: DCV  Provisioners.

3. Click on Add Provisioner.

4. Fill in the mandatory fields.

General

  • Name* (string input):
    Enter a meaningful provisioner name. It must be unique for each DCV provisioner. Horizon uses the name to identify the provisioner.

  • Type* (select):
    Select the DNS provider type. Additional configuration fields are displayed depending on the selected type.

Connection

  • Timeout* (finite duration):
    Maximum time Horizon waits for a response from the DNS provider.

  • TTL* (finite duration):
    TTL applied to the DNS TXT record created for the validation challenge.

  • Proxy (select):
    The HTTP/HTTPS proxy to use to reach the DNS provider, if any.

Route 53 Configuration

  • Credentials (select):
    Select Login credentials containing the AWS access key ID and secret access key. If omitted, Horizon uses the value configured via environment variable at startup.

  • Region (string input):
    AWS region (e.g. us-east-1). If omitted, Horizon uses the value configured via environment variable at startup.

  • Endpoint (string input):
    Route 53 API endpoint. If omitted, Horizon uses the value configured via environment variable at startup.

  • Role ARN (string input):
    Enter the ARN of an IAM role for Horizon to assume before publishing challenge records. Used for cross-account DNS zone access.

Zone ID Mappings

See DCV Provisioners for a full explanation of zone ID mappings.

Click on Add Zone ID Mapping.

  • Zone ID* (string input):
    Route 53 hosted zone ID (e.g. `Z1D633PJN98FT9`).

  • Domain pattern* (regex):
    Regex matching domain names that belong to this zone.

You can delete Delete mapping a mapping.

Delegation Zone

See DCV Provisioners for a full explanation of delegation zones.

  • Delegation zone (string input):
    Optional DNS subdomain delegated to dedicated nameservers for DCV. When set, challenge records are published here instead of the domain’s authoritative zone.

5. Click on the save button.

You can edit Edit Provisioner or delete Delete Provisioner the AWS Route 53 DCV Provisioner.

You cannot delete a DCV Provisioner that is referenced by an existing DCV Policy.