2 # Distributed under the terms of the GNU General Public License (GPL) version 2.0
3 # based on Yuval Adam's route53.sh found at https://github.com/yuvadm/route53-ddns/blob/master/route53.sh
4 # 2017 Max Berger <max at berger dot name>
6 [ -z "${CURL_SSL}" ] && write_log
14 "Amazon AWS Route53 communication require cURL with SSL support. Please install"
7 [ -z "{$username}" ] && write_log
14 "Service section not configured correctly! Missing key as 'username'"
8 [ -z "${password}" ] && write_log
14 "Service section not configured correctly! Missing secret as 'password'"
9 [ -z "${domain}" ] && write_log
14 "Service section not configured correctly! Missing zone id as 'domain'"
11 ENDPOINT
="route53.amazonaws.com"
13 RECORD_NAME
="${lookup_host}."
14 [ ${use_ipv6} -eq 0 ] && RECORD_TYPE
="A"
15 [ ${use_ipv6} -eq 1 ] && RECORD_TYPE
="AAAA"
16 RECORD_VALUE
="${LOCAL_IP}"
17 HOSTED_ZONE_ID
="${domain}"
18 API_PATH
="/2013-04-01/hostedzone/${HOSTED_ZONE_ID}/rrset/"
20 AWS_ACCESS_KEY_ID
="${username}"
21 AWS_SECRET_ACCESS_KEY
="${password}"
22 AWS_REGION
='us-east-1'
27 echo -en "${msg}" | openssl dgst
-sha256 |
sed 's/^.* //'
31 # Sign message using a plaintext key
34 echo -en "${msg}" | openssl dgst
-hex -sha256 -hmac "${key}" |
sed 's/^.* //'
38 # Sign message using a hex formatted key
41 echo -en "${msg}" | openssl dgst
-hex -sha256 -mac HMAC
-macopt "hexkey:${key}" |
sed 's/^.* //'
44 request_body
="<?xml version=\"1.0\" encoding=\"UTF-8\"?> \
45 <ChangeResourceRecordSetsRequest xmlns=\"https://route53.amazonaws.com/doc/2013-04-01/\"> \
49 <Action>UPSERT</Action> \
51 <Name>${RECORD_NAME}</Name> \
52 <Type>${RECORD_TYPE}</Type> \
53 <TTL>${RECORD_TTL}</TTL> \
56 <Value>${RECORD_VALUE}</Value> \
59 </ResourceRecordSet> \
63 </ChangeResourceRecordSetsRequest>"
65 fulldate
="$(date --utc +%Y%m%dT%H%M%SZ)"
66 shortdate
="$(date --utc +%Y%m%d)"
67 signed_headers
="host;x-amz-date"
68 request_hash
="$(hash "${request_body}")"
69 canonical_request
="POST\n${API_PATH}\n\nhost:route53.amazonaws.com\nx-amz-date:${fulldate}\n\n${signed_headers}\n${request_hash}"
71 date_key
="$(sign_plain "AWS4
${AWS_SECRET_ACCESS_KEY}" "${shortdate}")"
72 region_key
="$(sign "${date_key}" ${AWS_REGION})"
73 service_key
="$(sign "${region_key}" ${AWS_SERVICE})"
74 signing_key
="$(sign "${service_key}" aws4_request)"
76 credential
="${shortdate}/${AWS_REGION}/${AWS_SERVICE}/aws4_request"
77 sigmsg
="AWS4-HMAC-SHA256\n${fulldate}\n${credential}\n$(hash "${canonical_request}")"
79 signature="$
(sign
"${signing_key}" "${sigmsg}")"
81 authorization="AWS4-HMAC-SHA256 Credential
=${AWS_ACCESS_KEY_ID}/${credential}, SignedHeaders=${signed_headers}, Signature=${signature}"
83 ANSWER="$
(flock
/tmp
/$
(basename -s .sh
"$0").lock curl \
85 -H "Host: route53.amazonaws.com" \
86 -H "X-Amz-Date: ${fulldate}" \
87 -H "Authorization: ${authorization}" \
88 -H "Content-Type: text/xml" \
90 "https://${ENDPOINT}${API_PATH}")"
91 write_log 7 "${ANSWER}"
93 echo "${ANSWER}" | grep -F "Error
" >/dev/null && return 1
94 echo "${ANSWER}" | grep -F "ChangeInfo
" >/dev/null && return 0