1. Docs
  2. Advanced setup
  3. External DNS
  4. AWS Route 53 with static credentials

Last modified April 18, 2023

External DNS with AWS Route 53 and static credentials

External DNS in Giant Swarm is configured to authenticate against AWS using the method available on the cluster (KIAM or IRSA). But there are cases where this is no possible, for example, if you try to manage your DNS records in AWS Route 53 from a cluster running on a different provider.

Credentials

This method requires pre-created credentials to authenticate with its respective policy attached.

You can find more information in the AWS Route 53 - IAM Policy and the AWS Route 53 - Static Credentials tutorials.

Configuration

There are two possible configurations described in this section.

Important: Independent of the cloud provider where the App is running, you must set the provider value as aws, as shown in the examples.

This method configures the App to mount the credentials file from an existing external-dns-route53 secret.

The secret must contain a file with the following format:

[default]
aws_access_key_id = _REPLACE_WITH_ACCESS_KEY_ID_
aws_secret_access_key = _REPLACE_WITH_ACCESS_KEY_SECRET_

Use the following values to set up the external-dns-app:

# values.yaml

provider: aws

aws:
  baseDomain: <domain>

env:
- name: AWS_SHARED_CREDENTIALS_FILE
  value: /.aws/credentials

extraVolumeMounts:
- name: aws-credentials
  mountPath: /.aws
  readOnly: true

extraVolumes:
- name: aws-credentials
  secret:
    secretName: external-dns-route53

Inject access key as values

Starting from version 2.35.1, with the addition of the secretConfiguration values, the external-dns-app supports 2 ways to load static credentials:

secretConfiguration

This method is flexible as it loads credentias from the chart values and stores them in a Secret without making any assumptions about the structure of your data. It can be used in conjunction with env values to provide the credentials to the application.

This example is the equivalent configuration to the one outlined in the following section:

# values.yaml

provider: aws

aws:
  baseDomain: <domain>

env:
  - name: AWS_ACCESS_KEY_ID
    valueFrom:
      secretKeyRef:
        name: external-dns
        key: aws_access_key_id
  - name: AWS_SECRET_ACCESS_KEY
    valueFrom:
      secretKeyRef:
        name: external-dns
        key: aws_secret_access_key

secretConfiguration:
  enabled: true
  data:
    aws_access_key_id: <key_id>
    aws_secret_access_key: <secret>

aws_access_key_id and aws_secret_access_key

Warning: This method will be deprecated in future versions.

This configuration directly injects the aws_access_key_id and aws_secret_access_key into the App.

# values.yaml

provider: aws

aws:
  access: external
  baseDomain: <domain>

externalDNS:
  aws_access_key_id: <key_id>
  aws_secret_access_key: <secret>

Further reading

Giant Swarm’s managed microservices infrastructure enables enterprises to run agile, resilient, distributed systems at scale, while removing the tasks related to managing the complex underlying infrastructure.

GET IN TOUCH
General: hello@giantswarm.io

CERTIFIED SERVICE PROVIDER

RESOURCES

Webinars
Documentation
Blog
Partners
Events
Legal

COMPANY

About Us
Product
Customers
Careers
Contact Us

PLATFORMS

AWS
Azure
OpenStack
Copyright © 2023 Giant Swarm GmbH. All Rights Reserved.