Amazon Route53
- 18 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Amazon Route53
- Updated on 18 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. Route 53 performs domain registration, DNS routing, and health checking. DNS query logs are not accessible directly through AWS Route53. CloudWatch logs are used to view AWS Route53 DNS query logs in near real-time.
For more information on AWS Route53, click here.
Integration Method: API
Tables: DNS Activity (4003)
This integration supports the following events.
Events | Description |
|---|---|
DNS Query | Information about the public DNS queries that Route 53 receives |
This integration supports the following versions.
AWS Route53 API version | 20140328 |
Prerequisites
To configure CloudWatch Log groups for AWS Route53, refer here.
Refer to this common procedure on how to create an IAM user, configure the AWS Access Key and AWS Secret Key, attach an IAM policy with required permissions.
Configuration Overview
Configure AWS Route53 to route logs to CloudWatch.
Generate an AWS Access Key & Secret Key with the required IAM policies.
Add the AWS Route53 data feed in the DataBee console with the required Access Key and Secret Key.
DataBee Parameter | AWS Parameters |
|---|---|
Access Key | AWS Access Key |
Secret Key | AWS Secret Key |
AWS Region | AWS Region |
Service Name | logs |
Log Group ARN | CloudWatch Log group ARN for AWS Route53 DNS query logs |
AWS Route53 – IAM Policy Information
Start by creating a IAM user with the API credentials. This common step is documented at AWS Configuration Prerequisites.
Once the IAM user has been created, the following permissions will need to be added to a role associated with the user. Refer to Adding Permissions to an IAM user for the steps.
Ensure AWS Access Key is attached to an IAM policy with following Actions allowed on the CloudWatch log group resource. For reference, you can check the below required minimum IAM policy.
logs:DescribeLogGroups
logs:DescribeLogSteams
logs:GetLogEvents
Required Minimum IAM policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Resource": [
"arn:aws:logs:*:*:*"
]
}
]
}DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the AWS Route53 and click it as shown below.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
API Base URL: this is the base URL that DataBee will interact with. Replace <aws-region> with appropriate AWS region.
Authorization Method: AWS Signature
Access Key: paste the AWS Client Access Key.
Secret Key: paste the AWS Client Secret Key.
Session Token: can be left empty.
AWS Region: type the AWS region.
Service Name: logs
Event types: preselected for all the event types that integration pulls.
Log Group ARN: paste the CloudWatch log group created for AWS Route53.
Click Submit.
Troubleshooting Tips
Ensure the Access Key, Secret Key, Log Group ARN are pasted correctly. Since you cannot view the Secret Key after the 1st time, re-create the AWS Access Key & AWS Secret Key, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.
Ensure the AWS Route53 scopes/permissions are correctly attached to the AWS Access Key.
Was this article helpful?