Integrating AWS Route53 with Xeams To Programmatically Modify DNS Records


Many features in Xeams require modifications to your DNS server. Integrating AWS Route53 with Xeams makes such modifications a breeze. The following features in Xeams require TXT records in a DNS server:

  • SPF
  • DKIM
  • DMARC
  • MTA-STS
  • Let's Encrypt - when using DNS for the challenge
Note that this feature is applicable if you have one or more domains using AWS Route53 as the DNS server.

Benefits

Consider the following scenario as an example:

  • You have a domain example.com that uses AWS Route53's DNS server.
  • You want Xeams to create a new DKIM keys. You go to Filter Management/DKIM and add example.com as your domain.
  • Xeams creates a public/private key in the background and now asks you to paste your public key in your DNS server. Normally, you would have to copy/paste these values into the DNS server yourselves. However, once AWS Route53 is integrated with Xeams, this step is just a click away.

Steps To Integrate

  • Log in to your Xeams console as an administrator and click Tools/DNS Integration
  • Select AWS Route53 from the Available Providers and click Add Integration
Integrating with AWS53 has two sections; creating a user with the necessary permissions, and creating the access key.

Create IAM User with AWS53 Permissions

  • Open another tab or browser window
  • Log in to your AWS IAM account
  • Under Access management, click on Users. In this page, click on Add Users

  • Specify a User Name here. For example, AWS53_Xeams. Click on Next afterwards.
  • In Permissions options, select Attach policies directly. Then, search for "AmazonRoute53FullAccess" and select this permission as shown below:

    Select Next afterward. After reviewing the information, click on Create User.

Creating Access Key for the User

  • Now that the User has been created, click on the user to view more information about it. Next, click on the Security Credentials tab.
  • Scroll down until you see the Access keys section. Click on Create access key as shown below:
  • For the "Use case" option, select Application running outside AWS. Next, create a short description, then click on Create access key.
  • You will now see the access key, along with the secret key.
    IMPORTANT: make sure you copy the value for the secret key here, as this page will be the only way to view the secret key. If you lose this key, you will need to deactivate the current access key and create a new one. Click on Done when you have copied the keys.
  • Switch back to the tab for Xeams.
  • Enter a Friendly Name and copy/paste the values for Key and Secret from AWS Route53's tab
  • Click Add
  • Once added, Xeams will pull a list of domains that are handled by your AWS Route53 account, cross reference them with your configured domain names and display a count that matches.

    • Handled Domains

    Xeams pulls a list of domains that are handled by AWS Route53 and matches them with the domains that are configured in Xeams. For example, if you have 5 domains in Xeams but only 3 are handled by AWS Route53, you will not be able to modify records for the other two domains.

    If you add another domain in Xeams at a later time, click the Refresh domain list button to recreate this mapping as shown below.