This is a drop-in provider for apnscp to enable DNS support for accounts that use AWS. This provider is built into apnscp.
EditDomain -c dns,provider=aws -c dns,key='[key:ABCDEF123,secret:AbCdEf12345]' domain.com
Where the key is created within AWS. Your API key is available within your AWS IAM Console. See also Managing Access Keys for Your AWS Account Root User.
- key: IAM key
- secret: IAM secret
- region: AWS region. Refer to Regions and Availability Zones
AWS may be configured as the default provider for all sites using the dns.default-provider
Scope. When adding a site in Nexus or AddDomain the key will be replaced with "DEFAULT". This is substituted automatically on account creation.
In a multi-user environment, Keyring usage is necessary to protect users from accessing the password. When setting this value using the dns.default-provider-key in 3.2.42+, this value is automatically encoded as a Keyring value. Automatic wrapping as a Keyring object may be altered by changing [auth] => keyring_provider_types.
cpcmd scope:set dns.default-provider aws
# Note, this method is insecure prior to 3.2.42, see below!
cpcmd scope:set dns.default-provider-key '[key:ABCDEF123,secret:abCdEf12345]'
::: warning
Note that it is not safe to set this value directly in config.ini as a server-wide default in untrusted multiuser environments. A user with panel access can retrieve your key common_get_service_value dns key
or even using Javascript in the panel, apnscp.cmd('common_get_service_value',['dns','key'], {async: false})
.
Implicit Keyring encoding masks the actual value using a server secret. :::
- Module- overrides Dns_Module behavior
- Validator- service validator, checks input with AddDomain/EditDomain helpers
All module methods can be overwritten. The following are the bare minimum that are overwritten for this DNS provider to work:
atomicUpdate()
attempts a record modification, which must retain the original record if it failszoneAxfr()
returns all DNS recordsadd_record()
add a DNS recordremove_record()
removes a DNS recordget_hosting_nameservers()
returns nameservers for the DNS provideradd_zone_backend()
creates DNS zoneremove_zone_backend()
removes a DNS zone
See also: Creating a provider (hq.apnscp.com)
Submit a PR and have fun!