Amazon Route 53: Backup Zone Data
Amazon Route 53 users should regularly back up their zone data to protect against accidental deletion. This article explains how to automate daily backups of your Route 53 zones using native AWS services.
Tracy Honeycutt
Amazon Employee
Published Oct 30, 2024
AWS customers using Amazon Route 53 should back up their zones and resource records to protect against accidental deletion. This allows you to restore data if needed. This article explains how to create an automated backup of your Route 53 data to an S3 bucket.
You need familiarity with Amazon Route 53, AWS Identity and Access Management (IAM), AWS Lambda, Amazon EventBridge, and Amazon S3. You need a secure S3 bucket to store backups. Consider adding a bucket lifecycle policy to automatically manage backup retention.
Route 53 backups are performed by an AWS Lambda function with a Python script. Create an IAM role with permissions to execute the Lambda function and write permissions to the S3 bucket. Schedule the Lambda function using Amazon EventBridge. The function exports Route 53 data as CSV and JSON files and writes to output to your S3 bucket.
- Create an IAM service role and policy for the Lambda function with permissions to read from Route 53 and write to the specified S3 bucket.
- Create a Lambda function to read Route 53 configurations and write both CSV and JSON files to the S3 bucket.
- Create an EventBridge schedule to run the Lambda function daily.
Lambda needs permission to write to the specified S3 bucket and read from Route 53. This requires a custom role with the required permissions to be created.
- Create an IAM policy named
Route53_Backup_Policy
using the following JSON:
- Replace
BUCKET_NAME
with your S3 bucket name.
Create a Lambda function to read Route 53 configurations and write both CSV and JSON files to the S3 bucket.
- Open the Lambda console and choose "Create function".
- Select "Author from scratch" and enter these details.
- Function name: Route53_Backup
- Runtime: Python 3.12
- Architecture: x86_64
- Replace the default code with the following Python script:
Replace
BUCKET_NAME
and BUCKET_REGION
with your S3 bucket details. 4. Deploy the function.
5. Set the function timeout to 60 seconds in the Configuration tab.
Create an EventBridge schedule to run the Lambda function daily.
- Open the EventBridge Scheduler console.
- Choose "Create schedule" and enter these details:
- Schedule name:
Route53_Backup_Lambda
- Schedule type:
Rate-based schedule
- Rate expression:
1 days
- Flexible time window:
Off
- Select "AWS Lambda Invoke" as the target and choose the
Route53_Backup_Lambda
function. - Enable the schedule and create a new execution role.
- Review and create the schedule.
The Lambda function writes backup files to your S3 bucket in this format:
Output files:
zone_info_[ZONE NAME].json
: Zone configuration information[ZONE NAME].json
: All resource records for the zone[ZONE NAME].csv
: Resource records in a readable CSV format
With this setup, you'll have daily backups of your Route 53 zones to protect against accidental data loss.
Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.