The Pritunl Zero SSH Host Client can automatically update a Route53 entry for the host. This is useful when using host certificates where a valid DNS entry is required for each host. The Route53 entry will be updated if the servers IP address changes. The SSH host client can be configured with AWS access keys or if not access keys are configured the instance role will be used. If the host is being deployed in the same AWS account as the Route53 zone it is recommended to use instance roles. Below are instructions for creating an instance role and access keys for Route53 access. These can optionally be restricted to specific Route53 zones.

Route53 Instance Role

Open the IAM Management Console in the AWS console and click Create role in the Roles section. Select AWS service and EC2 then click Next: Permissions.

Search for Route53 and select AmazonRoute53FullAccess then click Next: Review.

Set the Role name to pritunl-zero-client and click Create role.

When configuring the SSH host client set a Route53 zone.

sudo pritunl-ssh-host config aws-access-key AWS_ACCESS_KEY
sudo pritunl-ssh-host config aws-secret-key AWS_SECRET_KEY
sudo pritunl-ssh-host config route-53-zone pritunl.com

Route53 Access Key

Open the IAM Management Console in the AWS console and click Add user in the Users section. Set the Role name to pritunl-zero-client and select Programmatic access. Then click Next: Permissions.

Select Attach existing policies directly and search for Route53. Then select AmazonRoute53FullAccess and click Next: Review.

When configuring the SSH host client the access key and set a Route53 zone.

sudo pritunl-ssh-host config aws-access-key AWS_ACCESS_KEY
sudo pritunl-ssh-host config aws-secret-key AWS_SECRET_KEY
sudo pritunl-ssh-host config route-53-zone pritunl.com