# Auto Route53 Configuration

The Pritunl Zero SSH Host Client can automatically update a Route53 entry for the host. This is useful when using host certificates where a valid DNS entry is required for each host. The Route53 entry will be updated if the servers IP address changes. The SSH host client can be configured with AWS access keys or if not access keys are configured the instance role will be used. If the host is being deployed in the same AWS account as the Route53 zone it is recommended to use instance roles. Below are instructions for creating an instance role and access keys for Route53 access. These can optionally be restricted to specific Route53 zones.

### Route53 Instance Role

Open the *IAM Management Console* in the AWS console and click *Create role* in the *Roles* section. Select *AWS service* and *EC2* then click *Next: Permissions*.

![](https://github.com/pritunl/pritunl-docs/blob/master/pritunl-zero/.gitbook/assets/route532.png)

Search for *Route53* and select *AmazonRoute53FullAccess* then click *Next: Review*.

![](https://github.com/pritunl/pritunl-docs/blob/master/pritunl-zero/.gitbook/assets/route533.png)

Set the *Role name* to `pritunl-zero-client` and click *Create role*.

![](https://github.com/pritunl/pritunl-docs/blob/master/pritunl-zero/.gitbook/assets/route534.png)

When configuring the SSH host client set a Route53 zone.

```shell
sudo pritunl-ssh-host config aws-access-key AWS_ACCESS_KEY
sudo pritunl-ssh-host config aws-secret-key AWS_SECRET_KEY
sudo pritunl-ssh-host config route-53-zone pritunl.com
```

### Route53 Access Key

Open the *IAM Management Console* in the AWS console and click *Add user* in the *Users* section. Set the *Role name* to `pritunl-zero-client` and select *Programmatic access*. Then click *Next: Permissions*.

![](https://github.com/pritunl/pritunl-docs/blob/master/pritunl-zero/.gitbook/assets/route530.png)

Select *Attach existing policies directly* and search for *Route53*. Then select *AmazonRoute53FullAccess* and click *Next: Review*.

![](https://github.com/pritunl/pritunl-docs/blob/master/pritunl-zero/.gitbook/assets/route531.png)

When configuring the SSH host client the access key and set a Route53 zone.

```shell
sudo pritunl-ssh-host config aws-access-key AWS_ACCESS_KEY
sudo pritunl-ssh-host config aws-secret-key AWS_SECRET_KEY
sudo pritunl-ssh-host config route-53-zone pritunl.com
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pritunl.com/kb/zero/general/auto-route53-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.