Skip to content

The DynamoDB registry

The DynamoDB registry stores DNS record metadata in an AWS DynamoDB table.

The DynamoDB Table

By default, the DynamoDB registry stores data in the table named external-dns.
A different table may be specified using the --dynamodb-table flag.
A different region may be specified using the --dynamodb-region flag.

The table must have a partition (hash) key named k and string type.
The table must not have a sort (range) key.

IAM permissions

The ExternalDNS Role must be granted the following permissions:

    {
      "Effect": "Allow",
      "Action": [
        "DynamoDB:DescribeTable",
        "DynamoDB:PartiQLDelete",
        "DynamoDB:PartiQLInsert",
        "DynamoDB:PartiQLUpdate",
        "DynamoDB:Scan"
      ],
      "Resource": [
        "arn:aws:dynamodb:*:*:table/external-dns"
      ]
    }

The region and account ID may be specified explicitly specified instead of using wildcards.

Caching

The DynamoDB registry can optionally cache DNS records read from the provider. This can mitigate
rate limits imposed by the provider.

Caching is enabled by specifying a cache duration with the --txt-cache-interval flag.


Last update: June 13, 2023
Back to top