R53R Hub Probe

At the day job we use Amazon Route53 Resolvers for some DNS access from cloud environments back to the datacenter domain controllers.

These work fine but Amazon does not do a great job on monitoring. The only CloudWatch metrics they expose are about traffic reaching from the various EC2/ENI instances on the VPCs that want to go to the Route53 Resolver Outbound Endpoint, not whether the endpoint was successful in getting something back.

If the VPC where the Route53 Resolver Endpoint is sitting has a networking issue, you have no way to see that from the CloudWatch Metrics.

Today’s little victory was getting my hands dirty in writing something to help monitor this.

As Corey Quinn said some time ago, Lambdas are a great way to cover AWS’s shortcomings. Wish I had kept a link to this saying as it’s definitely another of Corey’s absolute truths.

The lambda code itself is trivial dnspython deployed with Terraform, today’s little victory is feeling that my Python is improving considerably with Poetry.

Building Lambdas with Poetry was useful in getting my head around, especially when it was moment of transforming a wheel into something that the Lambda found useful:

poetry run pip install --upgrade -t package dist/*.whl
cd package ; zip -r ../artifact.zip . -x '*.pyc'