Route53 as a DDNS provider

I'm interested in adding support in LEDE for updating DDNS records on Amazon Web Services Route53 DNS service. Up until now indeed it was difficult to directly update Route53 since their Python-based CLI tool brings in too many dependencies, and their REST API is an abomination that requires lots of authentication key signature calculations. Any other solution requires an intermediate service external to the LEDE device.

To that end, I recently started working on implementing the simple REST API call using as little dependencies as possible - source can be found on Github

Current script depends on curl (HTTP/S client), openssl-util (HMAC-SHA256 for API signature) and ca-bundle (CA certs) - roughly 1.5MB of packages, reasonable on a modern device. However, I believe this can be further reduced:

  1. Installing AWS CA cert only
  2. Boldly going where no one has gone before and implementing HMAC in bash, and using builtin sha256sum
  3. Any lighterweight option other than curl?

Eventually I'm interested in supporting Route53 as a proper DDNS provider so I can do:

config 'service' 'route53'
	option 'service_name'	''
	option 'enabled'	'1'
	option 'domain'		''
	option 'aws_access_key_id'	'xxxxxxxxxxxxxxxxxx'
	option 'aws_secret_access_key'	'xxxxxxxxxxxxxxxxxxxx'
        option 'hosted_zone_id'  'ABCDEFGHIJKL'
        # etc....

Thoughts on how to continue development? Is there a reasonable roadmap for including this in LEDE?

Looking on existing ddns-scripts package there are already additional service scripts for, and others for updates with provider specific protocols.
If you like, your script and it's dependencies could be included into the ddns-script package as additional service easily.

For compatibility:

  • all shell scripts inside OpenWrt/LEDE using #!/bin/sh instead of bash.
  • the script is parsed by inside send_update() function
  • ddns-scripts also support IPv6, if DDNS provider and your script does
  • you should (re)use already existing UCI settings (compatible with luci-app-ddns) for Route53 service

option service_name "route53-v?"
option lookup_host "your host/domain" (also used by nslookup etc. )
option domain "your hosted_zone_id" (parameter used for provider update only
option username "your aws_access_key_id"
option password "your aws_secret_access_key"

inside services/services_ipv6 you set something like
"route53-v?" "update_route53_v?.sh"
or you use custom service settings (remove option service_name) and set
option update_script 'path/to/your/'

you should include a v? version information, if provider api changes (as done by

Since I was interested in this, I have created a pull request:

Note that @yuvadm as relicensed his script under GPLv2 to be compatible with the rest of the packaging, this pull request is basically taking his script and packaging it as @chris5560 has suggested.

Please consider this script, and feel free to suggest any changes needed.