route53: adds option to use private zone (#2162)

cmd/zz_gen_cmd_dnshelp.go

@@ -2644,6 +2644,7 @@ func displayDNSHelp(w io.Writer, name string) error {
 		ew.writeln(`Additional Configuration:`)
 		ew.writeln(`	- "AWS_MAX_RETRIES":	The number of maximum returns the service will use to make an individual API request`)
 		ew.writeln(`	- "AWS_POLLING_INTERVAL":	Time between DNS propagation check in seconds (Default: 4)`)
+		ew.writeln(`	- "AWS_PRIVATE_ZONE":	Set to true to use private zones only (default: use public zones only)`)
 		ew.writeln(`	- "AWS_PROPAGATION_TIMEOUT":	Maximum waiting time for DNS propagation in seconds (Default: 120)`)
 		ew.writeln(`	- "AWS_SHARED_CREDENTIALS_FILE":	Managed by the AWS client. Shared credentials file.`)
 		ew.writeln(`	- "AWS_TTL":	The TTL of the TXT record used for the DNS challenge in seconds (Default: 10)`)

docs/content/dns/zz_gen_route53.md

@@ -60,6 +60,7 @@ More information [here]({{% ref "dns#configuration-and-credentials" %}}).
 |--------------------------------|-------------|
 | `AWS_MAX_RETRIES` | The number of maximum returns the service will use to make an individual API request |
 | `AWS_POLLING_INTERVAL` | Time between DNS propagation check in seconds (Default: 4) |
+| `AWS_PRIVATE_ZONE` | Set to true to use private zones only (default: use public zones only) |
 | `AWS_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation in seconds (Default: 120) |
 | `AWS_SHARED_CREDENTIALS_FILE` | Managed by the AWS client. Shared credentials file. |
 | `AWS_TTL` | The TTL of the TXT record used for the DNS challenge in seconds (Default: 10) |

providers/dns/route53/route53.go

@@ -35,6 +35,7 @@ const (
 	EnvMaxRetries      = envNamespace + "MAX_RETRIES"
 	EnvAssumeRoleArn   = envNamespace + "ASSUME_ROLE_ARN"
 	EnvExternalID      = envNamespace + "EXTERNAL_ID"
+	EnvPrivateZone     = envNamespace + "PRIVATE_ZONE"
 
 	EnvWaitForRecordSetsChanged = envNamespace + "WAIT_FOR_RECORD_SETS_CHANGED"
 
@@ -58,6 +59,7 @@ type Config struct {
 	MaxRetries    int
 	AssumeRoleArn string
 	ExternalID    string
+	PrivateZone   bool
 
 	WaitForRecordSetsChanged bool
 
@@ -75,6 +77,7 @@ func NewDefaultConfig() *Config {
 		MaxRetries:    env.GetOrDefaultInt(EnvMaxRetries, 5),
 		AssumeRoleArn: env.GetOrDefaultString(EnvAssumeRoleArn, ""),
 		ExternalID:    env.GetOrDefaultString(EnvExternalID, ""),
+		PrivateZone:   env.GetOrDefaultBool(EnvPrivateZone, false),
 
 		WaitForRecordSetsChanged: env.GetOrDefaultBool(EnvWaitForRecordSetsChanged, true),
 
@@ -312,7 +315,7 @@ func (d *DNSProvider) getHostedZoneID(ctx context.Context, fqdn string) (string,
 	var hostedZoneID string
 	for _, hostedZone := range resp.HostedZones {
 		// .Name has a trailing dot
-		if !hostedZone.Config.PrivateZone && ptr.Deref(hostedZone.Name) == authZone {
+		if ptr.Deref(hostedZone.Name) == authZone && d.config.PrivateZone == hostedZone.Config.PrivateZone {
 			hostedZoneID = ptr.Deref(hostedZone.Id)
 			break
 		}

providers/dns/route53/route53.toml

@@ -133,6 +133,7 @@ Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with
     AWS_EXTERNAL_ID = "Managed by STS AssumeRole API operation (`AWS_EXTERNAL_ID_FILE` is not supported)"
     AWS_WAIT_FOR_RECORD_SETS_CHANGED = "Wait for changes to be INSYNC (it can be unstable)"
   [Configuration.Additional]
+    AWS_PRIVATE_ZONE = "Set to true to use private zones only (default: use public zones only)"
     AWS_SHARED_CREDENTIALS_FILE = "Managed by the AWS client. Shared credentials file."
     AWS_MAX_RETRIES = "The number of maximum returns the service will use to make an individual API request"
     AWS_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 4)"

providers/dns/route53/route53_test.go

@@ -23,6 +23,7 @@ var envTest = tester.NewEnvTest(
 	EnvRegion,
 	EnvHostedZoneID,
 	EnvMaxRetries,
+	EnvPrivateZone,
 	EnvTTL,
 	EnvPropagationTimeout,
 	EnvPollingInterval,