Use `hostedzonesbyname` Route 53 API endpoint instead of `hostedzones` endpoint.
The `hostedzones` endpoint returns all hosted zones for a given Route 53 account in groups of 100. For AWS Route 53 accounts with many domains, this could mean a large number of requests to the `hostedzones` endpoint as it progresses through each page of 100 results. This will often result in a "Rate exceeded" API error from Route 53.
Instead of using `hostedzones` endpoint, we can use `hostedzonesbyname` and then filter by the specific domain we are looking for and ask for a `max-items` of 1.
The while loop in _get_root() starts with a given domain and removes parts from the front of the given domain if no match is found.
For example, when requesting a certificate for `test.www.domain.co.uk`, the while loop will check for Route 53 hosted zones for:
1st: test.www.domain.co.uk
2nd: www.domain.co.uk
3rd: domain.co.uk
4th: co.uk
5th: uk
The first two checks will result in no matches, while the third check should be successful (if, of course, domain.co.uk is actually a hosted zone in the given AWS account).
Now imagine that the given AWS account owns 2500 domains and, therefore, has 2500 hosted zones.
Using the `hostedzones` endpoint would result in:
1st: 25 GET requests to the Route 53 API looking for a match to test.www.domain.co.uk
2nd: 25 GET requests to the Route 53 API looking for a match to www.domain.co.uk
3rd: 25 GET requests to the Route 53 API looking for a match to domain.co.uk
4th: 25 GET requests to the Route 53 API looking for a match to co.uk
5th: 25 GET requests to the Route 53 API looking for a match to uk
This would far exceed the Route 53 limit of five requests per second.
Using `hostedzonesbyname` results in a dramatic reduction in Route 53 API GET requests for AWS accounts with large numbers of hosted zones.
_saveaccountconf_mutable instead of _saveaccountconf now used.
Co-Authored-By: kapper.net support account <33451837+kappernet@users.noreply.github.com>
Roger Lehrke
neil
neil
kapper.net support account
Harald Kapper
Andy Botting
Draevin Luke