AI-Powered DNS Automation
Agentic request triage for operational DNS changes — intake, policy validation, execution, and full audit trail.
Problem
DNS change requests arrived through Slack and Jira with inconsistent formats. Manual triage created bottlenecks, policy drift, and gaps in audit coverage for production zones.
Solution
Built an event-driven pipeline with an AI triage agent that parses intent, validates against policy, routes approvals, executes on Route53, and emits structured audit events to SIEM.
How it works
Request arrives
Slack slash-command or Jira webhook posts structured payload to EventBridge.
Agent triages
Claude agent parses intent, checks policy engine, and routes for auto-approval or human review.
Change executes
Lambda calls Route53 API idempotently; audit event emitted to SIEM and Slack thread updated.
System architecture
Slack/Jira webhooks → event bus → triage agent + policy engine → Route53 API → audit/SIEM pipeline with stakeholder notifications.
Operations dashboard
Open requests
3
Avg turnaround
42s
Policy pass rate
96%
Recent requests
dns-req-2847 · CNAME · prod · RESOLVED
dns-req-2846 · A record · staging · PENDING
dns-req-2845 · TXT · prod · APPROVED
01
Webhook
Slack/Jira → API GW
02
EventBridge
Route to agent
03
Lambda
Triage + policy
04
Route53
Apply change
05
SIEM
Audit event
Implementation details
- Python Lambda functions with structured JSON logging and correlation IDs
- Policy rules stored as versioned YAML — tested independently of agent logic
- Route53 change batches with rollback state stored in DynamoDB
- CloudWatch dashboards for SLA, rejection rate, and agent latency p99
Proof of work
$ agent triage --request dns-req-2847→ parsed: CNAME api.example.com → prod-lb.elb.amazonaws.com→ policy: PASS (naming convention, TTL within bounds)→ blast-radius: 1 record · zone: prod · approval: auto→ route53: CHANGE_PENDING → INSYNC (1.4s)→ audit: event-9f2a written to SIEM · slack: confirmedstatus: RESOLVED · turnaround: 42s
Workflow
- 1
Intake & classify
Parse DNS change requests from Slack/Jira and classify record type, target zone, and urgency.
- 2
Agent triage & policy check
AI agent validates naming conventions, TTL policies, and blast-radius rules before routing for approval.
- 3
Execute & audit
Approved changes propagate to Route53; every action written to SIEM with Slack confirmation.
- 4
Observability feedback
Metrics on turnaround time, policy violations, and rollback events feed the control plane dashboard.
Observability integration
- CloudWatch metrics for agent latency and policy rejection rate
- Structured logs with correlation IDs across triage → execution
- Dashboard panels for open requests, SLA breaches, and rollback events
Remediation workflow
Auto-rollback on validation failure
Failed Route53 apply triggers rollback to previous record state and notifies requester.
Escalation on prod-zone blast radius
Changes affecting >N records or apex zones route to on-call for explicit approval.
Design decisions
- Policy engine separated from agent logic for testability and governance
- Human-in-the-loop for prod-zone changes above blast-radius threshold
- Idempotent execution with rollback hooks on validation failure
- Structured audit events compatible with SIEM ingestion (CEF/JSON)
Inputs
Outputs
Tech stack
Impact
85%
Reduction in manual DNS handling
<2min
Average request turnaround
100%
Audit coverage on prod changes