Or you need to allow UDP access which the Elastic Load Balancers (ELB) and Network Load Balancers (NLB) don't allow. This is for you.
What this does is listen to a Simple Notification Service (SNS) to any published events which the ASG would send for adding an instance to the pool or terminating an instance to the pool. It then queries the asg looking for the tag DomainMeta and then with the list of ec2 instances it goes and collects the public ip address and goes to the route53 zone that is recorded and updates the domain attached.
The tag should be in the format DomainMeta:
Where the first part is the hosted zone it needs to end the command to and the second part is the a record it is going to change.
This is based on the work that objectpartners.com did back in 2005. I've improved it to include security so that only one hosted zone is looked after or allows full account control if you are 100% in control of the tags on the ASG's.
This could easily be updated to include a coma delimited list on the tag to update multiple a records if required.
Please note: If the last instance is taken out of the pool the old ip address will be left since it route53 records can't be null/empty.
