Set up Twilio SendGrid DNS on Amazon Route 53
This guide shows how to configure DNS records for Twilio SendGrid on Amazon Route 53, including SPF, DKIM, DMARC and domain verification records. The fastest way to do this is with the mail2dns CLI, which automatically creates all required records for your domain in seconds.
Setup
If needed, install mail2dns before following the below steps:
npm i -g mail2dnsNote: AWS CLI must be installed and configured. mail2dns will use the AWS CLI default profile, or you can choose the profile that is used by supplying the name of the profile to the ‑‑aws‑profile option or AWS_PROFILE environment variable.
The profile used must have the following permissions:
route53:ChangeResourceRecordSetsroute53:ListHostedZonesByNameroute53:ChangeResourceRecordSets
Run the following command and answer the prompts to create DNS records at Amazon Route 53:
mail2dns setup [YOUR_DOMAIN] sendgrid route53You will be prompted to input the following values:
-
DKIM CNAME 1 value
In the SendGrid dashboard, go to Settings > Sender Authentication > Domain Authentication, set up your domain, and copy the value for the 's1._domainkey' CNAME record.
-
DKIM CNAME 2 value
In the SendGrid dashboard, go to Settings > Sender Authentication > Domain Authentication, and copy the value for the 's2._domainkey' CNAME record.
Set the following environment variables:
SENDGRID_DKIM1=
SENDGRID_DKIM2=Then run the following command to create DNS records at Amazon Route 53:
mails2dns setup [YOUR_DOMAIN] sendgrid route53Environment Variables Reference
-
SENDGRID_DKIM1
DKIM CNAME 1 value. In the SendGrid dashboard, go to Settings > Sender Authentication > Domain Authentication, set up your domain, and copy the value for the 's1._domainkey' CNAME record.
-
SENDGRID_DKIM2
DKIM CNAME 2 value. In the SendGrid dashboard, go to Settings > Sender Authentication > Domain Authentication, and copy the value for the 's2._domainkey' CNAME record.
Run the following command, supplying the required options, to create DNS records at Amazon Route 53:
mails2dns setup [YOUR_DOMAIN] sendgrid route53 --dkim1 [SENDGRID_DKIM1] --dkim2 [SENDGRID_DKIM2] Options Reference
-
--dkim1
DKIM CNAME 1 value. In the SendGrid dashboard, go to Settings > Sender Authentication > Domain Authentication, set up your domain, and copy the value for the 's1._domainkey' CNAME record.
-
--dkim2
DKIM CNAME 2 value. In the SendGrid dashboard, go to Settings > Sender Authentication > Domain Authentication, and copy the value for the 's2._domainkey' CNAME record.
That's it! After running the setup command, the required DNS records will be created for your domain at Amazon Route 53 to work with Twilio SendGrid.
Optional Flags
--aws-profile AWS profile to use -o --no-mx Skip MX records (set up DNS for outbound email only) -y --yes Skip confirmation prompts (the command will error if any required inputs are missing) --allow-insecure-flags Allow secrets to be passed via command-line flags (not recommended) -d --dry-run Show records that would be created without applying them DNS records required for Twilio SendGrid
Twilio SendGrid requires the following DNS records to send email from your domain. These are created automatically by the mail2dns setup command:
TXT Record
@ → v=spf1 include:sendgrid.net ~all
TXT Record
_dmarc → v=DMARC1; p=none;
CNAME Record
s1._domainkey → {DKIM1}
CNAME Record
s2._domainkey → {DKIM2}
Protecting Secrets
When running the mail2dns setup command, if you provide credentials via flags these will be visible in your shell history and process list.
To avoid this, you can provide credentials via environment variables or interactively. If you understand the risks and still want to provide credentials via flags, you should take steps to ensure that the input is not saved in shell history, and avoid running it on a shared or public machine.
By default, the setup command will error if you provide secrets via flags: to enable them you must opt in by passing the --allow-insecure-flags option, or setting M2D_ALLOW_INSECURE_FLAGS=true environment variable.
Non-interactive mode
You may wish to run the mail2dns setup command without any confirmation prompts (by default, mail2dns asks you to confirm the DNS records it creates before applying them). To do this, use the ‑‑yes or ‑y flag with the setup command. Be sure to review the DNS records that will be created before running the command with this flag, as it will apply all changes without confirmation.
Any mix of flags and environment variables may be used to provide the required values. By default any missing values will be prompted for, or in non-interactive mode the command will produce an error if there are missing required values.
Related Setups
For Twilio SendGrid
- Set up Twilio SendGrid DNS on Cloudflare +
- Set up Twilio SendGrid DNS on Google Cloud +
- Set up Twilio SendGrid DNS on Vercel +
- Set up Twilio SendGrid DNS on Azure DNS +
- Set up Twilio SendGrid DNS on DigitalOcean +
- Set up Twilio SendGrid DNS on GoDaddy +
- Set up Twilio SendGrid DNS on Netlify +
- Set up Twilio SendGrid DNS on Hetzner +
For Amazon Route 53
- Set up Google Workspace DNS on Amazon Route 53 +
- Set up Microsoft 365 DNS on Amazon Route 53 +
- Set up Amazon SES DNS on Amazon Route 53
+ - Set up Mailgun DNS on Amazon Route 53
+ - Set up Resend DNS on Amazon Route 53
+ - Set up Postmark DNS on Amazon Route 53
+ - Set up Zoho Mail DNS on Amazon Route 53
+ - Set up Proton Mail DNS on Amazon Route 53
+