Since you say you want to use the data to run a port scan of currently running AWS nodes, why not just collect the IP information by listing your current running AWS instances?

You might have records in DNS that have no current host running, and you might have hosts running that aren't actually in DNS, so I would think an instance list would be a better 'source of truth'.

Here's an example boto script for grabbing a list of instances. boto list instances Some of of the instance parameters is the current external and internal IP addresses for the instance.

If you really want to stick to route53 methods, you can use boto to walk all records in your hosted zone. boto docs for route53 api

$ cat list-r53.py

#!/usr/bin/python

"""
Simple script to lsit route 53 entries

WARNING: (boto requires credential to be stored in a dotfile for the user)

eg.
Contents of ~/.boto are below:
[Credentials]
aws_access_key_id = ABC123DEF456
aws_secret_access_key = NOC4KE4U

"""


from boto.route53.connection import Route53Connection
route53 = Route53Connection()
results = route53.get_all_hosted_zones()
for zone in results['ListHostedZonesResponse']['HostedZones']:
    print "========================================"
    print "Zone:",zone['Name']
    zone_id = zone['Id'].replace('/hostedzone/', '')
    for rset in route53.get_all_rrsets(zone_id):
        print "\t%s: %s %s @ %s" % (rset.name, rset.type, rset.resource_records, rset.ttl)

$ ./list-r53.py
========================================
Zone: serverfault.com.
    serverfault.com.: NS [u'ns-1638.awsdns-12.co.uk.', u'ns-699.awsdns-23.net.', u'ns-301.awsdns-37.com.', u'ns-1459.awsdns-54.org.'] @ 172800
    serverfault.com.: SOA [u'ns-1638.awsdns-12.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400'] @ 900
    192.168.1.1.serverfault.com.: PTR [u'sample.serverfault.com.'] @ 300
    sample.serverfault.com.: A [u'192.168.1.1'] @ 300

Good luck.