Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Route 53 Domain Expiry 30 Days

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: Route53-005

Ensure that all the domain names registered with AWS Route 53 or transferred to AWS Route 53 are renewed 30 (seven) days before their validity period ends.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Reliability

Renewing your Route 53 domain names at the right time will guarantee you full control over their registration and eliminate the risk of being suspended.

Note 1: The renewal registration fee will be charged to your AWS account and you will get an email with the renewal confirmation once the registration process is completed.
Note 2: This guide assumes that the AWS Route 53 Auto Renew feature is disabled for your registered domain names.


Audit

To determine if your Route 53 domain names are about to expire in 30 days, you need to perform the following:

Note: 30 days before expiration, AWS will also send you an email with instructions on how to renew the domain name that is about to expire. The notification email will come from noreply@registrar.amazon.com or noreply@domainnameverification.net.

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to Route 53 dashboard at https://console.aws.amazon.com/route53/.

03 In the left navigation panel, under Domains, click Registered Domains.

04 Select the domain name that you want to examine.

05 On Your Domains > <domain name> page, inside the domain name configuration section, check the domain expiration date displayed next to Expires on. If the selected domain is about to expire in 30 days from now, continue with the renewal process setup as explained in the Remediation/Resolution section.

06 Repeat steps no. 4 and 5 for each domain name currently registered with AWS Route 53.

Using AWS CLI

01 Run list-domains command (OSX/Linux/UNIX) to list all the domain names registered with AWS or transferred to AWS:

aws route53domains list-domains
	--query 'Domains[*].DomainName'

02 The command output should return each domain name currently registered:

[
    "mydomain.com"
]

03 Run get-domain-detail command (OSX/Linux/UNIX) using the domain name returned at the previous step, to expose the expiration date for the selected domain:

aws route53domains get-domain-detail
	--domain-name mydomain.com
	--query 'ExpirationDate'

04 The command output should return the date when the specified domain is set to expire (Unix time):

[
    14302688000
]

05 To convert the Unix based date returned at the previous step to a human readable format run the following command (OSX/Linux/UNIX):

date -d @14302688000

06 The command output should return the expiration date in a human readable format:

Thu Sep 1 00:00:00 UTC 2016

If the selected domain name is about to expire in 30 days from now, continue with the renewal process setup as presented in the Remediation/Resolution section.

07 Repeat steps no. 3 – 6 for each domain name currently registered with AWS Route 53.

Remediation / Resolution

AWS Route 53 does not provide a manual method to renew domain names that are about to expire, therefore to make sure your domains are not suspended once their expiration date is reached, you must enable Route 53 automatic renewal. To update your Route 53 domain names configuration and enable automatic renewal, perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to Route 53 dashboard at https://console.aws.amazon.com/route53/.

03 In the left navigation panel, under Domains, click Registered Domains.

04 Select the domain name that you want to update.

05 On Your Domains > <domain name> page, click Enable next to Auto Renew to enable the feature. The Auto Renew feature status should change now to Enabled. Once the renewal process for the domain is successfully completed, AWS will send you an email with the renewal details.

06 Repeat steps no. 4 and 5 for each Route 53 domain name that is about to expire in 30 days.

Using AWS CLI

01 Run list-domains command (OSX/Linux/UNIX) to list all the domain names registered with AWS Route 53 or transferred to AWS Route 53:

aws route53domains list-domains
	--query 'Domains[*].DomainName'

02 The command output should return an array with all the domain names currently available:

[
    "mydomain.com"
]

03 Run enable-domain-auto-renew command (OSX/Linux/UNIX) using the domain name returned at the previous step, to enable the Auto Renew feature for the selected domain (the command does not return an output):

aws route53domains enable-domain-auto-renew
	--domain-name mydomain.com

Once the domain name is successfully renewed, AWS will send you an email with the renewal process details.

04 Repeat step no. 3 for each domain name registered with AWS or transferred to AWS that is about to expire in 30 days.

References

Publication date May 26, 2016