Monitor AWS Route 53 Domains configuration changes. Route 53 is a highly available and scalable Domain Name System (DNS) web service that is designed to give developers and businesses an extremely reliable and cost effective way to route end users to websites and web applications by translating domain names such as www.cloudconformity.com into the numeric IP addresses such as 192.10.0.5 that computers use to connect to each other on the Internet. You can use Amazon Route 53 to register domain names, route Internet traffic to the resources provisioned for your domain and check the health of your cloud resources such as web servers and email servers. You can use any combination of the functions provided by Route 53. For example, you can use AWS Route 53 service both to register your domain name and to route Internet traffic for the domain, or you can use Route 53 to route Internet traffic for a domain that you registered with another domain registrar. Route 53 is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or another AWS service within Route 53. CloudTrail captures all API calls for Route 53 as events, including calls from the Route 53 console or from application code requests to the Route 53 API. Cloud Conformity RTMA utilizes the information collected by AWS CloudTrail to send notifications about the configurations changes made at the Route 53 DNS service level. The activity detected by Cloud Conformity RTMA, based on CloudTrail logging data, can be any user request initiated through AWS Management Console or any AWS API request initiated programmatically using AWS CLI or SDKs, that calls any of the actions listed below:
This rule can help you with the following compliance standards:
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Real-Time Threat Monitoring.
"DeleteTagsForDomain" - Deletes the specified tags for a domain
"DisableDomainAutoRenew" - Disables automatic renewal of domain registration for the specified domain.
"DisableDomainTransferLock" - Removes the transfer lock on the domain.
"EnableDomainAutoRenew" - Configures Amazon Route 53 to automatically renew the specified domain before the domain registration expires.
"EnableDomainTransferLock" - Sets the transfer lock on the domain to prevent domain transfers
"RegisterDomain" - Registers a domain
"RenewDomain" - Renews a domain for the specified number of years
"ResendContactReachabilityEmail" - Resends the confirmation email to the current email address for the registrant contact.
"TransferDomain" - Transfers a domain from another registrar to Amazon Route 53
"UpdateDomainContact" - Updates the contact information for a particular domain
"UpdateDomainContactPrivacy" - Updates the specified domain contact's privacy setting
"UpdateDomainNameservers" - Replaces the current set of name servers for the domain with the specified set of name servers
"UpdateTagsForDomain" - Adds or updates tags for a specified domain
The list of supported communication channels that you can use to get AWS Route 53 Domain configuration change alerts are Email, SMS, Slack, PagerDuty, Zendesk and ServiceNow.
Rationale
As a security best practices, you need to be aware of all the configuration changes made at the Amazon Route 53 Domains. AWS Route 53 effectively connects end user requests to your infrastructure (EC2 instances, Elastic Load Balancers, S3 buckets, etc) running within AWS cloud, therefore, monitoring any Route 53 configuration change is essential for keeping your AWS cloud DNS infrastructure secure. Cloud Conformity RTMA can detect any configuration change request (API) made by IAM users within your AWS account and notify you in real time via predefined communication channels.