Expired Route 53 Domain Names
Identify any expired domain names registered with AWS Route 53
Risk Level: High
Cloud Entity: Amazon Route 53
CloudGuard Rule ID: D9.AWS.DNS.01
Covered by Spectral: No
Category: Networking & Content Delivery
GSL LOGIC
Route53Domain should not have expirationTime before(-1, 'minutes')
REMEDIATION
From Portal
Use following steps to verify expired domains.
- Navigate to Route 53 dashboard at https://console.aws.amazon.com/route53/.
- In the left navigation panel, under Domains, click Registered Domains.
- Select the relevant domain.
- On Your Domains 'domain name' page, in domain name configuration section, check the domain expiration date.
- If the selected domain name is already expired, continue with the restoration process setup.
From Command Line
- Run below command to list all the domain names registered with AWS or transferred to AWS:
aws route53domains list-domains --query 'Domains[*].DomainName'
- Run below command to check the expiration date for the selected domain:
aws route53domains get-domain-detail --domain-name EXAMPLE.DOMAIN.COM --query 'ExpirationDate'
References
- https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-restore-expired.html
- https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-renew.html
- https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-extend.html
- https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53domains/list-domains.html
Amazon Route 53
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well.
Compliance Frameworks
- AWS CloudGuard Best Practices
- AWS CloudGuard CheckUp
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS HITRUST
- AWS HITRUST v11.0.0
- AWS ITSG-33
- AWS MAS TRM Framework
- AWS NIST 800-53 Rev 5
- CloudGuard AWS All Rules Ruleset
Updated over 1 year ago