Use Route53 for scalable, secure DNS service in AWS.

Use AWS Route 53 Domain Name System (DNS) service within your AWS account to manage DNS zones for your domains

Risk Level: Low
Cloud Entity: Route53 Hosted Zone
CloudGuard Rule ID: D9.AWS.NET.24
Covered by Spectral: No
Category: Networking & Content Delivery


Route53HostedZone should have recordSets


From Portal

  1. Sign in to the AWS Management Console and open the Route 53 console at
  2. Choose Create hosted zone.
  3. Login to the AWS Management Console.
  4. In the Create Hosted Zone pane, enter the name of the domain that you want to route traffic for. You can also optionally enter a comment.
  5. Under Type, select the value 'Public hosted zone' or 'Private hosted zone'.
  6. Choose Create.

From TF

resource "aws_route53_zone" "primary" {
	name = ""

From Command Line
Run following command to create a new AWS Route 53 Hosted zone.

aws route53 create-hosted-zone --name --caller-reference VALUE --hosted-zone-config Comment=command-line version

Note: --caller-reference: Use a unique string that identifies the request and that allows failed CreateHostedZone requests to be retried without the risk of executing the operation twice. You must use a unique CallerReference string every time you submit a CreateHostedZone request. CallerReference can be any unique string, for example, a date/time stamp.

Note: --hosted-zone-config: Use a complex type that contains the optional values as:
For public and private hosted zones, an optional comment.
For private hosted zones, an optional PrivateZone element

Run following command to add the new private DNS record to the selected Private Hosted zone. You need to create an Amazon Route 53 change file before adding the DNS record to a Hosted zone.

aws route53 change-resource-record-sets --hosted-zone-id ZONE_ID --change-batch file://record.json



Route53 Hosted Zone

The AWS::Route53::HostedZone resource creates a hosted zone, which can contain a collection of record sets for a domain. You cannot create a hosted zone for a top-level domain (TLD).

Compliance Frameworks

  • AWS CIS Controls V 8
  • AWS CloudGuard Best Practices
  • AWS CloudGuard CheckUp
  • AWS CloudGuard Network Alerts for default VPC components
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS CloudGuard Well Architected Framework
  • AWS HITRUST v11.0.0
  • AWS LGPD regulation
  • AWS MAS TRM Framework
  • CloudGuard AWS All Rules Ruleset