Detections
Analytics

Ensure record sets are configured for AWS Route53HostedZones

HIGH

Description

AWS Route53HostedZones do not have recordSets which may not allow you detect and stop email address spoofing in order to reduce spam and increase your domains trustworthiness.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the Route53 Console.
  2. Under Hosted Zones, choose the zone you wish to create records for.
  3. Select Create record and follow the steps in the wizard to the type of record you require.

In Terraform -

  1. For each aws_route53_record resource, add the name, type, ttl, and records list as needed.
  2. Ensure the zone_id field corresponds with the correct hosted zone.

References:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/rrsets-working-with.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record

Policy Details

Rule Reference ID: AC_AWS_0205
CSP: AWS
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: aws_route53_record
Resource Category: Virtual Network
Resource Type: Route53

Frameworks