Enable AWS Route53 domain transfer lock to secure your cloud

AWS-Route53-Domain-Transfer-Lock_Cloud-Security

AWS Route53 plays an important role in determining the security of your cloud infrastructure. This service is responsible for routing internet traffic to your cloud resources. Certain security features should be enabled for your Route53 resources to ensure effective and secure web traffic management across your cloud infrastructure.

What is AWS Route53?

AWS Route53 is a highly available and scalable web service which performs necessary functions such as domain registration, DNS traffic routing and performing health checks on your resources. Route53 connects user’s requests to the cloud infrastructure and also routes the users outside AWS. It allows the users to manage the global traffic to their resources with a variety of routing types.

Enable domain transfer lock feature in Route53

AWS Route53 has a feature called domain transfer lock feature which prevents unauthorized transfers from the user’s domain to any other domain without the user’s permissions. It is recommended that feature should be enabled in your AWS cloud so as to protect your resources from potential security threats which can hit your infrastructure via the routed internet traffic.

Centilytics provides a dedicated insight on domain transfer lock feature and specifies whether it is enabled or disabled in your AWS account.

Insight Descriptions:

There can be 2 possible scenarios:

Severity Description
OK This indication will be displayed when the transfer lock feature is enabled in your AWS account.
CRITICAL This indication will be displayed when the domain transfer lock feature is disabled in your AWS account.

 

Description of further columns are as follows:

  1. Account Id: This column shows the respective account ID of the user. AWS Route53 S2
  2. Account Name: This column shows the corresponding account name.AWS Route53 S3
  3. Domain Name: This column shows the domain name of your account.AWS Route53 S1
  4. Transfer Lock status: This column specifies whether the transfer lock feature is enabled or not.AWS Route53 S4

Filters Applicable:

Filter Name Description
Account Id Applying the account Id filter will display data for the selected account Id.
Region Applying the region filter will display data corresponding to the selected region
Severity Applying severity filter will display public snapshots according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for Warning and Ok severity types.
Resource Tags Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production).

Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.

 

Read More:

[1] https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-lock.html

LEAVE A REPLY

Please enter your comment!
Please enter your name here