Ensure that a DNS alias record for the root domain name is created within your Amazon Route 53 hosted zone. An alias record is a special DNS record type that allows you to create an A record for the root domain and point it to the fully qualified domain name (FQDN) of an Elastic Load Balancer (ELB) or an Amazon Cloudfront distribution. Prior to running this rule by the Cloud Conformity engine, your root domain name needs to be configured in the rule settings, on your Cloud Conformity account dashboard.
Alias records provide a Route 53–specific extension to DNS functionality and can save you time as the Route 53 service automatically recognizes changes in the records that the alias record refers to. For example, suppose an alias record for cloudconformity.com domain points to a load balancer at cc-prod-elb.us-east-1.elb.amazonaws.com. If the IP address of the ELB changes, AWS Route 53 will automatically reflect those changes in DNS responses for cloudconformity.com without any changes to the hosted zone that contains the DNS records for the root domain. To point the root domain to an Elastic Load Balancer or to a Cloudfront CDN distribution, an alias resource record set should be created.
Note: Ensure that you replace all <root_domain_name> placeholders found in the conformity rule content with your own root domain name.
To determine if there is a DNS alias record set for the root domain within your AWS Route 53 hosted zone, perform the following:
Remediation / Resolution
To create and configure an AWS Route 53 DNS alias record for your root domain name, perform the following:
- AWS Documentation
- Working with Public Hosted Zones
- Creating Records by Using the Amazon Route 53 Console
- Configuring Amazon Route 53 as Your DNS Service
- Values for Alias Records
- CIS Amazon Web Services Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Create DNS Alias Record for Root Domain
Risk level: Medium