Logo of Trend Micro

Route 53 Domain Auto Renew

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk level: High (not acceptable risk)
Rule ID: Route53-002

Ensure that AWS Route 53 Auto Renew feature is enabled to automatically renew your domain names as the expiration date approaches. The automatic renewal registration fee will be charged to your AWS account and you will get an email with the renewal confirmation once the registration is processed.

This rule can help you with the following compliance standards:

  • NIST4

For further details on compliance standards supported by Conformity, see here.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Reliability

Enabling automatic renewal for your domains registered with AWS or transferred to AWS will guarantee you full control over domain names registration. When your domains are automatically renewed before their expiration date, the risk of losing them is practically zero.

Audit

To determine if your domain names have the Auto Renew feature enabled, perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to Route 53 dashboard at https://console.aws.amazon.com/route53/.

03 In the left navigation panel, under Domains, click Registered Domains.

04 Select the domain name that you want to examine.

05 On the Your Domains > <domain name> page, under Transfer Lock, check the Auto Renew status. If the feature current status is set to Disabled, the automatic renewal registration for the selected domain name is not enabled and you can lose the ownership of the domain once this expires.

06 Repeat steps no. 4 and 5 for each domain name registered with AWS or transferred to AWS.

Using AWS CLI

01 Run list-domains command (OSX/Linux/UNIX) to list all the domain names registered with AWS Route 53 or transferred to AWS Route 53: 

aws route53domains list-domains
	--query 'Domains[*].DomainName'

02 The command output should return each domain name currently registered: 

[
    "cloudconformity.com"
]

03 Run get-domain-detail command (OSX/Linux/UNIX) using the domain name returned at the previous step, to determine the Auto Renew feature status for the selected domain: 

aws route53domains get-domain-detail
	--domain-name cloudconformity.com
	--query 'AutoRenew'

04 The command output should return the feature status (true for enabled, false for disabled): 

[
    false
]

If the Auto Renew current status is set to false, the automatic renewal registration for the selected domain name is not enabled and the risk of losing the domain ownership increases.

05 Repeat step no. 3 and 4 for each domain name registered with AWS or transferred to AWS.

Remediation / Resolution

To update your AWS Route 53 domains configuration and enable the Auto Renew feature, perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to Route 53 dashboard at https://console.aws.amazon.com/route53/.

03 In the left navigation panel, under Domains, click Registered Domains.

04 Select the domain name that you want to examine.

05 On the Your Domains > <domain name> page, click Enable next to Auto Renew to enable the feature. The Auto Renew feature status should now change to Enabled.

06 Repeat steps no. 4 and 5 for each domain name registered with AWS or transferred to AWS.

Using AWS CLI

01 Run list-domains command (OSX/Linux/UNIX) to list all the domain names registered with AWS Route 53 or transferred to AWS Route 53: 

aws route53domains list-domains
	--query 'Domains[*].DomainName'

02 The command output should return each domain name available in your AWS account: 

[
    "cloudconformity.com"
]

03 Run enable-domain-auto-renew command (OSX/Linux/UNIX) using the domain name returned at the previous step, to enable the Auto Renew feature for the selected domain (the command does not return any output): 

aws route53domains enable-domain-auto-renew
	--domain-name cloudconformity.com

04 Repeat step no. 3 for each domain name registered with AWS or transferred to AWS.

References

Publication date May 6, 2016

Related Route53 rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Route 53 Domain Auto Renew

Risk level: High