Ensure that AWS Route 53 Domain Name System (DNS) service is used within your AWS account to manage DNS zones for your domains. AWS Route 53 is an authoritative Domain Name System service built on top of AWS highly available, scalable and reliable infrastructure.
This rule can help you with the following compliance standards:
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
With AWS Route 53 you can create and manage DNS hosted zones for all your domain names registered with AWS or with other domain registrars. Route 53 has several advantages over other DNS service providers: is fast – currently using a global network of dedicated DNS servers available in 17 locations worldwide, is secure - can be integrated with AWS IAM to manage access permissions and prevent unauthorized access to the DNS configuration, is highly available – engineered on top of AWS global infrastructure for 100% uptime, easy to use - manage DNS records with just few clicks using the Management Console or programmatically via API, cost effective - you pay only what you use (e.g. hosted zones and DNS queries made) and can be easily integrated with other AWS components such as Elastic Load Balancer, Elastic Beanstalk, Cloudfront or S3.
Audit
To determine if AWS Route 53 is used as DNS service for your domain names, perform the following:
Remediation / Resolution
In order to utilize AWS Route 53 as DNS service for your domain names, you must create and configure Route 53 hosted zones. To create your own DNS hosted zones, perform the following:
References
- AWS Documentation
- Amazon Route 53 FAQs
- What Is Amazon Route 53?
- Migrating DNS Service for an Existing Domain to Amazon Route 53
- Working with Public Hosted Zones
- Listing Public Hosted Zones
- Creating a Public Hosted Zone
- Creating Resource Record Sets By Importing a Zone File
- AWS Command Line Interface (CLI) Documentation
- route53
- list-hosted-zones
- create-hosted-zone
- change-resource-record-sets
- get-change