Open menu
-->

Enable Privacy Protection for AWS Route 53 Domains

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Security

Risk level: Low (generally tolerable level of risk)

Ensure that your Amazon Route 53 domains have Privacy Protection feature enabled in order to hide all their contact information from WHOIS queries and reduce the amount of spam received. The feature allows you to conceal your personal phone number, email and physical address for the domain names registered and/or transferred to AWS Route 53 service.

This rule resolution is part of the Cloud Conformity Security Package

When Amazon Route 53 Privacy Protection is disabled, anyone is able to look up your personal information with a simple WHOIS query. Enabling the Privacy Protection feature would protect against receiving spam and from anyone that might send WHOIS queries to get the contact information that you provided when you registered the domain, including name, physical address, phone number and email address. Note: Some Top-Level Domain (TLD) registries conceal all your contact information automatically, some allow you to choose to hide all contact information, some allow you to hide only some information and some do not allow you to hide any information at all. Your first and last name will be hidden if the TLD registry and registrar allows it.

Audit

To determine if your AWS Route 53 domains have privacy protection for contact information enabled, perform the following actions:

Using AWS Console

01 Sign in to AWS Management Console.

02 Navigate to Route 53 dashboard at https://console.aws.amazon.com/route53/.

03 In the left navigation panel, under Domains, click Registered Domains.

04 Choose the domain name that you want to examine, then check the value available within the Privacy Protection column for the selected domain. If the value is different than All contacts, the registrant contact information is not all protected, hence the Privacy Protection feature for the selected Amazon Route 53 domain name is disabled.

05 Repeat step no. 4 for each registered/transferred domain name available within your AWS account.

Using AWS CLI

01 Run list-domains command (OSX/Linux/UNIX) to list all the domain names registered with Amazon Route 53 or transferred to AWS Route 53:

aws route53domains list-domains 
	--query 'Domains[*].DomainName'

02 The command output should return an array with all your Route 53 domain names:

[
    "cloudconformity.com",
    "cloudrealisation.com"
]

03 Run get-domain-detail command (OSX/Linux/UNIX) using the name of the domain that you want to examine as identifier, to determine whether or not the contact information for the selected domain is concealed from WHOIS queries:

aws route53domains get-domain-detail
	--domain-name cloudconformity.com
	--query 'RegistrantPrivacy'

04 The command output should return the requested information (true for enabled, false for disabled):

[
    false
]

If the value returned is false, as shown in the example above, any WHOIS query made for the domain should return the contact information that you entered for the registrant contact (i.e. domain owner), therefore the Privacy Protection feature for the selected Amazon Route 53 domain name is disabled.

05 Repeat step no. 3 and 4 for each registered/transferred domain name available in your AWS account.

Remediation / Resolution

To enable Privacy Protection for your Amazon Route 53 domains in order to hide all their contact information from WHOIS queries and reduce spam, perform the following actions:

Using AWS Console

01 Sign in to AWS Management Console.

02 Navigate to Route 53 dashboard at https://console.aws.amazon.com/route53/.

03 In the left navigation panel, under Domains, click Registered Domains.

04 Choose the domain name that you want to enable privacy protection for (see Audit section part I to identify the right domain).

05 Choose Edit Contacts, then for each type of contact available, choose to hide contact information. Click Save to apply the changes.

06 Repeat steps no. 4 and 5 for each Amazon Route 53 domain name that you want to hide registrant contact information.

Using AWS CLI

01 Run update-domain-contact-privacy command (OSX/Linux/UNIX) to enable registrant privacy protection in order to conceal contact information from WHOIS queries for the specified Amazon Route 53 domain name (see Audit section part II to identify the right domain):

aws route53domains update-domain-contact-privacy
	--domain-name cloudconformity.com
	--registrant-privacy

02 The command output should return an operation ID that can be used to track the progress and completion of the request. If the command request does not complete successfully, the domain registrant will be notified by email:

{
   "OperationId":"aaaabbbb-cccc-dddd-eeee-aabbccddeeaa"
}

03 Repeat step no. 1 and 2 for each Amazon Route 53 registered/transferred domain that you want to hide registrant contact information.

References

Publication date Oct 20, 2018