Ensure that the root domain alias record points to the Elastic Load Balancer (ELB) associated with your web-server layer. To route your root domain traffic to an ELB, use Amazon Route 53 service to create an alias record that points to your load balancer. An alias record provides a Route 53–specific extension to DNS functionality. Instead of an IP address or a domain name, an alias record must contain a pointer to your Elastic Load Balancer. Prior to running this rule by the Cloud Conformity engine, your root domain needs to be configured in the rule settings, on your Cloud Conformity account dashboard.
The Amazon Route 53 hosted zone can hold a special record type called "alias" that allows you to create an A record for the root domain and point it to the fully qualified domain (FQDN) of the AWS ELB associated with your web application layer. In the same way records for all other layers should be created in order to allow flexibility in the application design and avoid hardcoding the FQDN of a resource.
Note: Ensure that you replace all <root_domain_name> placeholders found in the conformity rule content with your own root domain name.
Audit
To determine if there is a Route 53 hosted zone that contains a root domain alias record that points to your ELB, available within your AWS account, perform the following actions:
Remediation / Resolution
To update your AWS Route 53 domains configuration and enable the Auto Renew feature, perform the following:
References
- AWS Documentation
- Amazon Route 53 FAQs
- Working with Public Hosted Zones
- Configuring Amazon Route 53 as Your DNS Service
- Routing Traffic to an ELB Load Balancer
- Values for Alias Records
- CIS Amazon Web Services Foundations
- AWS Command Line Interface (CLI) Documentation
- route53
- list-hosted-zones
- create-hosted-zone
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Root Domain Alias Records that Point to ELB
Risk level: Medium