Root Domain Alias Records that Point to ELB
Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!
Start a Free Trial
Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!
Start a Free TrialEnsure that the root domain alias record points to the Elastic Load Balancer (ELB) associated with your web-server layer. To route your root domain traffic to an ELB, use Amazon Route 53 service to create an alias record that points to your load balancer. An alias record provides a Route 53–specific extension to DNS functionality. Instead of an IP address or a domain name, an alias record must contain a pointer to your Elastic Load Balancer. Prior to running this rule by the Cloud Conformity engine, your root domain needs to be configured in the rule settings, on your Cloud Conformity account dashboard.
The Amazon Route 53 hosted zone can hold a special record type called "alias" that allows you to create an A record for the root domain and point it to the fully qualified domain (FQDN) of the AWS ELB associated with your web application layer. In the same way records for all other layers should be created in order to allow flexibility in the application design and avoid hardcoding the FQDN of a resource.
Note: Ensure that you replace all <root_domain_name> placeholders found in the conformity rule content with your own root domain name.
To determine if there is a Route 53 hosted zone that contains a root domain alias record that points to your ELB, available within your AWS account, perform the following actions:
01 Sign in to your Cloud Conformity console, access Check for Root Domain Alias Records that Point to ELB conformity rule settings and copy the root domain name configured for your web application (e.g. <root_domain_name>).
02 Sign in to the AWS Management Console.
03 Navigate to Route 53 dashboard at https://console.aws.amazon.com/route53/.
04 In the left navigation panel, under Dashboard, click Hosted Zones.
05 Select All Types from the dropdown list available under the dashboard top menu to list all your Route 53 hosted zones.
06 Paste the name of your root domain copied at step no. 1 inside the Search all fields box and press Enter. If the search process does not return any results and the following message is displayed: "You have no hosted zones with a keyword '<root_domain_name>'", there is no AWS Route 53 hosted zone created for the domain name used by your web application, therefore there isn't a root domain alias record that points to your Elastic Load Balancer (ELB).
01 Sign in to your Cloud Conformity console, access Check for Root Domain Alias Records that Point to ELB conformity rule settings and copy the root domain name configured for your web application (e.g. <root_domain_name>).
02 Run list-hosted-zones command (OSX/Linux/UNIX) using the name of the domain copied at the previous step as identifier and custom query filters to list the metadata of the AWS Route 53 hosted zone created for the root domain used by your web application. Replace <root_domain_name> with your own root domain name:
aws route53 list-hosted-zones --query "HostedZones[?Name == '<root_domain_name>.']"
03 The command output should return an array with the requested hosted zone metadata or an empty array if there is no hosted zone created for the specified domain name:
[]
To update your AWS Route 53 domains configuration and enable the Auto Renew feature, perform the following:
01 Sign in to your Cloud Conformity console, access Check for Root Domain Alias Records that Point to ELB conformity rule settings and copy your root domain name (e.g. <root_domain_name>).
02 Sign in to the AWS Management Console.
03 Navigate to Route 53 dashboard at https://console.aws.amazon.com/route53/.
04 In the left navigation panel, under Dashboard, click Hosted Zones.
05 Click Create Hosted Zones button from the AWS dashboard top menu.
06 In the Create Hosted Zone right panel, enter the following information:
07 On your newly created hosted zone page, follow the steps outlined in this conformity rule to create and configure the root domain alias record that needs to point to your web application load balancer.
01 Sign in to your Cloud Conformity console, access Check for Root Domain Alias Records that Point to ELB conformity rule settings and copy your root domain name (e.g. <root_domain_name>).
02 Run create-hosted-zone command (OSX/Linux/UNIX) using the name of the domain copied at the previous step for the --name parameter to create a new Amazon Route 53 hosted zone. The following command example creates a DNS hosted zone for a root domain name called <root_domain_name> and associate it with an AWS VPC identified by the ID "vpc-abcdabcd", available within the US East region. Replace <root_domain_name> with your own root domain name:
aws route53 create-hosted-zone --name <root_domain_name> --caller-reference 2018-04-14-17:33 --hosted-zone-config Comment="DNS hosted zone for <root_domain_name>." --vpc VPCRegion="us-east-1",VPCId="vpc-abcdabcd"
03 The command output should return the new hosted zone metadata:
{
"ChangeInfo": {
"Status": "PENDING",
"SubmittedAt": "2018-04-14T14:17:40.159Z",
"Id": "/change/AAABBBCCCDDDE"
},
"HostedZone": {
"ResourceRecordSetCount": 2,
"CallerReference": "2018-04-14-17:33",
"Config": {
"Comment": "DNS hosted zone for .",
"PrivateZone": false
},
"Id": "/hostedzone/AABBCC1234567",
"Name": "."
},
"VPC": {
"VPCId": "vpc-abcdabcd",
"VPCRegion": "us-east-1"
}
}
04 Follow the CLI steps outlined within this conformity rule to create and configure the root domain alias record that needs to point to your web application ELB.
Whether your AWS exploration is just starting to take shape, you’re mid-way through a migration or you’re already running complex workloads in the cloud, Cloud Conformity offers full visibility of your infrastructure and provides continuous assurance it’s secure, optimized and compliant.
Chat with us to set up your onboarding session and start a free trial.
Let’s Chat