Ensure that your AWS Route 53 registered domains are locked to prevent any unauthorized transfers to another domain name registrar. Your domain names must have the Transfer Lock feature enabled. This feature sets the clientTransferProhibited flag which is a registry setting enabled by the registrar to force all transfer requests to be rejected automatically.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Enabling transfer locking for your domain names registered with AWS Route 53 or transferred to AWS Route 53 will provide an extra protection against domain hijacking.
Audit
To determine if your domain names have the Transfer Lock feature enabled, perform the following:
Remediation / Resolution
To update your AWS Route 53 domain names configuration and enable transfer locking, perform the following:
References
- AWS Documentation
- Amazon Route 53 FAQs
- Editing Contact Information and Other Settings for a Domain
- Viewing the Status of a Domain Transfer
- AWS Command Line Interface (CLI) Documentation
- route53domains
- list-domains
- get-domain-detail
- enable-domain-transfer-lock
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Route 53 Domain Transfer Lock
Risk level: Medium