Ensure that your AWS Route 53 registered domains are locked to prevent any unauthorized transfers to another domain name registrar. Your domain names must have the Transfer Lock feature enabled. This feature sets the clientTransferProhibited flag which is a registry setting enabled by the registrar to force all transfer requests to be rejected automatically.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Enabling transfer locking for your domain names registered with AWS Route 53 or transferred to AWS Route 53 will provide an extra protection against domain hijacking.
To determine if your domain names have the Transfer Lock feature enabled, perform the following:
To update your AWS Route 53 domain names configuration and enable transfer locking, perform the following: