AWS Route53
About
Monitor and audit Route53 to ensure security, availability, reliability is not compromised.
Security
Check if Privacy Protection is Enabled
Ensure that your Amazon Route 53 domains have Privacy Protection feature enabled in order to hide all their contact information from WHOIS queries and reduce the amount of spam received.
Ensure Route 53 Domains are Locked
Ensure that your AWS Route 53 registered domains are locked to prevent any unauthorized transfers to another domain name registrar.
Sender Policy Framework Record Present
Ensure your AWS Route 53 hosted zones have a TXT DNS record that contains a corresponding Sender Policy Framework (SPF) value set for each MX record available.
Reliability
Ensure that Auto Renew is Enabled
Ensure that AWS Route 53 Auto Renew feature is enabled to automatically renew your domain names as the expiration date approaches.
Identify Expired Domains
Identify and restore any expired domain names registered with AWS Route 53.
Domain Expiry 30 Days
Ensure that all the domain names registered with AWS Route 53 or transferred to AWS Route 53 are renewed 30 days before their validity period ends.
Domain Expiry 45 Days
Ensure that all the domain names registered with AWS Route 53 or transferred to AWS Route 53 are renewed 45 days before their validity period ends.
Domain Expiry 7 Days
Ensure that all the domain names registered with AWS Route 53 or transferred to AWS Route 53 are renewed 7 days before their validity period ends.
Route 53 In Use
Ensure that AWS Route 53 Domain Name System (DNS) service is used within your AWS account to manage DNS zones for your domains.
Sources
https://www.cloudanix.com/recipelist/aws/route53monitoring
Help Us Improve!
If you have any suggestions to improve this checklist, please let us know by filling out
this form.
