More Info:

All the domain names registered with AWS Route 53 or transferred to AWS Route 53 should be renewed 30 days before their validity period ends.

Risk Level

Medium

Address

Reliability, Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

To remediate the Route 53 Domain Expiry in 30 days issue in AWS using the AWS console, follow these steps:
  1. Log in to your AWS Management Console.
  2. Navigate to the Route 53 dashboard.
  3. In the left-hand navigation panel, click on the “Registered domains” option.
  4. Locate the domain that is expiring in 30 days and click on it.
  5. Click on the “Renew registration” button.
  6. Follow the prompts to renew the domain registration.
  7. Once the domain registration is renewed, verify that the domain expiry date has been updated to a future date.
By following these steps, you will have successfully remediated the Route 53 Domain Expiry in 30 Days issue in AWS.

To remediate the Route 53 Domain Expiry in 30 Days misconfiguration for AWS using AWS CLI, follow these steps:
  1. Install AWS CLI on your local machine if you haven’t already done so.
  2. Open a terminal or command prompt and run the following command to list all hosted zones in your AWS account:
aws route53 list-hosted-zones
  1. Identify the hosted zone that is expiring in 30 days or less. Note the value of the “Id” field for this hosted zone.
  2. Run the following command to get the details of the hosted zone:
aws route53 get-hosted-zone --id <hosted-zone-id>
Replace <hosted-zone-id> with the actual ID of the hosted zone you identified in step 3.
  1. Check the value of the “Expiration” field in the output of the previous command. If the value is less than 30 days from the current date, the hosted zone is expiring soon and needs to be renewed.
  2. To renew the hosted zone, run the following command:
aws route53 update-hosted-zone --id <hosted-zone-id> --auto-renew
Replace <hosted-zone-id> with the actual ID of the hosted zone you identified in step 3.
  1. Verify that the hosted zone has been renewed by running the following command:
aws route53 get-hosted-zone --id <hosted-zone-id>
Check the value of the “Expiration” field in the output of the previous command to ensure that it has been extended.By following these steps, you can remediate the Route 53 Domain Expiry in 30 Days misconfiguration for AWS using AWS CLI.
To remediate the Route 53 Domain Expiry in 30 days issue using Python, you can use the AWS SDK for Python (Boto3) to automate the process. Here are the steps:
  1. Install Boto3: Install the Boto3 library using pip by running the following command in your terminal:
pip install boto3
  1. Create an AWS IAM user: Create an IAM user with the necessary permissions to access Route 53 domains. The user should have the following permissions:
  • route53domains:ListDomains
  • route53domains:GetDomainDetail
  1. Configure AWS credentials: Configure your AWS credentials by setting the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables or by using the AWS CLI.
  2. Write Python code: Use the following Python code to remediate the Route 53 Domain Expiry in 30 days issue:
import boto3
import datetime

# Set the number of days before expiry
expiry_days = 30

# Create a Route 53 client
client = boto3.client('route53domains')

# Get a list of all domains
response = client.list_domains()

# Loop through each domain and check if it will expire in the next 30 days
for domain in response['Domains']:
    domain_name = domain['DomainName']
    expiration_date = domain['Expiry']
    days_left = (expiration_date - datetime.datetime.now()).days
    if days_left <= expiry_days:
        # Renew the domain
        client.renew_domain(
            DomainName=domain_name,
            DurationInYears=1
        )
This code will get a list of all Route 53 domains and check if they will expire in the next 30 days. If a domain is going to expire, it will be renewed for another year. You can schedule this Python script to run periodically to ensure that your domains are always up-to-date.

Additional Reading: