AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Route 53 Domain Expiry In 7 Days
More Info:
All the domain names registered with AWS Route 53 or transferred to AWS Route 53 should be renewed 7 days before their validity period ends.
Risk Level
High
Address
Reliability, Security
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the Route 53 Domain Expiry in 7 Days issue in AWS using AWS console, follow the below steps:
- Log in to the AWS Management Console.
- Navigate to the Route 53 service.
- Click on the Registered Domains option in the left-hand menu.
- Select the domain that has an expiry date in 7 days.
- Click on the Renew button.
- Follow the on-screen instructions to complete the renewal process.
- Once the renewal is complete, verify that the expiry date has been extended to a later date.
Note: It is recommended to set up auto-renewal for your domain to avoid such issues in the future.
To remediate the Route 53 Domain Expiry in 7 days issue in AWS using AWS CLI, follow these steps:
-
Open the AWS CLI on your local machine.
-
Check the expiration date of the domain by running the following command:
aws route53domains get-domain-detail --domain-name <your-domain-name>
- If the domain is set to expire in 7 days or less, you need to renew it. Run the following command to renew the domain:
aws route53domains renew-domain --domain-name <your-domain-name> --duration-in-years <number-of-years-to-renew>
Note: You can specify the number of years you want to renew the domain for by replacing <number-of-years-to-renew> with the desired value.
-
After running the renew command, you will receive a confirmation message with the details of the renewal. Verify the details and confirm the renewal.
-
Once the renewal is confirmed, the domain will be renewed for the specified number of years and the expiration date will be updated.
-
Verify that the domain has been successfully renewed by running the
get-domain-detailcommand again. -
You have successfully remediated the Route 53 Domain Expiry in 7 Days issue.
To remediate the Route 53 Domain Expiry in 7 days issue in AWS using Python, you can follow the below steps:
- Install the
boto3library using the following command:
pip install boto3
-
Create an AWS IAM user with Route53 read-only access and generate the access key and secret key.
-
Create a Python script with the following code:
import boto3
from datetime import datetime, timedelta
# Set the AWS access key and secret key
access_key = 'YOUR_ACCESS_KEY'
secret_key = 'YOUR_SECRET_KEY'
# Create a Route53 client
client = boto3.client('route53', aws_access_key_id=access_key, aws_secret_access_key=secret_key)
# Get all the hosted zones
response = client.list_hosted_zones()
# Loop through each hosted zone
for zone in response['HostedZones']:
zone_id = zone['Id']
zone_name = zone['Name']
# Get the details of the hosted zone
zone_details = client.get_hosted_zone(Id=zone_id)
# Get the expiration date of the domain
domain_expiration_date = zone_details['DelegationSet']['NameServers'][0].split('.')[0]
# Calculate the number of days left for the domain to expire
days_left = (datetime.strptime(domain_expiration_date, '%Y%m%d') - datetime.now()).days
# If the domain is expiring in 7 days or less, update the domain
if days_left <= 7:
# Update the domain registration
response = client.update_domain_registration(
DomainName=zone_name
)
# Print the status of the update
print(f"Domain registration for {zone_name} has been updated. Status: {response['OperationStatus']}")
-
Replace the
YOUR_ACCESS_KEYandYOUR_SECRET_KEYplaceholders with the actual access key and secret key. -
Run the script using the following command:
python remediate_route53_expiry.py
This script will update the domain registration for all the hosted zones that are expiring in 7 days or less and print the status of the update.