AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
DKIM Should Be Verified
More Info:
The DomainKeys Identified Mail (DKIM) be verified in your SES configuration.
Risk Level
High
Address
Security
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration of DKIM not being verified in AWS SES using the AWS console, follow these steps:
-
Sign in to the AWS Management Console:
- Go to the AWS SES console at https://console.aws.amazon.com/ses/.
-
Navigate to the Identity Management section:
- In the AWS SES console, on the left-hand side, click on “Identity Management” and then click on “Email addresses”.
-
Select the domain for which DKIM needs to be verified:
- Click on the domain for which you want to verify DKIM.
-
Verify DKIM for the selected domain:
- Under the “Domain details” section, find the “Domain authentication” tab.
- Click on the “Verify a new DKIM” button.
- You will be provided with a set of CNAME records that you need to add to your domain’s DNS settings.
-
Add DKIM CNAME records to your DNS settings:
- Login to your domain registrar or DNS hosting provider where your domain is hosted.
- Add the CNAME records provided by AWS SES to your DNS settings.
- It may take some time for the DNS changes to propagate.
-
Verify DKIM after adding CNAME records:
- Go back to the AWS SES console.
- Click on the “Verify this record set” button to confirm that the CNAME records have been added correctly.
- Once verified, the DKIM status for your domain should show as “Verified”.
-
Monitor DKIM status:
- Regularly check the DKIM status in the AWS SES console to ensure that it remains verified.
- If there are any issues, follow the instructions provided in the console to troubleshoot and resolve them.
By following these steps, you can remediate the misconfiguration of DKIM not being verified in AWS SES using the AWS console.
To remediate the misconfiguration of DKIM not being verified in AWS SES using AWS CLI, follow these steps:
- List your verified domains by running the following command:
aws ses list-identities --identity-type Domain
-
Identify the domain for which you want to enable DKIM verification.
-
Verify the domain by running the following command:
aws ses verify-domain-dkim --domain example.com
Replace example.com with your actual domain name.
-
After verifying the domain, you will receive a set of CNAME records that you need to add to your DNS configuration. These records are used to verify the ownership of the domain.
-
Add the CNAME records to your DNS configuration with the values provided by AWS SES.
-
Once the DNS changes have propagated, you can enable DKIM verification for the domain by running the following command:
aws ses set-identity-dkim-enabled --identity example.com --dkim-enabled
Replace example.com with your actual domain name.
- Verify that DKIM verification is enabled for the domain by running the following command:
aws ses get-identity-dkim-attributes --identities example.com
Replace example.com with your actual domain name.
By following these steps, you can remediate the misconfiguration of DKIM not being verified in AWS SES using AWS CLI.
To remediate the misconfiguration of DKIM not being verified for AWS SES using Python, follow these steps:
- Install the AWS SDK for Python (Boto3) by running the following command:
pip install boto3
- Create a Python script with the following code snippet to enable DKIM verification for your AWS SES domain:
import boto3
def enable_dkim_verification():
ses_client = boto3.client('ses', region_name='us-east-1') # Update the region as per your SES configuration
domain_identity = 'your_domain_here.com' # Update with your SES domain
response = ses_client.verify_domain_dkim(
Domain=domain_identity
)
print(response)
if __name__ == '__main__':
enable_dkim_verification()
-
Replace
your_domain_here.comwith your actual SES domain in the code snippet. -
Run the Python script using the command line or your preferred Python IDE.
-
Verify that DKIM has been successfully enabled for your SES domain by checking the response from the
verify_domain_dkimAPI call.
By following these steps, you can use Python and Boto3 to remediate the misconfiguration of DKIM not being verified for AWS SES.