AWS Misconfigurations
Route53 Audit
Checks performed
- AWS CloudFront Distribution Alias Record Has No S3 origin
- AWS CloudFront Distribution CNAME Record Has No S3 origin
- AWS Config Should Be Enabled
- AWS Elastic Beanstalk Alias Records are Vulnerable
- AWS Elastic Beanstalk CNAME Records are Vulnerable
- Enable All AWS Organization Features
- AWS Organizations Should Be Used
- AWS Registered Domains Has No Hosted Zones
- AWS S3 Alias Records are vulnerable
- AWS S3 CNAME Records are vulnerable
- AWS Subdomain NS Records are Vulnerable
- AWS Config Log File Delivery Should Be Configured
- AWS Config Should Include Global Resources
- AWS Config Should Have S3 Bucket Configured
- Route 53 Auto Renew Should Be Enabled
- Route 53 Domain Expiry In 7 Days
- Route 53 Domain Expiry In 30 Days
- Route 53 Domain Expiry In 45 Days
- Route 53 Domains Should Be Locked
- Enable All AWS Organization Features
- AWS Organizations Should Be Used
- Route 53 Domains Should Have Privacy Protection Enabled
- Route 53 Should Be In Use
- Route 53 Query Logging Should Be Enabled
- Route 53 Hosted Zones Should Have Sender Policy Framework Record Present