Links

AWS Route53

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes

Design for High Availability

Design Guidance:

AWS::Route53::HealthCheck

Health Check Config
Terraform
Health Check Config-Disabled
Terraform
Health Check Config-Failure Threshold
Terraform
Health Check Config-Health Threshold
Terraform
Health Check Config-Insufficient Data Health Status
Terraform

AWS::Route53::RecordSet

Failover

AWS::Route53::RecordSetGroup

Record Sets-Failover

TLS

AWS::Route53::HealthCheck

Health Check Config-Type
Terraform

Asset Inventory

Design Guidance:

AWS::Route53::HealthCheck

Health Check Tags
Terraform

AWS::Route53::HostedZone

Hosted Zone Tags

Name/Address Resolution Integrity

Design Guidance:

AWS::Route53::HostedZone

Name

AWS::Route53::RecordSet

Alias Target-Dnsname
Alias Target-Hosted Zone Id
Hosted Zone Id
Hosted Zone Name
Name
Ttl

AWS::Route53::RecordSetGroup

Hosted Zone Id
Hosted Zone Name
Alias Target-Dnsname
Alias Target-Hosted Zone Id
Record Sets-Hosted Zone Id
Record Sets-Hosted Zone Name
Record Sets-Name
Record Sets-Ttl

Logging

Design Guidance:

AWS::Route53::HostedZone

Query Logging Config-Cloud Watch Logs Log Group Arn

Subnet Isolation

Design Guidance:

AWS::Route53::HostedZone

VPCs