Route 53 DNS record pointing to external or nonexistent S3 bucket

문서 > Datadog 보안 > OOTB Rules > Route 53 DNS record pointing to external or nonexistent S3 bucket

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

This control identifies misconfigured Amazon Route 53 DNS records that point to external or nonexistent S3 buckets. Such misconfigurations can introduce significant security risks, including unauthorized access or domain hijacking. If a DNS record points to an S3 bucket domain that no longer exists, an attacker can register the bucket name and intercept or manipulate traffic intended for the original destination. This could lead to data breaches, phishing attacks, or distribution of unauthorized content, impacting both security and compliance.

Remediation

If the DNS record is a resource record, look at its value field. If the DNS record is an alias target, look at its dns_name field.

If the offending S3 bucket exists and belongs to an AWS account that you own but is not integrated to Datadog, follow the Datadog AWS integration documentation to onboard the account to Datadog. Ensure that resource collection and Cloud Security are correctly configured.
If the offending S3 bucket exists and belongs to a trusted third-party AWS account, mute the finding and leave a comment documenting the justification.
If the offending S3 bucket does not exist, refer to the Editing records section of the Amazon Route 53 Developer Guide for instructions on how to delete or modify the offending record.