Set up the route53 integration.
Detect when a requested domain resolves to the AWS Metadata IP (169.254.169.254).
Inspect the Route 53 logs and determine if the response data for a DNS request matches the AWS Metadata IP (169.254.169.254). This could indicate an attacker is attempting to steal your credentials from the AWS metadata service.
dns.question.name
) should be permitted. If not, conduct an investigation and determine what requested the domain and determine if the AWS metadata credentials were accessed by an attacker.