Can you perform audits on Route53 to see what was changed in the DNS records? Can you block access to route53 using IAM? I ask this because it wasn't possible a year ago.
Asked
Active
Viewed 6,765 times
2 Answers
2
Can you perform audits on Route53 to see what was changed in the DNS records?
If you mean who changed what, you can use
Cloudtrail (it logs everything from all AWS services): http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/logging-using-cloudtrail.html
AWS Config: https://aws.amazon.com/config/
If you just want to check what changed you can run tests using either:
AWS CLI or Console: https://www.cloudconformity.com/conformity-rules/Route53/sender-policy-framework-record-present.html
CLI53 Tool: https://github.com/barnybug/cli53
Gaia
- 1,895
-
1Suggest you add AWS Config to your answer : https://aws.amazon.com/config/ – Tim Mar 03 '17 at 05:01
1
Yes, you can provide an IAM policy that excludes Route53.
No, I'm not aware of any built-in auditing. You could, though, set something up via the APIs to periodically export your records and audit changes on your end.
ceejayoz
- 33,167