Neglected assets

Route53 Record Pointing to Invalid Resource

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Orca has detected that certain DNS resource record sets under the hosted zone are aliased to resources which may not exist, are present in a different account, or are invalid Alias-Record values. DNS records which resolve to invalid resources may lead to subdomain takeover; a malicious party may create a new resource under their control at that address, and serve their content under your domain.

  • Recommended Mitigation

    Make sure alias records are pointing to valid resources. Remediate this by editing the resource record under the {AwsRoute53ResourceRecordSet.HostedZone} hosted zone, or removing the entry altogether.

Need help?

Get a free Security Risk Assessment. Start today

Orca Security Demo Demo the Orca Platform-> In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.