Route53 Record Undefined
- Query id: 24d932e1-91f0-46ea-836f-fdbd81694151
- Query name: Route53 Record Undefined
- Platform: CloudFormation
- Severity: High
- Category: Networking and Firewall
- CWE: 778
- URL: Github
Description¶
Route53 HostedZone must have the Record Set defined.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Router53"
Resources:
HostedZone:
Type: AWS::Route53::HostedZone
Properties:
Name: "HostedZone"
Positive test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Router53",
"Resources": {
"HostedZone": {
"Type": "AWS::Route53::HostedZone",
"Properties": {
"Name": "HostedZone"
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Router53"
Resources:
HostedZone:
Type: AWS::Route53::HostedZone
Properties:
Name: "HostedZone"
RecordSet:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !Ref HostedZoneId
Name: !Join ['', [!Ref DomainName, '.', !Ref HostedZoneName, '.']]
Type: CNAME
TTL: '900'
ResourceRecords:
- !Ref DnsEndpoint
Negative test num. 2 - json file
{
"Description": "Router53",
"Resources": {
"HostedZone": {
"Type": "AWS::Route53::HostedZone",
"Properties": {
"Name": "HostedZone"
}
},
"RecordSet": {
"Type": "AWS::Route53::RecordSet",
"Properties": {
"HostedZoneId": "HostedZoneId",
"Name": [
"",
[
"DomainName",
".",
"HostedZoneName",
"."
]
],
"Type": "CNAME",
"TTL": "900",
"ResourceRecords": [
"DnsEndpoint"
]
}
}
},
"AWSTemplateFormatVersion": "2010-09-09"
}