Rules Contributing to Suspicious AWS Route 53 Activity Alert

The following rules are used to identify suspicious activity within AWS Route 53 logs. Any one or more of these will trigger Suspicious AWS Route 53 Activity Alert. Details for each rule can be viewed by clicking the More Details link in the description.

Title

Description

AWS Route53 private hosted zone associated with a VPC

Identifies when a Route53 private hosted zone has been associated with VPC.

AWS Route 53 Domain Transfer Lock Disabled

Identifies when a transfer lock was removed from a Route 53 domain. It is recommended to refrain from performing this action unless intending to transfer the domain to a different registrar.

AWS Route 53 Domain Transferred to Another Account

Identifies when a request has been made to transfer a Route 53 domain to another AWS account.