My Saved Presets
You must be logged in to view saved presets

Loading Library ...

Cloudformation Guard Rules for Amazon Route53

CloudFormation guard rules template for Amazon Route53 resources

The following rules are included: 

Route53 Hosted Zone:

  • Hosted Zone Logging Enabled

Route53 Firewall:

  • Firewall Rule Group Association Mutation Protection Enabled

let route53_hostedzones = Resources.*[
	Type == "AWS::Route53::HostedZone"
]

let route53resolver_firewallrulegroupassociation = Resources.*[
	Type == "AWS::Route53Resolver::FirewallRuleGroupAssociation"
]

rule route53_cloudwatch_logging_enabled when %route53_hostedzones !empty {
	%route53_hostedzones {
		Properties {
			when VPCs !exists {
				QueryLoggingConfig exists <<Query Logging is not configured. (i.e. disabled)>>
			}
		}
	}
}

rule route53_firewall_rule_group_association_mutation_protection when %route53resolver_firewallrulegroupassociation !empty {
	%route53resolver_firewallrulegroupassociation {
		Properties {
			MutationProtection exists <<MutationProtection is not configured. (i.e. disabled)>>
			when MutationProtection exists {
				MutationProtection == "ENABLED" <<Mutation protection is disabled.>>
			}
		}
	}
}

Actions



Customize Template

* Required field

© 2024 asecurecloud. All rights reserved.