I’ve been a Web Sec Engineer for a year now and I’d like to start sharing some of the scripts and tools I’ve made for myself to help others in a similar position.
The first being a simple AW Route 53 Monitor
The script is based off the steps put together by Cloud Conformity:
https://www.cloudconformity.com/knowledge-base/aws/Route53/dangling-dns-records.html
We have several AWS environments to monitor and thousands of Route53 entries so this came as a necessity to maintain the environment and to, as Cloud Conformity states:
>Ensure that any dangling DNS records are deleted from your Amazon Route 53 public hosted zones in order to maintain the integrity and authenticity of your domains/subdomains and to protect against domain hijacking attacks.
So to get it going, I set up access keys for every AWS env in my .aws/credentials file
[aws_env_1]
aws_access_key_id = imakeyid
aws_secret_access_key = imthekey[aws_env_2]
aws_access_key_id = imakeyid
aws_secret_access_key = imthekey[aws_env_3]
aws_access_key_id = imakeyid
aws_secret_access_key = imthekey
Then created an array of the credential names so I can cycle thru them and test them one at a time.
Once we have an environment session initialized
1. We retrieve a list of all DNS hosted zones.
2. Get associated Elastic IP addresses
3. Attempt to match the Elastic IP to an Ec2 instance in any of our regions
4. If no match is found, we add it to the Environment JSON
5. After the script finishes, the Environment JSON is turned into an HTML report and the JSON is saved.
6. The next time the script is executed it will compare the existing Environment JSON to the previous and will also generate a difference report.
Copy of tool here:
https://github.com/JesseClarkND/AWS-Route53-Monitor
