Route53 A Record does not have Attached Resource
Description
This check ensures that Route53 A records point to resources part of your Account rather than just random IP addresses. On the platform this check additionally compares IP's against provisioned EIP. In Checkov the graph correlates the A record against know AWS resources from EIP to Global Accelerator.
Code Example
go
resource "aws_route53_record" "pass" {
zone_id = data.aws_route53_zone.primary.zone_id
name = "dns.freebeer.site"
type = "A"
ttl = "300"
records = [aws_eip.fixed.public_ip]
}Remediation
Terraform
- Resource: aws_route53_record
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0460 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AWS_23 |