What distinguishes the AWS Route53 Connector from other ways of adding assets to your Detectify account is that it allows you to automatically update the list with any new subdomains added to your zone. Adding assets to your account becomes a continuous process, not just a one-time thing, so you can skip all the manual work related to it.
By activating this connector, Detectify will be able to pull DNS records data from your AWS Route 53 into your Detectify account. This means domains, subdomains, anything made available in the sharing key. Since the information on Route 53 is constantly changing, this will also sync automatically with what’s shown on your Detectify dashboards to ensure your monitoring is up-to-date. Bare in mind that only domains and subdomains in public zones will be imported because these are the ones that are part of the external attack surface and can be assessed by us.
1. To activate the connector, go to your the Surface Monitoring page and click on the "Manage Route53" button in the top right corner.
3. Provide the AWS API keys with access to Route 53 key into the Detectify tool.
4. You can also choose to create the key with some access restrictions:
route53domains:ListDomains
route53:ListHostedZones
route53:ListResourceRecordSets
The last one can be restricted to specific hosted zones if you don't want to fetch all of them. Remember that only public zones will be imported and all private zones will be ignored.
Done!
Detectify will now automatically update or add subdomains for monitoring onto your account for the domains you’ve already verified on the Detectify platform.
You choose which subdomains you want to add as separate scan profiles and keep monitoring for subdomain takeovers.
Can too many requests to AWS Route53 API block our access?
We do as many requests as required to fetch the relevant data. We fetch 100 items per request, so the final number of all the requests sent from our end depends on how many items you have. If we hit the AWS global account rate-limit of 5 requests/sec while fetching the data, we’ll use longer waits between retries (exponential backoff). If you would happen to experience any issues with that, try using the same backoff procedure on your end.
Here you can read more about the Exponential Backoff:
https://aws.amazon.com/blogs/architecture/exponential-backoff-and-jitter/