AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

TLS- ChangeResourceRecordSets API in Route 53

0

****Just got the following message from AWS. Not sure what to do. As per this notice it says " ChangeResourceRecordSets" in route 53 affects this change. How and and where to upgrade TLS version for it? ********

AWS is updating the TLS configuration for all AWS API endpoints to a minimum of version TLS 1.2. In preparation for this update, we have identified TLS 1.0 or TLS 1.1 connections to AWS APIs from your account that must be updated to maintain AWS connectivity. Please update your client software as soon as possible to use TLS 1.2 or higher to avoid the risk of an availability impact.

We are making this change so our customers can benefit from the enforcement and simplification of only modern TLS encryption protocols. This update will remove the ability to use TLS versions 1.0 and 1.1 with all AWS APIs in all AWS Regions by June 28, 2023. Therefore, we recommend considering the time needed to verify your changes in a staging environment before introducing them into production.

How can I determine the client(s) I need to update? We have provided the connection details following this messaging to help you pinpoint your client software that is responsible for using TLS 1.0 or TLS 1.1, so you can update it accordingly. Additionally, our related AWS Security blog post [1] provides information on how you can use TLS information in the CloudTrail tlsDetails field.

Please see the following for further details on the TLS 1.0 or TLS 1.1 connections detected from your account between February 25, 2023 and March 13, 2023 (the UserAgent may be truncated due to a limit in the number of characters that can be displayed):

Region | Endpoint | API Event Name | TLS Version | Connection Count | UserAgent us-east-1 | route53.amazonaws.com | ChangeResourceRecordSets | TLSv1 | 1 | AWSPowerShell/3.1.36.1 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 WindowsPowerShell/5.0 ClientSync us-east-1 | route53.amazonaws.com | ListResourceRecordSets | TLSv1 | 1 | AWSPowerShell/3.1.36.1 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 WindowsPowerShell/5.0 ClientSync

주제
네트워킹 및 콘텐츠 전송사물 인터넷(IoT)AWS의 .NET
태그
아마존 루트 53전송 계층 보안(TLS)AWS의 .NET
언어
English
rePost-User-4258803
질문됨 일 년 전390회 조회
1개 답변
0

Based in the logs you have a windows devince running Windows 10 calling APi endpoints with PowerShell

One word, CLOUDTRAIL. Search cloudtrail for EventName of ChangeResourceRecordSets and ListResourceRecordSets

This will give you a list of resources (IAM users/roles) making those calls and should also contain the same header information etc to help you track down whos making these.

Route53 is a global service, so be sure to search us-east-1 cloudtrail

If this answers your question, please be sure to accept to help others and myself

profile picture
전문가
Gary Mclean
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠