TLS- ChangeResourceRecordSets API in Route 53


****Just got the following message from AWS. Not sure what to do. As per this notice it says " ChangeResourceRecordSets" in route 53 affects this change. How and and where to upgrade TLS version for it? ********

AWS is updating the TLS configuration for all AWS API endpoints to a minimum of version TLS 1.2. In preparation for this update, we have identified TLS 1.0 or TLS 1.1 connections to AWS APIs from your account that must be updated to maintain AWS connectivity. Please update your client software as soon as possible to use TLS 1.2 or higher to avoid the risk of an availability impact.

We are making this change so our customers can benefit from the enforcement and simplification of only modern TLS encryption protocols. This update will remove the ability to use TLS versions 1.0 and 1.1 with all AWS APIs in all AWS Regions by June 28, 2023. Therefore, we recommend considering the time needed to verify your changes in a staging environment before introducing them into production.

How can I determine the client(s) I need to update? We have provided the connection details following this messaging to help you pinpoint your client software that is responsible for using TLS 1.0 or TLS 1.1, so you can update it accordingly. Additionally, our related AWS Security blog post [1] provides information on how you can use TLS information in the CloudTrail tlsDetails field.

Please see the following for further details on the TLS 1.0 or TLS 1.1 connections detected from your account between February 25, 2023 and March 13, 2023 (the UserAgent may be truncated due to a limit in the number of characters that can be displayed):

Region | Endpoint | API Event Name | TLS Version | Connection Count | UserAgent us-east-1 | | ChangeResourceRecordSets | TLSv1 | 1 | AWSPowerShell/ .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 WindowsPowerShell/5.0 ClientSync us-east-1 | | ListResourceRecordSets | TLSv1 | 1 | AWSPowerShell/ .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 WindowsPowerShell/5.0 ClientSync

1 Answer

Based in the logs you have a windows devince running Windows 10 calling APi endpoints with PowerShell

One word, CLOUDTRAIL. Search cloudtrail for EventName of ChangeResourceRecordSets and ListResourceRecordSets

This will give you a list of resources (IAM users/roles) making those calls and should also contain the same header information etc to help you track down whos making these.

Route53 is a global service, so be sure to search us-east-1 cloudtrail

If this answers your question, please be sure to accept to help others and myself

profile picture
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions