search

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform
https://user-guide.modernisation-platform.service.justice.gov.uk
MIT License
679 stars 290 forks source link

🔒️ Implement AWS Route53 Resolver DNS Firewall #7474

Open dms1981 opened 1 month ago

dms1981 commented 1 month ago

User Story

As a platform customer I want to be better protected against potential malware situations So that my account is better protected

Value / Purpose

As part of issue #6121 we looked at the NCSC PDNS. While we decided that it was not right for us, we can get an equivalent level of protection with AWS Route53 Resolver DNS Firewall.

This AWS service allows us to implement filtering of DNS requests against managed blocklists which should result in us being better secured against potential malware infections.

Useful Contacts

@dms1981

Additional Information

I would assume that this would be implemented through the same code we use to set up the Route53 Resolver logging.

I also assume we'd want to include alerting if a malware domain triggered the Route53 Resolver DNS Firewall.

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall.html

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_firewall_config

Definition of Done

dms1981 commented 1 month ago

Do we need to tie this into any alerting - is it possible to retrieve an event and send it to our high priority alerts channel as part of this implementation? Would we do this through the baselines module? Or would we apply it through the member-vpc module?