AWS Route53 user chiming in here. I have IAM accounts and soft-token 2FA, and I like how minimal the R53 panel is. This makes me feel like I have a handle on things because there are so few paths to make changes. It also makes me worried I'm missing something. 7 years and no hacks (that I've detected). Knock on wood.
I'm guessing your domain wasn't a huge target then. There was a dns hijacking bug in r53 like 3-4 years ago that was fairly trivial to use. It allowed an arbitrary attacker to register new records to redirect your traffic and take a higher priority in the routing table. I probably shouldn't say much more about it because I don't think it was publicized after they fixed it.
That wasn't reaaaaly an AWS hack. BGP hacks are still an issue since it is mostly an honor system! There are no safeguards against this except fast admin.
Well, there was that too. What I was referring to was a specific issue that allowed you to add entries for domains in r53 which were already in use (in r53). I can't remember the specifics too well, but I think it was an api validation issue on one of the endpoints. It wasn't a "I own your domain now" so much as "I receive some of your traffic sometimes".
