1. Packages
  2. AWS
  3. API Docs
  4. route53
  5. ResolverFirewallRule
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

aws.route53.ResolverFirewallRule

Explore with Pulumi AI

aws logo
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Provides a Route 53 Resolver DNS Firewall rule resource.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.route53.ResolverFirewallDomainList("example", {
        name: "example",
        domains: ["example.com"],
        tags: {},
    });
    const exampleResolverFirewallRuleGroup = new aws.route53.ResolverFirewallRuleGroup("example", {
        name: "example",
        tags: {},
    });
    const exampleResolverFirewallRule = new aws.route53.ResolverFirewallRule("example", {
        name: "example",
        action: "BLOCK",
        blockOverrideDnsType: "CNAME",
        blockOverrideDomain: "example.com",
        blockOverrideTtl: 1,
        blockResponse: "OVERRIDE",
        firewallDomainListId: example.id,
        firewallRuleGroupId: exampleResolverFirewallRuleGroup.id,
        priority: 100,
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.route53.ResolverFirewallDomainList("example",
        name="example",
        domains=["example.com"],
        tags={})
    example_resolver_firewall_rule_group = aws.route53.ResolverFirewallRuleGroup("example",
        name="example",
        tags={})
    example_resolver_firewall_rule = aws.route53.ResolverFirewallRule("example",
        name="example",
        action="BLOCK",
        block_override_dns_type="CNAME",
        block_override_domain="example.com",
        block_override_ttl=1,
        block_response="OVERRIDE",
        firewall_domain_list_id=example.id,
        firewall_rule_group_id=example_resolver_firewall_rule_group.id,
        priority=100)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := route53.NewResolverFirewallDomainList(ctx, "example", &route53.ResolverFirewallDomainListArgs{
    			Name: pulumi.String("example"),
    			Domains: pulumi.StringArray{
    				pulumi.String("example.com"),
    			},
    			Tags: pulumi.StringMap{},
    		})
    		if err != nil {
    			return err
    		}
    		exampleResolverFirewallRuleGroup, err := route53.NewResolverFirewallRuleGroup(ctx, "example", &route53.ResolverFirewallRuleGroupArgs{
    			Name: pulumi.String("example"),
    			Tags: pulumi.StringMap{},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = route53.NewResolverFirewallRule(ctx, "example", &route53.ResolverFirewallRuleArgs{
    			Name:                 pulumi.String("example"),
    			Action:               pulumi.String("BLOCK"),
    			BlockOverrideDnsType: pulumi.String("CNAME"),
    			BlockOverrideDomain:  pulumi.String("example.com"),
    			BlockOverrideTtl:     pulumi.Int(1),
    			BlockResponse:        pulumi.String("OVERRIDE"),
    			FirewallDomainListId: example.ID(),
    			FirewallRuleGroupId:  exampleResolverFirewallRuleGroup.ID(),
    			Priority:             pulumi.Int(100),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Route53.ResolverFirewallDomainList("example", new()
        {
            Name = "example",
            Domains = new[]
            {
                "example.com",
            },
            Tags = null,
        });
    
        var exampleResolverFirewallRuleGroup = new Aws.Route53.ResolverFirewallRuleGroup("example", new()
        {
            Name = "example",
            Tags = null,
        });
    
        var exampleResolverFirewallRule = new Aws.Route53.ResolverFirewallRule("example", new()
        {
            Name = "example",
            Action = "BLOCK",
            BlockOverrideDnsType = "CNAME",
            BlockOverrideDomain = "example.com",
            BlockOverrideTtl = 1,
            BlockResponse = "OVERRIDE",
            FirewallDomainListId = example.Id,
            FirewallRuleGroupId = exampleResolverFirewallRuleGroup.Id,
            Priority = 100,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.route53.ResolverFirewallDomainList;
    import com.pulumi.aws.route53.ResolverFirewallDomainListArgs;
    import com.pulumi.aws.route53.ResolverFirewallRuleGroup;
    import com.pulumi.aws.route53.ResolverFirewallRuleGroupArgs;
    import com.pulumi.aws.route53.ResolverFirewallRule;
    import com.pulumi.aws.route53.ResolverFirewallRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ResolverFirewallDomainList("example", ResolverFirewallDomainListArgs.builder()
                .name("example")
                .domains("example.com")
                .tags()
                .build());
    
            var exampleResolverFirewallRuleGroup = new ResolverFirewallRuleGroup("exampleResolverFirewallRuleGroup", ResolverFirewallRuleGroupArgs.builder()
                .name("example")
                .tags()
                .build());
    
            var exampleResolverFirewallRule = new ResolverFirewallRule("exampleResolverFirewallRule", ResolverFirewallRuleArgs.builder()
                .name("example")
                .action("BLOCK")
                .blockOverrideDnsType("CNAME")
                .blockOverrideDomain("example.com")
                .blockOverrideTtl(1)
                .blockResponse("OVERRIDE")
                .firewallDomainListId(example.id())
                .firewallRuleGroupId(exampleResolverFirewallRuleGroup.id())
                .priority(100)
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:route53:ResolverFirewallDomainList
        properties:
          name: example
          domains:
            - example.com
          tags: {}
      exampleResolverFirewallRuleGroup:
        type: aws:route53:ResolverFirewallRuleGroup
        name: example
        properties:
          name: example
          tags: {}
      exampleResolverFirewallRule:
        type: aws:route53:ResolverFirewallRule
        name: example
        properties:
          name: example
          action: BLOCK
          blockOverrideDnsType: CNAME
          blockOverrideDomain: example.com
          blockOverrideTtl: 1
          blockResponse: OVERRIDE
          firewallDomainListId: ${example.id}
          firewallRuleGroupId: ${exampleResolverFirewallRuleGroup.id}
          priority: 100
    

    Create ResolverFirewallRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ResolverFirewallRule(name: string, args: ResolverFirewallRuleArgs, opts?: CustomResourceOptions);
    @overload
    def ResolverFirewallRule(resource_name: str,
                             args: ResolverFirewallRuleArgs,
                             opts: Optional[ResourceOptions] = None)
    
    @overload
    def ResolverFirewallRule(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             action: Optional[str] = None,
                             firewall_domain_list_id: Optional[str] = None,
                             firewall_rule_group_id: Optional[str] = None,
                             priority: Optional[int] = None,
                             block_override_dns_type: Optional[str] = None,
                             block_override_domain: Optional[str] = None,
                             block_override_ttl: Optional[int] = None,
                             block_response: Optional[str] = None,
                             firewall_domain_redirection_action: Optional[str] = None,
                             name: Optional[str] = None,
                             q_type: Optional[str] = None)
    func NewResolverFirewallRule(ctx *Context, name string, args ResolverFirewallRuleArgs, opts ...ResourceOption) (*ResolverFirewallRule, error)
    public ResolverFirewallRule(string name, ResolverFirewallRuleArgs args, CustomResourceOptions? opts = null)
    public ResolverFirewallRule(String name, ResolverFirewallRuleArgs args)
    public ResolverFirewallRule(String name, ResolverFirewallRuleArgs args, CustomResourceOptions options)
    
    type: aws:route53:ResolverFirewallRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ResolverFirewallRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ResolverFirewallRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ResolverFirewallRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ResolverFirewallRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ResolverFirewallRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var resolverFirewallRuleResource = new Aws.Route53.ResolverFirewallRule("resolverFirewallRuleResource", new()
    {
        Action = "string",
        FirewallDomainListId = "string",
        FirewallRuleGroupId = "string",
        Priority = 0,
        BlockOverrideDnsType = "string",
        BlockOverrideDomain = "string",
        BlockOverrideTtl = 0,
        BlockResponse = "string",
        FirewallDomainRedirectionAction = "string",
        Name = "string",
        QType = "string",
    });
    
    example, err := route53.NewResolverFirewallRule(ctx, "resolverFirewallRuleResource", &route53.ResolverFirewallRuleArgs{
    	Action:                          pulumi.String("string"),
    	FirewallDomainListId:            pulumi.String("string"),
    	FirewallRuleGroupId:             pulumi.String("string"),
    	Priority:                        pulumi.Int(0),
    	BlockOverrideDnsType:            pulumi.String("string"),
    	BlockOverrideDomain:             pulumi.String("string"),
    	BlockOverrideTtl:                pulumi.Int(0),
    	BlockResponse:                   pulumi.String("string"),
    	FirewallDomainRedirectionAction: pulumi.String("string"),
    	Name:                            pulumi.String("string"),
    	QType:                           pulumi.String("string"),
    })
    
    var resolverFirewallRuleResource = new ResolverFirewallRule("resolverFirewallRuleResource", ResolverFirewallRuleArgs.builder()
        .action("string")
        .firewallDomainListId("string")
        .firewallRuleGroupId("string")
        .priority(0)
        .blockOverrideDnsType("string")
        .blockOverrideDomain("string")
        .blockOverrideTtl(0)
        .blockResponse("string")
        .firewallDomainRedirectionAction("string")
        .name("string")
        .qType("string")
        .build());
    
    resolver_firewall_rule_resource = aws.route53.ResolverFirewallRule("resolverFirewallRuleResource",
        action="string",
        firewall_domain_list_id="string",
        firewall_rule_group_id="string",
        priority=0,
        block_override_dns_type="string",
        block_override_domain="string",
        block_override_ttl=0,
        block_response="string",
        firewall_domain_redirection_action="string",
        name="string",
        q_type="string")
    
    const resolverFirewallRuleResource = new aws.route53.ResolverFirewallRule("resolverFirewallRuleResource", {
        action: "string",
        firewallDomainListId: "string",
        firewallRuleGroupId: "string",
        priority: 0,
        blockOverrideDnsType: "string",
        blockOverrideDomain: "string",
        blockOverrideTtl: 0,
        blockResponse: "string",
        firewallDomainRedirectionAction: "string",
        name: "string",
        qType: "string",
    });
    
    type: aws:route53:ResolverFirewallRule
    properties:
        action: string
        blockOverrideDnsType: string
        blockOverrideDomain: string
        blockOverrideTtl: 0
        blockResponse: string
        firewallDomainListId: string
        firewallDomainRedirectionAction: string
        firewallRuleGroupId: string
        name: string
        priority: 0
        qType: string
    

    ResolverFirewallRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ResolverFirewallRule resource accepts the following input properties:

    Action string
    The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: ALLOW, BLOCK, ALERT.
    FirewallDomainListId string
    The ID of the domain list that you want to use in the rule.
    FirewallRuleGroupId string
    The unique identifier of the firewall rule group where you want to create the rule.
    Priority int
    The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
    BlockOverrideDnsType string
    The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
    BlockOverrideDomain string
    The custom DNS record to send back in response to the query.
    BlockOverrideTtl int
    The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
    BlockResponse string
    The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
    FirewallDomainRedirectionAction string
    Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
    Name string
    A name that lets you identify the rule, to manage and use it.
    QType string
    The query type you want the rule to evaluate. Additional details can be found here
    Action string
    The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: ALLOW, BLOCK, ALERT.
    FirewallDomainListId string
    The ID of the domain list that you want to use in the rule.
    FirewallRuleGroupId string
    The unique identifier of the firewall rule group where you want to create the rule.
    Priority int
    The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
    BlockOverrideDnsType string
    The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
    BlockOverrideDomain string
    The custom DNS record to send back in response to the query.
    BlockOverrideTtl int
    The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
    BlockResponse string
    The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
    FirewallDomainRedirectionAction string
    Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
    Name string
    A name that lets you identify the rule, to manage and use it.
    QType string
    The query type you want the rule to evaluate. Additional details can be found here
    action String
    The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: ALLOW, BLOCK, ALERT.
    firewallDomainListId String
    The ID of the domain list that you want to use in the rule.
    firewallRuleGroupId String
    The unique identifier of the firewall rule group where you want to create the rule.
    priority Integer
    The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
    blockOverrideDnsType String
    The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
    blockOverrideDomain String
    The custom DNS record to send back in response to the query.
    blockOverrideTtl Integer
    The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
    blockResponse String
    The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
    firewallDomainRedirectionAction String
    Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
    name String
    A name that lets you identify the rule, to manage and use it.
    qType String
    The query type you want the rule to evaluate. Additional details can be found here
    action string
    The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: ALLOW, BLOCK, ALERT.
    firewallDomainListId string
    The ID of the domain list that you want to use in the rule.
    firewallRuleGroupId string
    The unique identifier of the firewall rule group where you want to create the rule.
    priority number
    The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
    blockOverrideDnsType string
    The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
    blockOverrideDomain string
    The custom DNS record to send back in response to the query.
    blockOverrideTtl number
    The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
    blockResponse string
    The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
    firewallDomainRedirectionAction string
    Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
    name string
    A name that lets you identify the rule, to manage and use it.
    qType string
    The query type you want the rule to evaluate. Additional details can be found here
    action str
    The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: ALLOW, BLOCK, ALERT.
    firewall_domain_list_id str
    The ID of the domain list that you want to use in the rule.
    firewall_rule_group_id str
    The unique identifier of the firewall rule group where you want to create the rule.
    priority int
    The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
    block_override_dns_type str
    The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
    block_override_domain str
    The custom DNS record to send back in response to the query.
    block_override_ttl int
    The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
    block_response str
    The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
    firewall_domain_redirection_action str
    Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
    name str
    A name that lets you identify the rule, to manage and use it.
    q_type str
    The query type you want the rule to evaluate. Additional details can be found here
    action String
    The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: ALLOW, BLOCK, ALERT.
    firewallDomainListId String
    The ID of the domain list that you want to use in the rule.
    firewallRuleGroupId String
    The unique identifier of the firewall rule group where you want to create the rule.
    priority Number
    The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
    blockOverrideDnsType String
    The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
    blockOverrideDomain String
    The custom DNS record to send back in response to the query.
    blockOverrideTtl Number
    The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
    blockResponse String
    The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
    firewallDomainRedirectionAction String
    Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
    name String
    A name that lets you identify the rule, to manage and use it.
    qType String
    The query type you want the rule to evaluate. Additional details can be found here

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ResolverFirewallRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ResolverFirewallRule Resource

    Get an existing ResolverFirewallRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ResolverFirewallRuleState, opts?: CustomResourceOptions): ResolverFirewallRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            action: Optional[str] = None,
            block_override_dns_type: Optional[str] = None,
            block_override_domain: Optional[str] = None,
            block_override_ttl: Optional[int] = None,
            block_response: Optional[str] = None,
            firewall_domain_list_id: Optional[str] = None,
            firewall_domain_redirection_action: Optional[str] = None,
            firewall_rule_group_id: Optional[str] = None,
            name: Optional[str] = None,
            priority: Optional[int] = None,
            q_type: Optional[str] = None) -> ResolverFirewallRule
    func GetResolverFirewallRule(ctx *Context, name string, id IDInput, state *ResolverFirewallRuleState, opts ...ResourceOption) (*ResolverFirewallRule, error)
    public static ResolverFirewallRule Get(string name, Input<string> id, ResolverFirewallRuleState? state, CustomResourceOptions? opts = null)
    public static ResolverFirewallRule get(String name, Output<String> id, ResolverFirewallRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Action string
    The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: ALLOW, BLOCK, ALERT.
    BlockOverrideDnsType string
    The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
    BlockOverrideDomain string
    The custom DNS record to send back in response to the query.
    BlockOverrideTtl int
    The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
    BlockResponse string
    The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
    FirewallDomainListId string
    The ID of the domain list that you want to use in the rule.
    FirewallDomainRedirectionAction string
    Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
    FirewallRuleGroupId string
    The unique identifier of the firewall rule group where you want to create the rule.
    Name string
    A name that lets you identify the rule, to manage and use it.
    Priority int
    The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
    QType string
    The query type you want the rule to evaluate. Additional details can be found here
    Action string
    The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: ALLOW, BLOCK, ALERT.
    BlockOverrideDnsType string
    The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
    BlockOverrideDomain string
    The custom DNS record to send back in response to the query.
    BlockOverrideTtl int
    The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
    BlockResponse string
    The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
    FirewallDomainListId string
    The ID of the domain list that you want to use in the rule.
    FirewallDomainRedirectionAction string
    Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
    FirewallRuleGroupId string
    The unique identifier of the firewall rule group where you want to create the rule.
    Name string
    A name that lets you identify the rule, to manage and use it.
    Priority int
    The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
    QType string
    The query type you want the rule to evaluate. Additional details can be found here
    action String
    The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: ALLOW, BLOCK, ALERT.
    blockOverrideDnsType String
    The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
    blockOverrideDomain String
    The custom DNS record to send back in response to the query.
    blockOverrideTtl Integer
    The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
    blockResponse String
    The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
    firewallDomainListId String
    The ID of the domain list that you want to use in the rule.
    firewallDomainRedirectionAction String
    Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
    firewallRuleGroupId String
    The unique identifier of the firewall rule group where you want to create the rule.
    name String
    A name that lets you identify the rule, to manage and use it.
    priority Integer
    The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
    qType String
    The query type you want the rule to evaluate. Additional details can be found here
    action string
    The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: ALLOW, BLOCK, ALERT.
    blockOverrideDnsType string
    The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
    blockOverrideDomain string
    The custom DNS record to send back in response to the query.
    blockOverrideTtl number
    The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
    blockResponse string
    The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
    firewallDomainListId string
    The ID of the domain list that you want to use in the rule.
    firewallDomainRedirectionAction string
    Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
    firewallRuleGroupId string
    The unique identifier of the firewall rule group where you want to create the rule.
    name string
    A name that lets you identify the rule, to manage and use it.
    priority number
    The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
    qType string
    The query type you want the rule to evaluate. Additional details can be found here
    action str
    The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: ALLOW, BLOCK, ALERT.
    block_override_dns_type str
    The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
    block_override_domain str
    The custom DNS record to send back in response to the query.
    block_override_ttl int
    The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
    block_response str
    The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
    firewall_domain_list_id str
    The ID of the domain list that you want to use in the rule.
    firewall_domain_redirection_action str
    Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
    firewall_rule_group_id str
    The unique identifier of the firewall rule group where you want to create the rule.
    name str
    A name that lets you identify the rule, to manage and use it.
    priority int
    The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
    q_type str
    The query type you want the rule to evaluate. Additional details can be found here
    action String
    The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: ALLOW, BLOCK, ALERT.
    blockOverrideDnsType String
    The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
    blockOverrideDomain String
    The custom DNS record to send back in response to the query.
    blockOverrideTtl Number
    The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
    blockResponse String
    The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
    firewallDomainListId String
    The ID of the domain list that you want to use in the rule.
    firewallDomainRedirectionAction String
    Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
    firewallRuleGroupId String
    The unique identifier of the firewall rule group where you want to create the rule.
    name String
    A name that lets you identify the rule, to manage and use it.
    priority Number
    The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
    qType String
    The query type you want the rule to evaluate. Additional details can be found here

    Import

    Using pulumi import, import Route 53 Resolver DNS Firewall rules using the Route 53 Resolver DNS Firewall rule group ID and domain list ID separated by ‘:’. For example:

    $ pulumi import aws:route53/resolverFirewallRule:ResolverFirewallRule example rslvr-frg-0123456789abcdef:rslvr-fdl-0123456789abcdef
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi