aws.route53.ResolverFirewallRule
Explore with Pulumi AI
Provides a Route 53 Resolver DNS Firewall rule resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.route53.ResolverFirewallDomainList("example", {
name: "example",
domains: ["example.com"],
tags: {},
});
const exampleResolverFirewallRuleGroup = new aws.route53.ResolverFirewallRuleGroup("example", {
name: "example",
tags: {},
});
const exampleResolverFirewallRule = new aws.route53.ResolverFirewallRule("example", {
name: "example",
action: "BLOCK",
blockOverrideDnsType: "CNAME",
blockOverrideDomain: "example.com",
blockOverrideTtl: 1,
blockResponse: "OVERRIDE",
firewallDomainListId: example.id,
firewallRuleGroupId: exampleResolverFirewallRuleGroup.id,
priority: 100,
});
import pulumi
import pulumi_aws as aws
example = aws.route53.ResolverFirewallDomainList("example",
name="example",
domains=["example.com"],
tags={})
example_resolver_firewall_rule_group = aws.route53.ResolverFirewallRuleGroup("example",
name="example",
tags={})
example_resolver_firewall_rule = aws.route53.ResolverFirewallRule("example",
name="example",
action="BLOCK",
block_override_dns_type="CNAME",
block_override_domain="example.com",
block_override_ttl=1,
block_response="OVERRIDE",
firewall_domain_list_id=example.id,
firewall_rule_group_id=example_resolver_firewall_rule_group.id,
priority=100)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := route53.NewResolverFirewallDomainList(ctx, "example", &route53.ResolverFirewallDomainListArgs{
Name: pulumi.String("example"),
Domains: pulumi.StringArray{
pulumi.String("example.com"),
},
Tags: pulumi.StringMap{},
})
if err != nil {
return err
}
exampleResolverFirewallRuleGroup, err := route53.NewResolverFirewallRuleGroup(ctx, "example", &route53.ResolverFirewallRuleGroupArgs{
Name: pulumi.String("example"),
Tags: pulumi.StringMap{},
})
if err != nil {
return err
}
_, err = route53.NewResolverFirewallRule(ctx, "example", &route53.ResolverFirewallRuleArgs{
Name: pulumi.String("example"),
Action: pulumi.String("BLOCK"),
BlockOverrideDnsType: pulumi.String("CNAME"),
BlockOverrideDomain: pulumi.String("example.com"),
BlockOverrideTtl: pulumi.Int(1),
BlockResponse: pulumi.String("OVERRIDE"),
FirewallDomainListId: example.ID(),
FirewallRuleGroupId: exampleResolverFirewallRuleGroup.ID(),
Priority: pulumi.Int(100),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Route53.ResolverFirewallDomainList("example", new()
{
Name = "example",
Domains = new[]
{
"example.com",
},
Tags = null,
});
var exampleResolverFirewallRuleGroup = new Aws.Route53.ResolverFirewallRuleGroup("example", new()
{
Name = "example",
Tags = null,
});
var exampleResolverFirewallRule = new Aws.Route53.ResolverFirewallRule("example", new()
{
Name = "example",
Action = "BLOCK",
BlockOverrideDnsType = "CNAME",
BlockOverrideDomain = "example.com",
BlockOverrideTtl = 1,
BlockResponse = "OVERRIDE",
FirewallDomainListId = example.Id,
FirewallRuleGroupId = exampleResolverFirewallRuleGroup.Id,
Priority = 100,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.route53.ResolverFirewallDomainList;
import com.pulumi.aws.route53.ResolverFirewallDomainListArgs;
import com.pulumi.aws.route53.ResolverFirewallRuleGroup;
import com.pulumi.aws.route53.ResolverFirewallRuleGroupArgs;
import com.pulumi.aws.route53.ResolverFirewallRule;
import com.pulumi.aws.route53.ResolverFirewallRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResolverFirewallDomainList("example", ResolverFirewallDomainListArgs.builder()
.name("example")
.domains("example.com")
.tags()
.build());
var exampleResolverFirewallRuleGroup = new ResolverFirewallRuleGroup("exampleResolverFirewallRuleGroup", ResolverFirewallRuleGroupArgs.builder()
.name("example")
.tags()
.build());
var exampleResolverFirewallRule = new ResolverFirewallRule("exampleResolverFirewallRule", ResolverFirewallRuleArgs.builder()
.name("example")
.action("BLOCK")
.blockOverrideDnsType("CNAME")
.blockOverrideDomain("example.com")
.blockOverrideTtl(1)
.blockResponse("OVERRIDE")
.firewallDomainListId(example.id())
.firewallRuleGroupId(exampleResolverFirewallRuleGroup.id())
.priority(100)
.build());
}
}
resources:
example:
type: aws:route53:ResolverFirewallDomainList
properties:
name: example
domains:
- example.com
tags: {}
exampleResolverFirewallRuleGroup:
type: aws:route53:ResolverFirewallRuleGroup
name: example
properties:
name: example
tags: {}
exampleResolverFirewallRule:
type: aws:route53:ResolverFirewallRule
name: example
properties:
name: example
action: BLOCK
blockOverrideDnsType: CNAME
blockOverrideDomain: example.com
blockOverrideTtl: 1
blockResponse: OVERRIDE
firewallDomainListId: ${example.id}
firewallRuleGroupId: ${exampleResolverFirewallRuleGroup.id}
priority: 100
Create ResolverFirewallRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ResolverFirewallRule(name: string, args: ResolverFirewallRuleArgs, opts?: CustomResourceOptions);
@overload
def ResolverFirewallRule(resource_name: str,
args: ResolverFirewallRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ResolverFirewallRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
firewall_domain_list_id: Optional[str] = None,
firewall_rule_group_id: Optional[str] = None,
priority: Optional[int] = None,
block_override_dns_type: Optional[str] = None,
block_override_domain: Optional[str] = None,
block_override_ttl: Optional[int] = None,
block_response: Optional[str] = None,
firewall_domain_redirection_action: Optional[str] = None,
name: Optional[str] = None,
q_type: Optional[str] = None)
func NewResolverFirewallRule(ctx *Context, name string, args ResolverFirewallRuleArgs, opts ...ResourceOption) (*ResolverFirewallRule, error)
public ResolverFirewallRule(string name, ResolverFirewallRuleArgs args, CustomResourceOptions? opts = null)
public ResolverFirewallRule(String name, ResolverFirewallRuleArgs args)
public ResolverFirewallRule(String name, ResolverFirewallRuleArgs args, CustomResourceOptions options)
type: aws:route53:ResolverFirewallRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ResolverFirewallRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ResolverFirewallRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ResolverFirewallRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ResolverFirewallRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ResolverFirewallRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var resolverFirewallRuleResource = new Aws.Route53.ResolverFirewallRule("resolverFirewallRuleResource", new()
{
Action = "string",
FirewallDomainListId = "string",
FirewallRuleGroupId = "string",
Priority = 0,
BlockOverrideDnsType = "string",
BlockOverrideDomain = "string",
BlockOverrideTtl = 0,
BlockResponse = "string",
FirewallDomainRedirectionAction = "string",
Name = "string",
QType = "string",
});
example, err := route53.NewResolverFirewallRule(ctx, "resolverFirewallRuleResource", &route53.ResolverFirewallRuleArgs{
Action: pulumi.String("string"),
FirewallDomainListId: pulumi.String("string"),
FirewallRuleGroupId: pulumi.String("string"),
Priority: pulumi.Int(0),
BlockOverrideDnsType: pulumi.String("string"),
BlockOverrideDomain: pulumi.String("string"),
BlockOverrideTtl: pulumi.Int(0),
BlockResponse: pulumi.String("string"),
FirewallDomainRedirectionAction: pulumi.String("string"),
Name: pulumi.String("string"),
QType: pulumi.String("string"),
})
var resolverFirewallRuleResource = new ResolverFirewallRule("resolverFirewallRuleResource", ResolverFirewallRuleArgs.builder()
.action("string")
.firewallDomainListId("string")
.firewallRuleGroupId("string")
.priority(0)
.blockOverrideDnsType("string")
.blockOverrideDomain("string")
.blockOverrideTtl(0)
.blockResponse("string")
.firewallDomainRedirectionAction("string")
.name("string")
.qType("string")
.build());
resolver_firewall_rule_resource = aws.route53.ResolverFirewallRule("resolverFirewallRuleResource",
action="string",
firewall_domain_list_id="string",
firewall_rule_group_id="string",
priority=0,
block_override_dns_type="string",
block_override_domain="string",
block_override_ttl=0,
block_response="string",
firewall_domain_redirection_action="string",
name="string",
q_type="string")
const resolverFirewallRuleResource = new aws.route53.ResolverFirewallRule("resolverFirewallRuleResource", {
action: "string",
firewallDomainListId: "string",
firewallRuleGroupId: "string",
priority: 0,
blockOverrideDnsType: "string",
blockOverrideDomain: "string",
blockOverrideTtl: 0,
blockResponse: "string",
firewallDomainRedirectionAction: "string",
name: "string",
qType: "string",
});
type: aws:route53:ResolverFirewallRule
properties:
action: string
blockOverrideDnsType: string
blockOverrideDomain: string
blockOverrideTtl: 0
blockResponse: string
firewallDomainListId: string
firewallDomainRedirectionAction: string
firewallRuleGroupId: string
name: string
priority: 0
qType: string
ResolverFirewallRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ResolverFirewallRule resource accepts the following input properties:
- Action string
- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values:
ALLOW
,BLOCK
,ALERT
. - Firewall
Domain stringList Id - The ID of the domain list that you want to use in the rule.
- Firewall
Rule stringGroup Id - The unique identifier of the firewall rule group where you want to create the rule.
- Priority int
- The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
- Block
Override stringDns Type - The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values:
CNAME
. - Block
Override stringDomain - The custom DNS record to send back in response to the query.
- Block
Override intTtl - The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
- Block
Response string - The way that you want DNS Firewall to block the request. Valid values:
NODATA
,NXDOMAIN
,OVERRIDE
. - Firewall
Domain stringRedirection Action - Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are
INSPECT_REDIRECTION_DOMAIN
andTRUST_REDIRECTION_DOMAIN
. Default value isINSPECT_REDIRECTION_DOMAIN
. - Name string
- A name that lets you identify the rule, to manage and use it.
- QType string
- The query type you want the rule to evaluate. Additional details can be found here
- Action string
- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values:
ALLOW
,BLOCK
,ALERT
. - Firewall
Domain stringList Id - The ID of the domain list that you want to use in the rule.
- Firewall
Rule stringGroup Id - The unique identifier of the firewall rule group where you want to create the rule.
- Priority int
- The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
- Block
Override stringDns Type - The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values:
CNAME
. - Block
Override stringDomain - The custom DNS record to send back in response to the query.
- Block
Override intTtl - The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
- Block
Response string - The way that you want DNS Firewall to block the request. Valid values:
NODATA
,NXDOMAIN
,OVERRIDE
. - Firewall
Domain stringRedirection Action - Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are
INSPECT_REDIRECTION_DOMAIN
andTRUST_REDIRECTION_DOMAIN
. Default value isINSPECT_REDIRECTION_DOMAIN
. - Name string
- A name that lets you identify the rule, to manage and use it.
- QType string
- The query type you want the rule to evaluate. Additional details can be found here
- action String
- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values:
ALLOW
,BLOCK
,ALERT
. - firewall
Domain StringList Id - The ID of the domain list that you want to use in the rule.
- firewall
Rule StringGroup Id - The unique identifier of the firewall rule group where you want to create the rule.
- priority Integer
- The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
- block
Override StringDns Type - The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values:
CNAME
. - block
Override StringDomain - The custom DNS record to send back in response to the query.
- block
Override IntegerTtl - The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
- block
Response String - The way that you want DNS Firewall to block the request. Valid values:
NODATA
,NXDOMAIN
,OVERRIDE
. - firewall
Domain StringRedirection Action - Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are
INSPECT_REDIRECTION_DOMAIN
andTRUST_REDIRECTION_DOMAIN
. Default value isINSPECT_REDIRECTION_DOMAIN
. - name String
- A name that lets you identify the rule, to manage and use it.
- q
Type String - The query type you want the rule to evaluate. Additional details can be found here
- action string
- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values:
ALLOW
,BLOCK
,ALERT
. - firewall
Domain stringList Id - The ID of the domain list that you want to use in the rule.
- firewall
Rule stringGroup Id - The unique identifier of the firewall rule group where you want to create the rule.
- priority number
- The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
- block
Override stringDns Type - The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values:
CNAME
. - block
Override stringDomain - The custom DNS record to send back in response to the query.
- block
Override numberTtl - The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
- block
Response string - The way that you want DNS Firewall to block the request. Valid values:
NODATA
,NXDOMAIN
,OVERRIDE
. - firewall
Domain stringRedirection Action - Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are
INSPECT_REDIRECTION_DOMAIN
andTRUST_REDIRECTION_DOMAIN
. Default value isINSPECT_REDIRECTION_DOMAIN
. - name string
- A name that lets you identify the rule, to manage and use it.
- q
Type string - The query type you want the rule to evaluate. Additional details can be found here
- action str
- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values:
ALLOW
,BLOCK
,ALERT
. - firewall_
domain_ strlist_ id - The ID of the domain list that you want to use in the rule.
- firewall_
rule_ strgroup_ id - The unique identifier of the firewall rule group where you want to create the rule.
- priority int
- The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
- block_
override_ strdns_ type - The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values:
CNAME
. - block_
override_ strdomain - The custom DNS record to send back in response to the query.
- block_
override_ intttl - The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
- block_
response str - The way that you want DNS Firewall to block the request. Valid values:
NODATA
,NXDOMAIN
,OVERRIDE
. - firewall_
domain_ strredirection_ action - Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are
INSPECT_REDIRECTION_DOMAIN
andTRUST_REDIRECTION_DOMAIN
. Default value isINSPECT_REDIRECTION_DOMAIN
. - name str
- A name that lets you identify the rule, to manage and use it.
- q_
type str - The query type you want the rule to evaluate. Additional details can be found here
- action String
- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values:
ALLOW
,BLOCK
,ALERT
. - firewall
Domain StringList Id - The ID of the domain list that you want to use in the rule.
- firewall
Rule StringGroup Id - The unique identifier of the firewall rule group where you want to create the rule.
- priority Number
- The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
- block
Override StringDns Type - The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values:
CNAME
. - block
Override StringDomain - The custom DNS record to send back in response to the query.
- block
Override NumberTtl - The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
- block
Response String - The way that you want DNS Firewall to block the request. Valid values:
NODATA
,NXDOMAIN
,OVERRIDE
. - firewall
Domain StringRedirection Action - Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are
INSPECT_REDIRECTION_DOMAIN
andTRUST_REDIRECTION_DOMAIN
. Default value isINSPECT_REDIRECTION_DOMAIN
. - name String
- A name that lets you identify the rule, to manage and use it.
- q
Type String - The query type you want the rule to evaluate. Additional details can be found here
Outputs
All input properties are implicitly available as output properties. Additionally, the ResolverFirewallRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ResolverFirewallRule Resource
Get an existing ResolverFirewallRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ResolverFirewallRuleState, opts?: CustomResourceOptions): ResolverFirewallRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
block_override_dns_type: Optional[str] = None,
block_override_domain: Optional[str] = None,
block_override_ttl: Optional[int] = None,
block_response: Optional[str] = None,
firewall_domain_list_id: Optional[str] = None,
firewall_domain_redirection_action: Optional[str] = None,
firewall_rule_group_id: Optional[str] = None,
name: Optional[str] = None,
priority: Optional[int] = None,
q_type: Optional[str] = None) -> ResolverFirewallRule
func GetResolverFirewallRule(ctx *Context, name string, id IDInput, state *ResolverFirewallRuleState, opts ...ResourceOption) (*ResolverFirewallRule, error)
public static ResolverFirewallRule Get(string name, Input<string> id, ResolverFirewallRuleState? state, CustomResourceOptions? opts = null)
public static ResolverFirewallRule get(String name, Output<String> id, ResolverFirewallRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values:
ALLOW
,BLOCK
,ALERT
. - Block
Override stringDns Type - The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values:
CNAME
. - Block
Override stringDomain - The custom DNS record to send back in response to the query.
- Block
Override intTtl - The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
- Block
Response string - The way that you want DNS Firewall to block the request. Valid values:
NODATA
,NXDOMAIN
,OVERRIDE
. - Firewall
Domain stringList Id - The ID of the domain list that you want to use in the rule.
- Firewall
Domain stringRedirection Action - Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are
INSPECT_REDIRECTION_DOMAIN
andTRUST_REDIRECTION_DOMAIN
. Default value isINSPECT_REDIRECTION_DOMAIN
. - Firewall
Rule stringGroup Id - The unique identifier of the firewall rule group where you want to create the rule.
- Name string
- A name that lets you identify the rule, to manage and use it.
- Priority int
- The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
- QType string
- The query type you want the rule to evaluate. Additional details can be found here
- Action string
- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values:
ALLOW
,BLOCK
,ALERT
. - Block
Override stringDns Type - The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values:
CNAME
. - Block
Override stringDomain - The custom DNS record to send back in response to the query.
- Block
Override intTtl - The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
- Block
Response string - The way that you want DNS Firewall to block the request. Valid values:
NODATA
,NXDOMAIN
,OVERRIDE
. - Firewall
Domain stringList Id - The ID of the domain list that you want to use in the rule.
- Firewall
Domain stringRedirection Action - Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are
INSPECT_REDIRECTION_DOMAIN
andTRUST_REDIRECTION_DOMAIN
. Default value isINSPECT_REDIRECTION_DOMAIN
. - Firewall
Rule stringGroup Id - The unique identifier of the firewall rule group where you want to create the rule.
- Name string
- A name that lets you identify the rule, to manage and use it.
- Priority int
- The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
- QType string
- The query type you want the rule to evaluate. Additional details can be found here
- action String
- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values:
ALLOW
,BLOCK
,ALERT
. - block
Override StringDns Type - The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values:
CNAME
. - block
Override StringDomain - The custom DNS record to send back in response to the query.
- block
Override IntegerTtl - The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
- block
Response String - The way that you want DNS Firewall to block the request. Valid values:
NODATA
,NXDOMAIN
,OVERRIDE
. - firewall
Domain StringList Id - The ID of the domain list that you want to use in the rule.
- firewall
Domain StringRedirection Action - Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are
INSPECT_REDIRECTION_DOMAIN
andTRUST_REDIRECTION_DOMAIN
. Default value isINSPECT_REDIRECTION_DOMAIN
. - firewall
Rule StringGroup Id - The unique identifier of the firewall rule group where you want to create the rule.
- name String
- A name that lets you identify the rule, to manage and use it.
- priority Integer
- The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
- q
Type String - The query type you want the rule to evaluate. Additional details can be found here
- action string
- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values:
ALLOW
,BLOCK
,ALERT
. - block
Override stringDns Type - The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values:
CNAME
. - block
Override stringDomain - The custom DNS record to send back in response to the query.
- block
Override numberTtl - The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
- block
Response string - The way that you want DNS Firewall to block the request. Valid values:
NODATA
,NXDOMAIN
,OVERRIDE
. - firewall
Domain stringList Id - The ID of the domain list that you want to use in the rule.
- firewall
Domain stringRedirection Action - Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are
INSPECT_REDIRECTION_DOMAIN
andTRUST_REDIRECTION_DOMAIN
. Default value isINSPECT_REDIRECTION_DOMAIN
. - firewall
Rule stringGroup Id - The unique identifier of the firewall rule group where you want to create the rule.
- name string
- A name that lets you identify the rule, to manage and use it.
- priority number
- The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
- q
Type string - The query type you want the rule to evaluate. Additional details can be found here
- action str
- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values:
ALLOW
,BLOCK
,ALERT
. - block_
override_ strdns_ type - The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values:
CNAME
. - block_
override_ strdomain - The custom DNS record to send back in response to the query.
- block_
override_ intttl - The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
- block_
response str - The way that you want DNS Firewall to block the request. Valid values:
NODATA
,NXDOMAIN
,OVERRIDE
. - firewall_
domain_ strlist_ id - The ID of the domain list that you want to use in the rule.
- firewall_
domain_ strredirection_ action - Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are
INSPECT_REDIRECTION_DOMAIN
andTRUST_REDIRECTION_DOMAIN
. Default value isINSPECT_REDIRECTION_DOMAIN
. - firewall_
rule_ strgroup_ id - The unique identifier of the firewall rule group where you want to create the rule.
- name str
- A name that lets you identify the rule, to manage and use it.
- priority int
- The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
- q_
type str - The query type you want the rule to evaluate. Additional details can be found here
- action String
- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values:
ALLOW
,BLOCK
,ALERT
. - block
Override StringDns Type - The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values:
CNAME
. - block
Override StringDomain - The custom DNS record to send back in response to the query.
- block
Override NumberTtl - The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
- block
Response String - The way that you want DNS Firewall to block the request. Valid values:
NODATA
,NXDOMAIN
,OVERRIDE
. - firewall
Domain StringList Id - The ID of the domain list that you want to use in the rule.
- firewall
Domain StringRedirection Action - Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are
INSPECT_REDIRECTION_DOMAIN
andTRUST_REDIRECTION_DOMAIN
. Default value isINSPECT_REDIRECTION_DOMAIN
. - firewall
Rule StringGroup Id - The unique identifier of the firewall rule group where you want to create the rule.
- name String
- A name that lets you identify the rule, to manage and use it.
- priority Number
- The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
- q
Type String - The query type you want the rule to evaluate. Additional details can be found here
Import
Using pulumi import
, import Route 53 Resolver DNS Firewall rules using the Route 53 Resolver DNS Firewall rule group ID and domain list ID separated by ‘:’. For example:
$ pulumi import aws:route53/resolverFirewallRule:ResolverFirewallRule example rslvr-frg-0123456789abcdef:rslvr-fdl-0123456789abcdef
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.