Resolver
Provides a Route 53 Resolver DNS Firewall rule resource.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.route53.ResolverFirewallDomainList;
import com.pulumi.aws.route53.ResolverFirewallDomainListArgs;
import com.pulumi.aws.route53.ResolverFirewallRuleGroup;
import com.pulumi.aws.route53.ResolverFirewallRuleGroupArgs;
import com.pulumi.aws.route53.ResolverFirewallRule;
import com.pulumi.aws.route53.ResolverFirewallRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResolverFirewallDomainList = new ResolverFirewallDomainList("exampleResolverFirewallDomainList", ResolverFirewallDomainListArgs.builder()
.domains("example.com")
.tags()
.build());
var exampleResolverFirewallRuleGroup = new ResolverFirewallRuleGroup("exampleResolverFirewallRuleGroup", ResolverFirewallRuleGroupArgs.builder()
.tags()
.build());
var exampleResolverFirewallRule = new ResolverFirewallRule("exampleResolverFirewallRule", ResolverFirewallRuleArgs.builder()
.action("BLOCK")
.blockOverrideDnsType("CNAME")
.blockOverrideDomain("example.com")
.blockOverrideTtl(1)
.blockResponse("OVERRIDE")
.firewallDomainListId(exampleResolverFirewallDomainList.id())
.firewallRuleGroupId(exampleResolverFirewallRuleGroup.id())
.priority(100)
.build());
}
}Import
Route 53 Resolver DNS Firewall rules can be imported using the Route 53 Resolver DNS Firewall rule group ID and domain list ID separated by ':', e.g.,
$ pulumi import aws:route53/resolverFirewallRule:ResolverFirewallRule example rslvr-frg-0123456789abcdef:rslvr-fdl-0123456789abcdefConstructors
Properties
The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
The custom DNS record to send back in response to the query.
The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
The ID of the domain list that you want to use in the rule.
The unique identifier of the firewall rule group where you want to create the rule.