Resolver
data class ResolverFirewallRuleArgs(val action: Output<String>? = null, val blockOverrideDnsType: Output<String>? = null, val blockOverrideDomain: Output<String>? = null, val blockOverrideTtl: Output<Int>? = null, val blockResponse: Output<String>? = null, val firewallDomainListId: Output<String>? = null, val firewallDomainRedirectionAction: Output<String>? = null, val firewallRuleGroupId: Output<String>? = null, val name: Output<String>? = null, val priority: Output<Int>? = null, val qType: Output<String>? = null) : ConvertibleToJava<ResolverFirewallRuleArgs>
Provides a Route 53 Resolver DNS Firewall rule resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.route53.ResolverFirewallDomainList("example", {
name: "example",
domains: ["example.com"],
tags: {},
});
const exampleResolverFirewallRuleGroup = new aws.route53.ResolverFirewallRuleGroup("example", {
name: "example",
tags: {},
});
const exampleResolverFirewallRule = new aws.route53.ResolverFirewallRule("example", {
name: "example",
action: "BLOCK",
blockOverrideDnsType: "CNAME",
blockOverrideDomain: "example.com",
blockOverrideTtl: 1,
blockResponse: "OVERRIDE",
firewallDomainListId: example.id,
firewallRuleGroupId: exampleResolverFirewallRuleGroup.id,
priority: 100,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.route53.ResolverFirewallDomainList("example",
name="example",
domains=["example.com"],
tags={})
example_resolver_firewall_rule_group = aws.route53.ResolverFirewallRuleGroup("example",
name="example",
tags={})
example_resolver_firewall_rule = aws.route53.ResolverFirewallRule("example",
name="example",
action="BLOCK",
block_override_dns_type="CNAME",
block_override_domain="example.com",
block_override_ttl=1,
block_response="OVERRIDE",
firewall_domain_list_id=example.id,
firewall_rule_group_id=example_resolver_firewall_rule_group.id,
priority=100)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Route53.ResolverFirewallDomainList("example", new()
{
Name = "example",
Domains = new[]
{
"example.com",
},
Tags = null,
});
var exampleResolverFirewallRuleGroup = new Aws.Route53.ResolverFirewallRuleGroup("example", new()
{
Name = "example",
Tags = null,
});
var exampleResolverFirewallRule = new Aws.Route53.ResolverFirewallRule("example", new()
{
Name = "example",
Action = "BLOCK",
BlockOverrideDnsType = "CNAME",
BlockOverrideDomain = "example.com",
BlockOverrideTtl = 1,
BlockResponse = "OVERRIDE",
FirewallDomainListId = example.Id,
FirewallRuleGroupId = exampleResolverFirewallRuleGroup.Id,
Priority = 100,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := route53.NewResolverFirewallDomainList(ctx, "example", &route53.ResolverFirewallDomainListArgs{
Name: pulumi.String("example"),
Domains: pulumi.StringArray{
pulumi.String("example.com"),
},
Tags: pulumi.StringMap{},
})
if err != nil {
return err
}
exampleResolverFirewallRuleGroup, err := route53.NewResolverFirewallRuleGroup(ctx, "example", &route53.ResolverFirewallRuleGroupArgs{
Name: pulumi.String("example"),
Tags: pulumi.StringMap{},
})
if err != nil {
return err
}
_, err = route53.NewResolverFirewallRule(ctx, "example", &route53.ResolverFirewallRuleArgs{
Name: pulumi.String("example"),
Action: pulumi.String("BLOCK"),
BlockOverrideDnsType: pulumi.String("CNAME"),
BlockOverrideDomain: pulumi.String("example.com"),
BlockOverrideTtl: pulumi.Int(1),
BlockResponse: pulumi.String("OVERRIDE"),
FirewallDomainListId: example.ID(),
FirewallRuleGroupId: exampleResolverFirewallRuleGroup.ID(),
Priority: pulumi.Int(100),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.route53.ResolverFirewallDomainList;
import com.pulumi.aws.route53.ResolverFirewallDomainListArgs;
import com.pulumi.aws.route53.ResolverFirewallRuleGroup;
import com.pulumi.aws.route53.ResolverFirewallRuleGroupArgs;
import com.pulumi.aws.route53.ResolverFirewallRule;
import com.pulumi.aws.route53.ResolverFirewallRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResolverFirewallDomainList("example", ResolverFirewallDomainListArgs.builder()
.name("example")
.domains("example.com")
.tags(Map.ofEntries(
))
.build());
var exampleResolverFirewallRuleGroup = new ResolverFirewallRuleGroup("exampleResolverFirewallRuleGroup", ResolverFirewallRuleGroupArgs.builder()
.name("example")
.tags(Map.ofEntries(
))
.build());
var exampleResolverFirewallRule = new ResolverFirewallRule("exampleResolverFirewallRule", ResolverFirewallRuleArgs.builder()
.name("example")
.action("BLOCK")
.blockOverrideDnsType("CNAME")
.blockOverrideDomain("example.com")
.blockOverrideTtl(1)
.blockResponse("OVERRIDE")
.firewallDomainListId(example.id())
.firewallRuleGroupId(exampleResolverFirewallRuleGroup.id())
.priority(100)
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:route53:ResolverFirewallDomainList
properties:
name: example
domains:
- example.com
tags: {}
exampleResolverFirewallRuleGroup:
type: aws:route53:ResolverFirewallRuleGroup
name: example
properties:
name: example
tags: {}
exampleResolverFirewallRule:
type: aws:route53:ResolverFirewallRule
name: example
properties:
name: example
action: BLOCK
blockOverrideDnsType: CNAME
blockOverrideDomain: example.com
blockOverrideTtl: 1
blockResponse: OVERRIDE
firewallDomainListId: ${example.id}
firewallRuleGroupId: ${exampleResolverFirewallRuleGroup.id}
priority: 100Content copied to clipboard
Import
Using pulumi import, import Route 53 Resolver DNS Firewall rules using the Route 53 Resolver DNS Firewall rule group ID and domain list ID separated by ':'. For example:
$ pulumi import aws:route53/resolverFirewallRule:ResolverFirewallRule example rslvr-frg-0123456789abcdef:rslvr-fdl-0123456789abcdefContent copied to clipboard
Constructors
Link copied to clipboard
constructor(action: Output<String>? = null, blockOverrideDnsType: Output<String>? = null, blockOverrideDomain: Output<String>? = null, blockOverrideTtl: Output<Int>? = null, blockResponse: Output<String>? = null, firewallDomainListId: Output<String>? = null, firewallDomainRedirectionAction: Output<String>? = null, firewallRuleGroupId: Output<String>? = null, name: Output<String>? = null, priority: Output<Int>? = null, qType: Output<String>? = null)
Properties
Link copied to clipboard
The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.
Link copied to clipboard
The custom DNS record to send back in response to the query.
Link copied to clipboard
The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
Link copied to clipboard
The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.
Link copied to clipboard
The ID of the domain list that you want to use in the rule.
Link copied to clipboard
Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are INSPECT_REDIRECTION_DOMAIN and TRUST_REDIRECTION_DOMAIN. Default value is INSPECT_REDIRECTION_DOMAIN.
Link copied to clipboard
The unique identifier of the firewall rule group where you want to create the rule.