AWS Route 53 Recovery Control Recoverycontrolconfig Safety Rule

This page shows how to write Terraform and CloudFormation for Route 53 Recovery Control Recoverycontrolconfig Safety Rule and write them securely.

aws_route53recoverycontrolconfig_safety_rule (Terraform)

The Recoverycontrolconfig Safety Rule in Route 53 Recovery Control can be configured in Terraform with the resource name aws_route53recoverycontrolconfig_safety_rule. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.


The following arguments are supported:

  • control_panel_arn - (Required) ARN of the control panel in which this safety rule will reside.
  • name - (Required) Name describing the safety rule.
  • rule_config - (Required) Configuration block for safety rule criteria. See below.
  • wait_period_ms - (Required) Evaluation period, in milliseconds (ms), during which any request against the target routing controls will fail.

The following arguments are optional:

  • asserted_controls - (Optional) Routing controls that are part of transactions that are evaluated to determine if a request to change a routing control state is allowed.
  • gating_controls - (Optional) Gating controls for the new gating rule. That is, routing controls that are evaluated by the rule configuration that you specify.
  • target_controls - (Optional) Routing controls that can only be set or unset if the specified rule_config evaluates to true for the specified gating_controls.


  • inverted - (Required) Logical negation of the rule.
  • threshold - (Required) Number of controls that must be set when you specify an ATLEAST type rule.
  • type - (Required) Rule type. Valid values are ATLEAST, AND, and OR.

In addition to all arguments above, the following attributes are exported:

  • arn - ARN of the safety rule.
  • status - Status of the safety rule. PENDING when it is being created/updated, PENDING_DELETION when it is being deleted, and DEPLOYED otherwise.

Explanation in Terraform Registry

Provides an AWS Route 53 Recovery Control Config Safety Rule

AWS::Route53RecoveryControl::SafetyRule (CloudFormation)

The SafetyRule in Route53RecoveryControl can be configured in CloudFormation with the resource name AWS::Route53RecoveryControl::SafetyRule. The following sections describe how to use the resource and its parameters.


AssertionRule An assertion rule enforces that, when you change a routing control state, that the criteria that you set in the rule configuration is met. Otherwise, the change to the routing control is not accepted. For example, the criteria might be that at least one routing control state is On after the transation so that traffic continues to flow to at least one cell for the application. This ensures that you avoid a fail-open scenario.
Required: No
Type: AssertionRule
Update requires: No interruption

ControlPanelArn The Amazon Resource Name (ARN) for the control panel.
Required: Yes
Type: String
Update requires: Replacement

GatingRule A gating rule verifies that a gating routing control or set of gating rounting controls, evaluates as true, based on a rule configuration that you specify, which allows a set of routing control state changes to complete.
For example, if you specify one gating routing control and you set the Type in the rule configuration to OR, that indicates that you must set the gating routing control to On for the rule to evaluate as true; that is, for the gating control "switch" to be "On". When you do that, then you can update the routing control states for the target routing controls that you specify in the gating rule.
Required: No
Type: GatingRule
Update requires: No interruption

Name The name of the assertion rule. You can use any non-white space character in the name.
Required: Yes
Type: String
Update requires: No interruption

RuleConfig The criteria that you set for specific assertion controls (routing controls) that designate how many control states must be ON as the result of a transaction. For example, if you have three assertion controls, you might specify ATLEAST 2for your rule configuration. This means that at least two assertion controls must be ON, so that at least two AWS Regions have traffic flowing to them.
Required: Yes
Type: RuleConfig
Update requires: Replacement

Tags Not currently supported by AWS CloudFormation.
Required: No
Type: List of Tag
Update requires: Replacement

Explanation in CloudFormation Registry

List the safety rules (the assertion rules and gating rules) that you've defined for the routing controls in a control panel.

Frequently asked questions

What is AWS Route 53 Recovery Control Recoverycontrolconfig Safety Rule?

AWS Route 53 Recovery Control Recoverycontrolconfig Safety Rule is a resource for Route 53 Recovery Control of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.