AWS Route 53 Resolver Firewall Config
This page shows how to write Terraform and CloudFormation for Route 53 Resolver Firewall Config and write them securely.
aws_route53_resolver_firewall_config (Terraform)
The Firewall Config in Route 53 Resolver can be configured in Terraform with the resource name aws_route53_resolver_firewall_config. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following argument is supported:
resource_id- (Required) The ID of the VPC that the configuration is for.firewall_fail_open- (Required) Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly. If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them. Valid values:ENABLED,DISABLED.
In addition to all arguments above, the following attributes are exported:
id- The ID of the firewall configuration.owner_id- The AWS account ID of the owner of the VPC that this firewall configuration applies to.
Explanation in Terraform Registry
Provides a Route 53 Resolver DNS Firewall config resource.
AWS::Route53Resolver::FirewallRuleGroup (CloudFormation)
The FirewallRuleGroup in Route53Resolver can be configured in CloudFormation with the resource name AWS::Route53Resolver::FirewallRuleGroup. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
"AWS::Route53Resolver::FirewallRuleGroupAssociation": {
"Type": "AWS::Route53Resolver::FirewallRuleGroupAssociation",
"Properties": {}
},
"AWS::NetworkFirewall::RuleGroup": {
"Type": "AWS::NetworkFirewall::RuleGroup",
"Type": "AWS::Route53Resolver::FirewallRuleGroup",
"Properties": {
"FirewallRules": [
{
"Action": "BLOCK",
"BlockResponse": "NODATA",
"Type": "AWS::Route53Resolver::FirewallRuleGroup",
"Properties": {
"FirewallRules": [
{
"Action": "BLOCK",
"BlockResponse": "NODATA",
"Type": "AWS::Route53Resolver::FirewallRuleGroup",
"Properties": {
"FirewallRules": [
{
"Action": "BLOCK",
"BlockResponse": "NODATA",
Parameters
-
Nameoptional - String -
FirewallRulesoptional - List of FirewallRule -
Tagsoptional - List of Tag
Explanation in CloudFormation Registry
High-level information for a firewall rule group. A firewall rule group is a collection of rules that DNS Firewall uses to filter DNS network traffic for a VPC. To retrieve the rules for the rule group, call ListFirewallRules.
Frequently asked questions
What is AWS Route 53 Resolver Firewall Config?
AWS Route 53 Resolver Firewall Config is a resource for Route 53 Resolver of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Route 53 Resolver Firewall Config?
For CloudFormation, the mhlabs/aws-icons-directory, aws/aws-cdk and manishmittal12/aws-cdk source code examples are useful. See the CloudFormation Example section for further details.
