AWS Route 53 Resolver Firewall Config

This page shows how to write Terraform and CloudFormation for Route 53 Resolver Firewall Config and write them securely.


Fix issues in your cloud & app configurations

Test for misconfigurations of this resource in your cloud.


Terraform Example (aws_route53_resolver_firewall_config)

Provides a Route 53 Resolver DNS Firewall config resource.


The following argument is supported:

  • resource_id - (Required) The ID of the VPC that the configuration is for.
  • firewall_fail_open - (Required) Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly. If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them. Valid values: ENABLED, DISABLED.

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the firewall configuration.
  • owner_id - The AWS account ID of the owner of the VPC that this firewall configuration applies to.

Example Usage (from GitHub)

An example could not be found in GitHub.

CloudFormation Example (AWS::Route53Resolver::FirewallRuleGroup)

High-level information for a firewall rule group. A firewall rule group is a collection of rules that DNS Firewall uses to filter DNS network traffic for a VPC. To retrieve the rules for the rule group, call ListFirewallRules.


Frequently asked questions

What is AWS Route 53 Resolver Firewall Config?

AWS Route 53 Resolver Firewall Config is a resource for Route 53 Resolver of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.