AWS Route 53 Resolver Query Log Config Association

This page shows how to write Terraform and CloudFormation for Route 53 Resolver Query Log Config Association and write them securely.

aws_route53_resolver_query_log_config_association (Terraform)

The Query Log Config Association in Route 53 Resolver can be configured in Terraform with the resource name aws_route53_resolver_query_log_config_association. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L11
resource "aws_route53_resolver_query_log_config_association" "selected_vpc" {
  for_each = local.vpcs
  resource_id = each.value
  resolver_query_log_config_id = var.query_log_config_id
}

route53.tf#L8
resource "aws_route53_resolver_query_log_config_association" "this" {
  resolver_query_log_config_id = aws_route53_resolver_query_log_config.this.id
  resource_id                  = var.vpc_id
}
route53_resolver_query_log_config_association.tf#L4
resource "aws_route53_resolver_query_log_config_association" "route53_resolver_query_log_config_association" {
  count = var.enable_route53_resolver_query_log_config_association ? 1 : 0

  resolver_query_log_config_id = var.route53_resolver_query_log_config_association_resolver_query_log_config_id != "" ? var.route53_resolver_query_log_config_association_resolver_query_log_config_id : (var.enable_route53_resolver_query_log_config ? aws_route53_resolver_query_log_config.route53_resolver_query_log_config.0.id : null)
  resource_id                  = var.route53_resolver_query_log_config_association_resource_id

route53_resolver_query_log_config_association.tf#L4
resource "aws_route53_resolver_query_log_config_association" "route53_resolver_query_log_config_association" {
  count = var.enable_route53_resolver_query_log_config_association ? 1 : 0

  resolver_query_log_config_id = var.route53_resolver_query_log_config_association_resolver_query_log_config_id != "" ? var.route53_resolver_query_log_config_association_resolver_query_log_config_id : (var.enable_route53_resolver_query_log_config ? aws_route53_resolver_query_log_config.route53_resolver_query_log_config.0.id : null)
  resource_id                  = var.route53_resolver_query_log_config_association_resource_id

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides a Route 53 Resolver query logging configuration association resource.

AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation (CloudFormation)

The ResolverQueryLoggingConfigAssociation in Route53Resolver can be configured in CloudFormation with the resource name AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation. The following sections describe 7 examples of how to use the resource and its parameters.

Example Usage from GitHub

vpc.cfn.yml#L300
    Type: AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation
    Properties:
      ResolverQueryLogConfigId: !Ref ResolverQueryLoggingConfig
      ResourceId: !Ref Vpc

  #================
route53-resolver-logs.yml#L24
    Type: AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation
    Properties:
      ResolverQueryLogConfigId: !Ref LoggingConfig
query_logging.yml#L10
    Type: "AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation"
    Properties:
      ResolverQueryLogConfigId:
        Fn::GetAtt:
          - "Route53QueryLoggingConfig"
          - "Id"
hybrid-dns.yaml#L902
    Type: AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation
    Properties:
      ResolverQueryLogConfigId: !Ref ResolverQueryLoggingConfig
      ResourceId: !Ref ServicesVPC

  # iam
WorkshopStack.yaml#L461
    Type: AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation
    Properties:
      ResolverQueryLogConfigId:
        Fn::GetAtt:
          - DNSLogs
          - Id
awsResouceIconMatches.json#L649
        "resourceType": "AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation",
        "filePath": null
      },
      {
        "resourceType": "AWS::Route53Resolver::ResolverRule",
        "filePath": null
template.json#L1319
    "AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation": {
      "Type": "AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation",
      "Properties": {}
    },
    "AWS::GlobalAccelerator::Listener": {
      "Type": "AWS::GlobalAccelerator::Listener",

Parameters

Explanation in CloudFormation Registry

The AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation resource is a configuration for DNS query logging. After you create a query logging configuration, Amazon Route 53 begins to publish log data to an Amazon CloudWatch Logs log group.

Frequently asked questions

What is AWS Route 53 Resolver Query Log Config Association?

AWS Route 53 Resolver Query Log Config Association is a resource for Route 53 Resolver of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Route 53 Resolver Query Log Config Association?

For Terraform, the valtix-security/Enable_DNS_VPC_Logs, ministryofjustice/hmpps-ems-platform-terraform-modules and asrkata/SebastianUA-terraform source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the arhs/spikeseed-cloud-labs, andrewkrug/securing-the-cloud-supplemental and mobious999/Cloudformation source code examples are useful. See the CloudFormation Example section for further details.