AWS::Route53GlobalResolver::FirewallRule - Amazon CloudFormation
SyntaxPropertiesReturn values
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::Route53GlobalResolver::FirewallRule

Creates a DNS firewall rule. Firewall rules define actions (ALLOW, BLOCK, or ALERT) to take on DNS queries that match specified domain lists, managed domain lists, or advanced threat protections.

Important

Route 53 Global Resolver is a global service that supports resolvers in multiple Amazon Web Services Regions but you must specify the US East (Ohio) Region to create, update, or otherwise work with Route 53 Global Resolver resources. That is, for example, specify --region us-east-2 on Amazon CLI commands.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Route53GlobalResolver::FirewallRule",
  "Properties" : {
      "Action" : String,
      "BlockOverrideDnsType" : String,
      "BlockOverrideDomain" : String,
      "BlockOverrideTtl" : Integer,
      "BlockResponse" : String,
      "ClientToken" : String,
      "ConfidenceThreshold" : String,
      "Description" : String,
      "DnsAdvancedProtection" : String,
      "DnsViewId" : String,
      "FirewallDomainListId" : String,
      "Name" : String,
      "Priority" : Integer,
      "QType" : String
    }
}

YAML

Type: AWS::Route53GlobalResolver::FirewallRule
Properties:
  Action: String
  BlockOverrideDnsType: String
  BlockOverrideDomain: String
  BlockOverrideTtl: Integer
  BlockResponse: String
  ClientToken: String
  ConfidenceThreshold: String
  Description: String
  DnsAdvancedProtection: String
  DnsViewId: String
  FirewallDomainListId: String
  Name: String
  Priority: Integer
  QType: String

Properties

Action

The action configured for the updated firewall rule.

Required: Yes

Type: String

Allowed values: ALLOW | ALERT | BLOCK

Update requires: No interruption

BlockOverrideDnsType

The DNS record type configured for the updated firewall rule's custom response.

Required: No

Type: String

Allowed values: CNAME

Update requires: No interruption

BlockOverrideDomain

The custom domain name configured for the updated firewall rule's BLOCK response.

Required: No

Type: String

Pattern: \*?[-a-zA-Z0-9.]+

Minimum: 1

Maximum: 256

Update requires: No interruption

BlockOverrideTtl

The TTL value configured for the updated firewall rule's custom response.

Required: No

Type: Integer

Minimum: 0

Maximum: 604800

Update requires: No interruption

BlockResponse

The type of block response configured for the updated firewall rule.

Required: No

Type: String

Allowed values: NODATA | NXDOMAIN | OVERRIDE

Update requires: No interruption

ClientToken

The unique string that identified the request and ensured idempotency.

Required: No

Type: String

Minimum: 1

Maximum: 256

Update requires: Replacement

ConfidenceThreshold

The confidence threshold configured for the updated firewall rule's advanced threat detection.

Required: No

Type: String

Allowed values: LOW | MEDIUM | HIGH

Update requires: No interruption

Description

The description of the updated firewall rule.

Required: No

Type: String

Minimum: 1

Maximum: 256

Update requires: No interruption

DnsAdvancedProtection

Whether advanced DNS threat protection is enabled for the updated firewall rule.

Required: No

Type: String

Allowed values: DGA | DNS_TUNNELING | DICTIONARY_DGA

Update requires: No interruption

DnsViewId

The ID of the DNS view associated with the updated firewall rule.

Required: Yes

Type: String

Minimum: 1

Maximum: 64

Update requires: Replacement

FirewallDomainListId

The ID of the firewall domain list associated with the updated firewall rule.

Required: No

Type: String

Minimum: 1

Maximum: 64

Update requires: Replacement

Name

The name of the updated firewall rule.

Required: Yes

Type: String

Pattern: (?!^[0-9]+$)([a-zA-Z0-9-_' ']+)

Minimum: 1

Maximum: 64

Update requires: No interruption

Priority

The priority of the updated firewall rule.

Required: No

Type: Integer

Minimum: 1

Maximum: 10000

Update requires: No interruption

QType

The DNS query type that the firewall rule should match.

Required: No

Type: String

Minimum: 0

Maximum: 16

Update requires: Replacement

Return values

Ref

Fn::GetAtt

CreatedAt

The date and time when the firewall rule was originally created.

FirewallRuleId

The unique identifier of the firewall rule to update.

QueryType

The DNS query type that the updated firewall rule matches.

Status

The current status of the updated firewall rule.

UpdatedAt

The date and time when the firewall rule was last updated.