CreateResolverEndpoint - Amazon Route 53
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Creates a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound:

  • An inbound Resolver endpoint forwards DNS queries to the DNS service for a VPC from your network.

  • An outbound Resolver endpoint forwards DNS queries from the DNS service for a VPC to your network.

Request Syntax

{ "CreatorRequestId": "string", "Direction": "string", "IpAddresses": [ { "Ip": "string", "Ipv6": "string", "SubnetId": "string" } ], "Name": "string", "ResolverEndpointType": "string", "SecurityGroupIds": [ "string" ], "Tags": [ { "Key": "string", "Value": "string" } ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 255.

Required: Yes


Specify the applicable value:

  • INBOUND: Resolver forwards DNS queries to the DNS service for a VPC from your network

  • OUTBOUND: Resolver forwards DNS queries from the DNS service for a VPC to your network

Type: String


Required: Yes


The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC.

Type: Array of IpAddressRequest objects

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Required: Yes


A friendly name that lets you easily find a configuration in the Resolver dashboard in the Route 53 console.

Type: String

Length Constraints: Maximum length of 64.

Pattern: (?!^[0-9]+$)([a-zA-Z0-9\-_' ']+)

Required: No


For the endpoint type you can choose either IPv4, IPv6, or dual-stack. A dual-stack endpoint means that it will resolve via both IPv4 and IPv6. This endpoint type is applied to all IP addresses.

Type: String

Valid Values: IPV6 | IPV4 | DUALSTACK

Required: No


The ID of one or more security groups that you want to use to control access to this VPC. The security group that you specify must include one or more inbound rules (for inbound Resolver endpoints) or outbound rules (for outbound Resolver endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 64.

Required: Yes


A list of the tag keys and values that you want to associate with the endpoint.

Type: Array of Tag objects

Array Members: Maximum number of 200 items.

Required: No

Response Syntax

{ "ResolverEndpoint": { "Arn": "string", "CreationTime": "string", "CreatorRequestId": "string", "Direction": "string", "HostVPCId": "string", "Id": "string", "IpAddressCount": number, "ModificationTime": "string", "Name": "string", "ResolverEndpointType": "string", "SecurityGroupIds": [ "string" ], "Status": "string", "StatusMessage": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


Information about the CreateResolverEndpoint request, including the status of the request.

Type: ResolverEndpoint object


For information about the errors that are common to all actions, see Common Errors.


We encountered an unknown error. Try again in a few minutes.

HTTP Status Code: 400


One or more parameters in this request are not valid.

HTTP Status Code: 400


The request is invalid.

HTTP Status Code: 400


The request caused one or more limits to be exceeded.

HTTP Status Code: 400


The resource that you tried to create already exists.

HTTP Status Code: 400


The specified resource doesn't exist.

HTTP Status Code: 400


The request was throttled. Try again in a few minutes.

HTTP Status Code: 400


CreateResolverEndpoint Example

This example illustrates one usage of CreateResolverEndpoint.

Sample Request

POST / HTTP/1.1 Host: Accept-Encoding: identity Content-Length: 283 X-Amz-Target: Route53Resolver.CreateResolverEndpoint X-Amz-Date: 20181101T191344Z User-Agent: aws-cli/1.16.45 Python/2.7.10 Darwin/16.7.0 botocore/1.12.35 Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256 Credential=AKIAJJ2SONIPEXAMPLE/20181101/us-east-2/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=[calculated-signature] { "Direction": "OUTBOUND", "Name": "MyOutbound", "Tags": [ { "Key": "LineOfBusiness", "Value": "Engineering" } ], "CreatorRequestId": "5678", "SecurityGroupIds": [ "sg-071b99f42example" ], "IpAddresses": [ { "SubnetId": "subnet-0bca4d363dexample" }, { "SubnetId": "subnet-0bca4d363dexample" } ] }

Sample Response

HTTP/1.1 200 OK Date: Thu, 01 Nov 2018 19:13:44 GMT Content-Type: application/x-amz-json-1.1 Content-Length: 531 x-amzn-RequestId: 08afd081-9d67-4281-a277-b3880example Connection: keep-alive { "ResolverEndpoint": { "Arn": "arn:aws:route53resolver:us-east-2:123456789012:resolver-endpoint/rslvr-out-fdc049932dexample", "CreationTime": "2018-11-01T19:13:44.830Z", "CreatorRequestId": "5678", "Direction": "OUTBOUND", "HostVPCId": "vpc-0dd415a0edexample", "Id": "rslvr-out-fdc049932dexample", "IpAddressCount": 2, "ModificationTime": "2018-11-01T19:13:44.830Z", "Name": "MyOutbound", "SecurityGroupIds": [ "sg-071b99f42example" ], "Status": "CREATING", "StatusMessage": "[Trace id: 1-5bdb5068-e0bdc4d232b1a3fe9c344c10] Creating the Resolver Endpoint" } }

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: