We announced the upcoming end-of-support for AWS SDK for JavaScript v2.
We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.

Class: AWS.Route53Resolver

Inherits:
AWS.Service show all
Identifier:
route53resolver
API Version:
2018-04-01
Defined in:
(unknown)

Overview

Constructs a service interface object. Each API operation is exposed as a function on service.

Service Description

When you create a VPC using Amazon VPC, you automatically get DNS resolution within the VPC from Route 53 Resolver. By default, Resolver answers DNS queries for VPC domain names such as domain names for EC2 instances or Elastic Load Balancing load balancers. Resolver performs recursive lookups against public name servers for all other domain names.

You can also configure DNS resolution between your VPC and your network over a Direct Connect or VPN connection:

Forward DNS queries from resolvers on your network to Route 53 Resolver

DNS resolvers on your network can forward DNS queries to Resolver in a specified VPC. This allows your DNS resolvers to easily resolve domain names for Amazon Web Services resources such as EC2 instances or records in a Route 53 private hosted zone. For more information, see How DNS Resolvers on Your Network Forward DNS Queries to Route 53 Resolver in the Amazon Route 53 Developer Guide.

Conditionally forward queries from a VPC to resolvers on your network

You can configure Resolver to forward queries that it receives from EC2 instances in your VPCs to DNS resolvers on your network. To forward selected queries, you create Resolver rules that specify the domain names for the DNS queries that you want to forward (such as example.com), and the IP addresses of the DNS resolvers on your network that you want to forward the queries to. If a query matches multiple rules (example.com, acme.example.com), Resolver chooses the rule with the most specific match (acme.example.com) and forwards the query to the IP addresses that you specified in that rule. For more information, see How Route 53 Resolver Forwards DNS Queries from Your VPCs to Your Network in the Amazon Route 53 Developer Guide.

Like Amazon VPC, Resolver is Regional. In each Region where you have VPCs, you can choose whether to forward queries from your VPCs to your network (outbound queries), from your network to your VPCs (inbound queries), or both.

Sending a Request Using Route53Resolver

var route53resolver = new AWS.Route53Resolver();
route53resolver.associateFirewallRuleGroup(params, function (err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Locking the API Version

In order to ensure that the Route53Resolver object uses this specific API, you can construct the object by passing the apiVersion option to the constructor:

var route53resolver = new AWS.Route53Resolver({apiVersion: '2018-04-01'});

You can also set the API version globally in AWS.config.apiVersions using the route53resolver service identifier:

AWS.config.apiVersions = {
  route53resolver: '2018-04-01',
  // other service API versions
};

var route53resolver = new AWS.Route53Resolver();

Version:

  • 2018-04-01

Constructor Summary collapse

Property Summary collapse

Properties inherited from AWS.Service

apiVersions

Method Summary collapse

Methods inherited from AWS.Service

makeRequest, makeUnauthenticatedRequest, waitFor, setupRequestListeners, defineService

Constructor Details

new AWS.Route53Resolver(options = {}) ⇒ Object

Constructs a service object. This object has one method for each API operation.

Examples:

Constructing a Route53Resolver object

var route53resolver = new AWS.Route53Resolver({apiVersion: '2018-04-01'});

Options Hash (options):

  • params (map)

    An optional map of parameters to bind to every request sent by this service object. For more information on bound parameters, see "Working with Services" in the Getting Started Guide.

  • endpoint (String|AWS.Endpoint)

    The endpoint URI to send requests to. The default endpoint is built from the configured region. The endpoint should be a string like 'https://{service}.{region}.amazonaws.com' or an Endpoint object.

  • accessKeyId (String)

    your AWS access key ID.

  • secretAccessKey (String)

    your AWS secret access key.

  • sessionToken (AWS.Credentials)

    the optional AWS session token to sign requests with.

  • credentials (AWS.Credentials)

    the AWS credentials to sign requests with. You can either specify this object, or specify the accessKeyId and secretAccessKey options directly.

  • credentialProvider (AWS.CredentialProviderChain)

    the provider chain used to resolve credentials if no static credentials property is set.

  • region (String)

    the region to send service requests to. See AWS.Route53Resolver.region for more information.

  • maxRetries (Integer)

    the maximum amount of retries to attempt with a request. See AWS.Route53Resolver.maxRetries for more information.

  • maxRedirects (Integer)

    the maximum amount of redirects to follow with a request. See AWS.Route53Resolver.maxRedirects for more information.

  • sslEnabled (Boolean)

    whether to enable SSL for requests.

  • paramValidation (Boolean|map)

    whether input parameters should be validated against the operation description before sending the request. Defaults to true. Pass a map to enable any of the following specific validation features:

    • min [Boolean] — Validates that a value meets the min constraint. This is enabled by default when paramValidation is set to true.
    • max [Boolean] — Validates that a value meets the max constraint.
    • pattern [Boolean] — Validates that a string value matches a regular expression.
    • enum [Boolean] — Validates that a string value matches one of the allowable enum values.
  • computeChecksums (Boolean)

    whether to compute checksums for payload bodies when the service accepts it (currently supported in S3 only)

  • convertResponseTypes (Boolean)

    whether types are converted when parsing response data. Currently only supported for JSON based services. Turning this off may improve performance on large response payloads. Defaults to true.

  • correctClockSkew (Boolean)

    whether to apply a clock skew correction and retry requests that fail because of an skewed client clock. Defaults to false.

  • s3ForcePathStyle (Boolean)

    whether to force path style URLs for S3 objects.

  • s3BucketEndpoint (Boolean)

    whether the provided endpoint addresses an individual bucket (false if it addresses the root API endpoint). Note that setting this configuration option requires an endpoint to be provided explicitly to the service constructor.

  • s3DisableBodySigning (Boolean)

    whether S3 body signing should be disabled when using signature version v4. Body signing can only be disabled when using https. Defaults to true.

  • s3UsEast1RegionalEndpoint ('legacy'|'regional')

    when region is set to 'us-east-1', whether to send s3 request to global endpoints or 'us-east-1' regional endpoints. This config is only applicable to S3 client. Defaults to legacy

  • s3UseArnRegion (Boolean)

    whether to override the request region with the region inferred from requested resource's ARN. Only available for S3 buckets Defaults to true

  • retryDelayOptions (map)

    A set of options to configure the retry delay on retryable errors. Currently supported options are:

    • base [Integer] — The base number of milliseconds to use in the exponential backoff for operation retries. Defaults to 100 ms for all services except DynamoDB, where it defaults to 50ms.
    • customBackoff [function] — A custom function that accepts a retry count and error and returns the amount of time to delay in milliseconds. If the result is a non-zero negative value, no further retry attempts will be made. The base option will be ignored if this option is supplied. The function is only called for retryable errors.
  • httpOptions (map)

    A set of options to pass to the low-level HTTP request. Currently supported options are:

    • proxy [String] — the URL to proxy requests through
    • agent [http.Agent, https.Agent] — the Agent object to perform HTTP requests with. Used for connection pooling. Defaults to the global agent (http.globalAgent) for non-SSL connections. Note that for SSL connections, a special Agent object is used in order to enable peer certificate verification. This feature is only available in the Node.js environment.
    • connectTimeout [Integer] — Sets the socket to timeout after failing to establish a connection with the server after connectTimeout milliseconds. This timeout has no effect once a socket connection has been established.
    • timeout [Integer] — Sets the socket to timeout after timeout milliseconds of inactivity on the socket. Defaults to two minutes (120000).
    • xhrAsync [Boolean] — Whether the SDK will send asynchronous HTTP requests. Used in the browser environment only. Set to false to send requests synchronously. Defaults to true (async on).
    • xhrWithCredentials [Boolean] — Sets the "withCredentials" property of an XMLHttpRequest object. Used in the browser environment only. Defaults to false.
  • apiVersion (String, Date)

    a String in YYYY-MM-DD format (or a date) that represents the latest possible API version that can be used in all services (unless overridden by apiVersions). Specify 'latest' to use the latest possible version.

  • apiVersions (map<String, String|Date>)

    a map of service identifiers (the lowercase service class name) with the API version to use when instantiating a service. Specify 'latest' for each individual that can use the latest available version.

  • logger (#write, #log)

    an object that responds to .write() (like a stream) or .log() (like the console object) in order to log information about requests

  • systemClockOffset (Number)

    an offset value in milliseconds to apply to all signing times. Use this to compensate for clock skew when your system may be out of sync with the service time. Note that this configuration option can only be applied to the global AWS.config object and cannot be overridden in service-specific configuration. Defaults to 0 milliseconds.

  • signatureVersion (String)

    the signature version to sign requests with (overriding the API configuration). Possible values are: 'v2', 'v3', 'v4'.

  • signatureCache (Boolean)

    whether the signature to sign requests with (overriding the API configuration) is cached. Only applies to the signature version 'v4'. Defaults to true.

  • dynamoDbCrc32 (Boolean)

    whether to validate the CRC32 checksum of HTTP response bodies returned by DynamoDB. Default: true.

  • useAccelerateEndpoint (Boolean)

    Whether to use the S3 Transfer Acceleration endpoint with the S3 service. Default: false.

  • clientSideMonitoring (Boolean)

    whether to collect and publish this client's performance metrics of all its API requests.

  • endpointDiscoveryEnabled (Boolean|undefined)

    whether to call operations with endpoints given by service dynamically. Setting this

  • endpointCacheSize (Number)

    the size of the global cache storing endpoints from endpoint discovery operations. Once endpoint cache is created, updating this setting cannot change existing cache size. Defaults to 1000

  • hostPrefixEnabled (Boolean)

    whether to marshal request parameters to the prefix of hostname. Defaults to true.

  • stsRegionalEndpoints ('legacy'|'regional')

    whether to send sts request to global endpoints or regional endpoints. Defaults to 'legacy'.

  • useFipsEndpoint (Boolean)

    Enables FIPS compatible endpoints. Defaults to false.

  • useDualstackEndpoint (Boolean)

    Enables IPv6 dualstack endpoint. Defaults to false.

Property Details

endpointAWS.Endpoint (readwrite)

Returns an Endpoint object representing the endpoint URL for service requests.

Returns:

  • (AWS.Endpoint)

    an Endpoint object representing the endpoint URL for service requests.

Method Details

associateFirewallRuleGroup(params = {}, callback) ⇒ AWS.Request

Associates a FirewallRuleGroup with a VPC, to provide DNS filtering for the VPC.

Service Reference:

Examples:

Calling the associateFirewallRuleGroup operation

var params = {
  CreatorRequestId: 'STRING_VALUE', /* required */
  FirewallRuleGroupId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  Priority: 'NUMBER_VALUE', /* required */
  VpcId: 'STRING_VALUE', /* required */
  MutationProtection: ENABLED | DISABLED,
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
route53resolver.associateFirewallRuleGroup(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • CreatorRequestId — (String)

      A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp.

      If a token is not provided, the SDK will use a version 4 UUID.
    • FirewallRuleGroupId — (String)

      The unique identifier of the firewall rule group.

    • VpcId — (String)

      The unique identifier of the VPC that you want to associate with the rule group.

    • Priority — (Integer)

      The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting.

      You must specify a unique priority for each rule group that you associate with a single VPC. To make it easier to insert rule groups later, leave space between the numbers, for example, use 101, 200, and so on. You can change the priority setting for a rule group association after you create it.

      The allowed values for Priority are between 100 and 9900.

    • Name — (String)

      A name that lets you identify the association, to manage and use it.

    • MutationProtection — (String)

      If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections. When you create the association, the default setting is DISABLED.

      Possible values include:
      • "ENABLED"
      • "DISABLED"
    • Tags — (Array<map>)

      A list of the tag keys and values that you want to associate with the rule group association.

      • Keyrequired — (String)

        The name for the tag. For example, if you want to associate Resolver resources with the account IDs of your customers for billing purposes, the value of Key might be account-id.

      • Valuerequired — (String)

        The value for the tag. For example, if Key is account-id, then Value might be the ID of the customer account that you're creating the resource for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallRuleGroupAssociation — (map)

        The association that you just created. The association has an ID that you can use to identify it in other requests, like update and delete.

        • Id — (String)

          The identifier for the association.

        • Arn — (String)

          The Amazon Resource Name (ARN) of the firewall rule group association.

        • FirewallRuleGroupId — (String)

          The unique identifier of the firewall rule group.

        • VpcId — (String)

          The unique identifier of the VPC that is associated with the rule group.

        • Name — (String)

          The name of the association.

        • Priority — (Integer)

          The setting that determines the processing order of the rule group among the rule groups that are associated with a single VPC. DNS Firewall filters VPC traffic starting from rule group with the lowest numeric priority setting.

        • MutationProtection — (String)

          If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections.

          Possible values include:
          • "ENABLED"
          • "DISABLED"
        • ManagedOwnerName — (String)

          The owner of the association, used only for associations that are not managed by you. If you use Firewall Manager to manage your DNS Firewalls, then this reports Firewall Manager as the managed owner.

        • Status — (String)

          The current status of the association.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
        • StatusMessage — (String)

          Additional information about the status of the response, if available.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • CreationTime — (String)

          The date and time that the association was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the association was last modified, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

associateResolverEndpointIpAddress(params = {}, callback) ⇒ AWS.Request

Adds IP addresses to an inbound or an outbound Resolver endpoint. If you want to add more than one IP address, submit one AssociateResolverEndpointIpAddress request for each IP address.

To remove an IP address from an endpoint, see DisassociateResolverEndpointIpAddress.

Examples:

Calling the associateResolverEndpointIpAddress operation

var params = {
  IpAddress: { /* required */
    Ip: 'STRING_VALUE',
    IpId: 'STRING_VALUE',
    Ipv6: 'STRING_VALUE',
    SubnetId: 'STRING_VALUE'
  },
  ResolverEndpointId: 'STRING_VALUE' /* required */
};
route53resolver.associateResolverEndpointIpAddress(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverEndpointId — (String)

      The ID of the Resolver endpoint that you want to associate IP addresses with.

    • IpAddress — (map)

      Either the IPv4 address that you want to add to a Resolver endpoint or a subnet ID. If you specify a subnet ID, Resolver chooses an IP address for you from the available IPs in the specified subnet.

      • IpId — (String)

        Only when removing an IP address from a Resolver endpoint: The ID of the IP address that you want to remove. To get this ID, use GetResolverEndpoint.

      • SubnetId — (String)

        The ID of the subnet that includes the IP address that you want to update. To get this ID, use GetResolverEndpoint.

      • Ip — (String)

        The new IPv4 address.

      • Ipv6 — (String)

        The new IPv6 address.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverEndpoint — (map)

        The response to an AssociateResolverEndpointIpAddress request.

        • Id — (String)

          The ID of the Resolver endpoint.

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver endpoint.

        • Name — (String)

          The name that you assigned to the Resolver endpoint when you submitted a CreateResolverEndpoint request.

        • SecurityGroupIds — (Array<String>)

          The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

        • Direction — (String)

          Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:

          • INBOUND: allows DNS queries to your VPC from your network

          • OUTBOUND: allows DNS queries from your VPC to your network

          Possible values include:
          • "INBOUND"
          • "OUTBOUND"
        • IpAddressCount — (Integer)

          The number of IP addresses that the Resolver endpoint can use for DNS queries.

        • HostVPCId — (String)

          The ID of the VPC that you want to create the Resolver endpoint in.

        • Status — (String)

          A code that specifies the current status of the Resolver endpoint. Valid values include the following:

          • CREATING: Resolver is creating and configuring one or more Amazon VPC network interfaces for this endpoint.

          • OPERATIONAL: The Amazon VPC network interfaces for this endpoint are correctly configured and able to pass inbound or outbound DNS queries between your network and Resolver.

          • UPDATING: Resolver is associating or disassociating one or more network interfaces with this endpoint.

          • AUTO_RECOVERING: Resolver is trying to recover one or more of the network interfaces that are associated with this endpoint. During the recovery process, the endpoint functions with limited capacity because of the limit on the number of DNS queries per IP address (per network interface). For the current limit, see Limits on Route 53 Resolver.

          • ACTION_NEEDED: This endpoint is unhealthy, and Resolver can't automatically recover it. To resolve the problem, we recommend that you check each IP address that you associated with the endpoint. For each IP address that isn't available, add another IP address and then delete the IP address that isn't available. (An endpoint must always include at least two IP addresses.) A status of ACTION_NEEDED can have a variety of causes. Here are two common causes:

            • One or more of the network interfaces that are associated with the endpoint were deleted using Amazon VPC.

            • The network interface couldn't be created for some reason that's outside the control of Resolver.

          • DELETING: Resolver is deleting this endpoint and the associated network interfaces.

          Possible values include:
          • "CREATING"
          • "OPERATIONAL"
          • "UPDATING"
          • "AUTO_RECOVERING"
          • "ACTION_NEEDED"
          • "DELETING"
        • StatusMessage — (String)

          A detailed description of the status of the Resolver endpoint.

        • CreationTime — (String)

          The date and time that the endpoint was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the endpoint was last modified, in Unix time format and Coordinated Universal Time (UTC).

        • OutpostArn — (String)

          The ARN (Amazon Resource Name) for the Outpost.

        • PreferredInstanceType — (String)

          The Amazon EC2 instance type.

        • ResolverEndpointType — (String)

          The Resolver endpoint IP address type.

          Possible values include:
          • "IPV6"
          • "IPV4"
          • "DUALSTACK"
        • Protocols — (Array<String>)

          Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

          For an inbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 and DoH-FIPS in combination.

          • Do53 alone.

          • DoH alone.

          • DoH-FIPS alone.

          • None, which is treated as Do53.

          For an outbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 alone.

          • DoH alone.

          • None, which is treated as Do53.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

associateResolverQueryLogConfig(params = {}, callback) ⇒ AWS.Request

Associates an Amazon VPC with a specified query logging configuration. Route 53 Resolver logs DNS queries that originate in all of the Amazon VPCs that are associated with a specified query logging configuration. To associate more than one VPC with a configuration, submit one AssociateResolverQueryLogConfig request for each VPC.

Note: The VPCs that you associate with a query logging configuration must be in the same Region as the configuration.

To remove a VPC from a query logging configuration, see DisassociateResolverQueryLogConfig.

Service Reference:

Examples:

Calling the associateResolverQueryLogConfig operation

var params = {
  ResolverQueryLogConfigId: 'STRING_VALUE', /* required */
  ResourceId: 'STRING_VALUE' /* required */
};
route53resolver.associateResolverQueryLogConfig(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverQueryLogConfigId — (String)

      The ID of the query logging configuration that you want to associate a VPC with.

    • ResourceId — (String)

      The ID of an Amazon VPC that you want this query logging configuration to log queries for.

      Note: The VPCs and the query logging configuration must be in the same Region.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverQueryLogConfigAssociation — (map)

        A complex type that contains settings for a specified association between an Amazon VPC and a query logging configuration.

        • Id — (String)

          The ID of the query logging association.

        • ResolverQueryLogConfigId — (String)

          The ID of the query logging configuration that a VPC is associated with.

        • ResourceId — (String)

          The ID of the Amazon VPC that is associated with the query logging configuration.

        • Status — (String)

          The status of the specified query logging association. Valid values include the following:

          • CREATING: Resolver is creating an association between an Amazon VPC and a query logging configuration.

          • CREATED: The association between an Amazon VPC and a query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC.

          • DELETING: Resolver is deleting this query logging association.

          • FAILED: Resolver either couldn't create or couldn't delete the query logging association.

          Possible values include:
          • "CREATING"
          • "ACTIVE"
          • "ACTION_NEEDED"
          • "DELETING"
          • "FAILED"
        • Error — (String)

          If the value of Status is FAILED, the value of Error indicates the cause:

          • DESTINATION_NOT_FOUND: The specified destination (for example, an Amazon S3 bucket) was deleted.

          • ACCESS_DENIED: Permissions don't allow sending logs to the destination.

          If the value of Status is a value other than FAILED, Error is null.

          Possible values include:
          • "NONE"
          • "DESTINATION_NOT_FOUND"
          • "ACCESS_DENIED"
          • "INTERNAL_SERVICE_ERROR"
        • ErrorMessage — (String)

          Contains additional information about the error. If the value or Error is null, the value of ErrorMessage also is null.

        • CreationTime — (String)

          The date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

associateResolverRule(params = {}, callback) ⇒ AWS.Request

Associates a Resolver rule with a VPC. When you associate a rule with a VPC, Resolver forwards all DNS queries for the domain name that is specified in the rule and that originate in the VPC. The queries are forwarded to the IP addresses for the DNS resolvers that are specified in the rule. For more information about rules, see CreateResolverRule.

Service Reference:

Examples:

Calling the associateResolverRule operation

var params = {
  ResolverRuleId: 'STRING_VALUE', /* required */
  VPCId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE'
};
route53resolver.associateResolverRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverRuleId — (String)

      The ID of the Resolver rule that you want to associate with the VPC. To list the existing Resolver rules, use ListResolverRules.

    • Name — (String)

      A name for the association that you're creating between a Resolver rule and a VPC.

    • VPCId — (String)

      The ID of the VPC that you want to associate the Resolver rule with.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverRuleAssociation — (map)

        Information about the AssociateResolverRule request, including the status of the request.

        • Id — (String)

          The ID of the association between a Resolver rule and a VPC. Resolver assigns this value when you submit an AssociateResolverRule request.

        • ResolverRuleId — (String)

          The ID of the Resolver rule that you associated with the VPC that is specified by VPCId.

        • Name — (String)

          The name of an association between a Resolver rule and a VPC.

        • VPCId — (String)

          The ID of the VPC that you associated the Resolver rule with.

        • Status — (String)

          A code that specifies the current status of the association between a Resolver rule and a VPC.

          Possible values include:
          • "CREATING"
          • "COMPLETE"
          • "DELETING"
          • "FAILED"
          • "OVERRIDDEN"
        • StatusMessage — (String)

          A detailed description of the status of the association between a Resolver rule and a VPC.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createFirewallDomainList(params = {}, callback) ⇒ AWS.Request

Creates an empty firewall domain list for use in DNS Firewall rules. You can populate the domains for the new list with a file, using ImportFirewallDomains, or with domain strings, using UpdateFirewallDomains.

Service Reference:

Examples:

Calling the createFirewallDomainList operation

var params = {
  CreatorRequestId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
route53resolver.createFirewallDomainList(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • CreatorRequestId — (String)

      A unique string that identifies the request and that allows you to retry failed requests without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp.

      If a token is not provided, the SDK will use a version 4 UUID.
    • Name — (String)

      A name that lets you identify the domain list to manage and use it.

    • Tags — (Array<map>)

      A list of the tag keys and values that you want to associate with the domain list.

      • Keyrequired — (String)

        The name for the tag. For example, if you want to associate Resolver resources with the account IDs of your customers for billing purposes, the value of Key might be account-id.

      • Valuerequired — (String)

        The value for the tag. For example, if Key is account-id, then Value might be the ID of the customer account that you're creating the resource for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallDomainList — (map)

        The domain list that you just created.

        • Id — (String)

          The ID of the domain list.

        • Arn — (String)

          The Amazon Resource Name (ARN) of the firewall domain list.

        • Name — (String)

          The name of the domain list.

        • DomainCount — (Integer)

          The number of domain names that are specified in the domain list.

        • Status — (String)

          The status of the domain list.

          Possible values include:
          • "COMPLETE"
          • "COMPLETE_IMPORT_FAILED"
          • "IMPORTING"
          • "DELETING"
          • "UPDATING"
        • StatusMessage — (String)

          Additional information about the status of the list, if available.

        • ManagedOwnerName — (String)

          The owner of the list, used only for lists that are not managed by you. For example, the managed domain list AWSManagedDomainsMalwareDomainList has the managed owner name Route 53 Resolver DNS Firewall.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • CreationTime — (String)

          The date and time that the domain list was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the domain list was last modified, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createFirewallRule(params = {}, callback) ⇒ AWS.Request

Creates a single DNS Firewall rule in the specified rule group, using the specified domain list.

Service Reference:

Examples:

Calling the createFirewallRule operation

var params = {
  Action: ALLOW | BLOCK | ALERT, /* required */
  CreatorRequestId: 'STRING_VALUE', /* required */
  FirewallDomainListId: 'STRING_VALUE', /* required */
  FirewallRuleGroupId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  Priority: 'NUMBER_VALUE', /* required */
  BlockOverrideDnsType: CNAME,
  BlockOverrideDomain: 'STRING_VALUE',
  BlockOverrideTtl: 'NUMBER_VALUE',
  BlockResponse: NODATA | NXDOMAIN | OVERRIDE,
  Qtype: 'STRING_VALUE'
};
route53resolver.createFirewallRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • CreatorRequestId — (String)

      A unique string that identifies the request and that allows you to retry failed requests without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp.

      If a token is not provided, the SDK will use a version 4 UUID.
    • FirewallRuleGroupId — (String)

      The unique identifier of the firewall rule group where you want to create the rule.

    • FirewallDomainListId — (String)

      The ID of the domain list that you want to use in the rule.

    • Priority — (Integer)

      The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.

      You must specify a unique priority for each rule in a rule group. To make it easier to insert rules later, leave space between the numbers, for example, use 100, 200, and so on. You can change the priority setting for the rules in a rule group at any time.

    • Action — (String)

      The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:

      • ALLOW - Permit the request to go through.

      • ALERT - Permit the request and send metrics and logs to Cloud Watch.

      • BLOCK - Disallow the request. This option requires additional details in the rule's BlockResponse.

      Possible values include:
      • "ALLOW"
      • "BLOCK"
      • "ALERT"
    • BlockResponse — (String)

      The way that you want DNS Firewall to block the request, used with the rule action setting BLOCK.

      • NODATA - Respond indicating that the query was successful, but no response is available for it.

      • NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.

      • OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.

      This setting is required if the rule action setting is BLOCK.

      Possible values include:
      • "NODATA"
      • "NXDOMAIN"
      • "OVERRIDE"
    • BlockOverrideDomain — (String)

      The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

      This setting is required if the BlockResponse setting is OVERRIDE.

    • BlockOverrideDnsType — (String)

      The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

      This setting is required if the BlockResponse setting is OVERRIDE.

      Possible values include:
      • "CNAME"
    • BlockOverrideTtl — (Integer)

      The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

      This setting is required if the BlockResponse setting is OVERRIDE.

    • Name — (String)

      A name that lets you identify the rule in the rule group.

    • Qtype — (String)

      The DNS query type you want the rule to evaluate. Allowed values are;

      • A: Returns an IPv4 address.

      • AAAA: Returns an Ipv6 address.

      • CAA: Restricts CAs that can create SSL/TLS certifications for the domain.

      • CNAME: Returns another domain name.

      • DS: Record that identifies the DNSSEC signing key of a delegated zone.

      • MX: Specifies mail servers.

      • NAPTR: Regular-expression-based rewriting of domain names.

      • NS: Authoritative name servers.

      • PTR: Maps an IP address to a domain name.

      • SOA: Start of authority record for the zone.

      • SPF: Lists the servers authorized to send emails from a domain.

      • SRV: Application specific values that identify servers.

      • TXT: Verifies email senders and application-specific values.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallRule — (map)

        The firewall rule that you just created.

        • FirewallRuleGroupId — (String)

          The unique identifier of the firewall rule group of the rule.

        • FirewallDomainListId — (String)

          The ID of the domain list that's used in the rule.

        • Name — (String)

          The name of the rule.

        • Priority — (Integer)

          The priority of the rule in the rule group. This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.

        • Action — (String)

          The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:

          • ALLOW - Permit the request to go through.

          • ALERT - Permit the request to go through but send an alert to the logs.

          • BLOCK - Disallow the request. If this is specified, additional handling details are provided in the rule's BlockResponse setting.

          Possible values include:
          • "ALLOW"
          • "BLOCK"
          • "ALERT"
        • BlockResponse — (String)

          The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK.

          • NODATA - Respond indicating that the query was successful, but no response is available for it.

          • NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.

          • OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.

          Possible values include:
          • "NODATA"
          • "NXDOMAIN"
          • "OVERRIDE"
        • BlockOverrideDomain — (String)

          The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

        • BlockOverrideDnsType — (String)

          The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

          Possible values include:
          • "CNAME"
        • BlockOverrideTtl — (Integer)

          The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.

        • CreationTime — (String)

          The date and time that the rule was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC).

        • Qtype — (String)

          The DNS query type you want the rule to evaluate. Allowed values are;

          • A: Returns an IPv4 address.

          • AAAA: Returns an Ipv6 address.

          • CAA: Restricts CAs that can create SSL/TLS certifications for the domain.

          • CNAME: Returns another domain name.

          • DS: Record that identifies the DNSSEC signing key of a delegated zone.

          • MX: Specifies mail servers.

          • NAPTR: Regular-expression-based rewriting of domain names.

          • NS: Authoritative name servers.

          • PTR: Maps an IP address to a domain name.

          • SOA: Start of authority record for the zone.

          • SPF: Lists the servers authorized to send emails from a domain.

          • SRV: Application specific values that identify servers.

          • TXT: Verifies email senders and application-specific values.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createFirewallRuleGroup(params = {}, callback) ⇒ AWS.Request

Creates an empty DNS Firewall rule group for filtering DNS network traffic in a VPC. You can add rules to the new rule group by calling CreateFirewallRule.

Service Reference:

Examples:

Calling the createFirewallRuleGroup operation

var params = {
  CreatorRequestId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
route53resolver.createFirewallRuleGroup(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • CreatorRequestId — (String)

      A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

      If a token is not provided, the SDK will use a version 4 UUID.
    • Name — (String)

      A name that lets you identify the rule group, to manage and use it.

    • Tags — (Array<map>)

      A list of the tag keys and values that you want to associate with the rule group.

      • Keyrequired — (String)

        The name for the tag. For example, if you want to associate Resolver resources with the account IDs of your customers for billing purposes, the value of Key might be account-id.

      • Valuerequired — (String)

        The value for the tag. For example, if Key is account-id, then Value might be the ID of the customer account that you're creating the resource for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallRuleGroup — (map)

        A collection of rules used to filter DNS network traffic.

        • Id — (String)

          The ID of the rule group.

        • Arn — (String)

          The ARN (Amazon Resource Name) of the rule group.

        • Name — (String)

          The name of the rule group.

        • RuleCount — (Integer)

          The number of rules in the rule group.

        • Status — (String)

          The status of the domain list.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
        • StatusMessage — (String)

          Additional information about the status of the rule group, if available.

        • OwnerId — (String)

          The Amazon Web Services account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • ShareStatus — (String)

          Whether the rule group is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM).

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"
        • CreationTime — (String)

          The date and time that the rule group was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the rule group was last modified, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createOutpostResolver(params = {}, callback) ⇒ AWS.Request

Creates a Route 53 Resolver on an Outpost.

Service Reference:

Examples:

Calling the createOutpostResolver operation

var params = {
  CreatorRequestId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  OutpostArn: 'STRING_VALUE', /* required */
  PreferredInstanceType: 'STRING_VALUE', /* required */
  InstanceCount: 'NUMBER_VALUE',
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
route53resolver.createOutpostResolver(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • CreatorRequestId — (String)

      A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice.

      CreatorRequestId can be any unique string, for example, a date/time stamp.

    • Name — (String)

      A friendly name that lets you easily find a configuration in the Resolver dashboard in the Route 53 console.

    • InstanceCount — (Integer)

      Number of Amazon EC2 instances for the Resolver on Outpost. The default and minimal value is 4.

    • PreferredInstanceType — (String)

      The Amazon EC2 instance type. If you specify this, you must also specify a value for the OutpostArn.

    • OutpostArn — (String)

      The Amazon Resource Name (ARN) of the Outpost. If you specify this, you must also specify a value for the PreferredInstanceType.

    • Tags — (Array<map>)

      A string that helps identify the Route 53 Resolvers on Outpost.

      • Keyrequired — (String)

        The name for the tag. For example, if you want to associate Resolver resources with the account IDs of your customers for billing purposes, the value of Key might be account-id.

      • Valuerequired — (String)

        The value for the tag. For example, if Key is account-id, then Value might be the ID of the customer account that you're creating the resource for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • OutpostResolver — (map)

        Information about the CreateOutpostResolver request, including the status of the request.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver on an Outpost.

        • CreationTime — (String)

          The date and time that the Outpost Resolver was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the Outpost Resolver was modified, in Unix time format and Coordinated Universal Time (UTC).

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • Id — (String)

          The ID of the Resolver on Outpost.

        • InstanceCount — (Integer)

          Amazon EC2 instance count for the Resolver on the Outpost.

        • PreferredInstanceType — (String)

          The Amazon EC2 instance type.

        • Name — (String)

          Name of the Resolver.

        • Status — (String)

          Status of the Resolver.

          Possible values include:
          • "CREATING"
          • "OPERATIONAL"
          • "UPDATING"
          • "DELETING"
          • "ACTION_NEEDED"
          • "FAILED_CREATION"
          • "FAILED_DELETION"
        • StatusMessage — (String)

          A detailed description of the Resolver.

        • OutpostArn — (String)

          The ARN (Amazon Resource Name) for the Outpost.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createResolverEndpoint(params = {}, callback) ⇒ AWS.Request

Creates a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound:

  • An inbound Resolver endpoint forwards DNS queries to the DNS service for a VPC from your network.

  • An outbound Resolver endpoint forwards DNS queries from the DNS service for a VPC to your network.

Service Reference:

Examples:

Calling the createResolverEndpoint operation

var params = {
  CreatorRequestId: 'STRING_VALUE', /* required */
  Direction: INBOUND | OUTBOUND, /* required */
  IpAddresses: [ /* required */
    {
      SubnetId: 'STRING_VALUE', /* required */
      Ip: 'STRING_VALUE',
      Ipv6: 'STRING_VALUE'
    },
    /* more items */
  ],
  SecurityGroupIds: [ /* required */
    'STRING_VALUE',
    /* more items */
  ],
  Name: 'STRING_VALUE',
  OutpostArn: 'STRING_VALUE',
  PreferredInstanceType: 'STRING_VALUE',
  Protocols: [
    DoH | Do53 | DoH-FIPS,
    /* more items */
  ],
  ResolverEndpointType: IPV6 | IPV4 | DUALSTACK,
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
route53resolver.createResolverEndpoint(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • CreatorRequestId — (String)

      A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp.

    • Name — (String)

      A friendly name that lets you easily find a configuration in the Resolver dashboard in the Route 53 console.

    • SecurityGroupIds — (Array<String>)

      The ID of one or more security groups that you want to use to control access to this VPC. The security group that you specify must include one or more inbound rules (for inbound Resolver endpoints) or outbound rules (for outbound Resolver endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

    • Direction — (String)

      Specify the applicable value:

      • INBOUND: Resolver forwards DNS queries to the DNS service for a VPC from your network

      • OUTBOUND: Resolver forwards DNS queries from the DNS service for a VPC to your network

      Possible values include:
      • "INBOUND"
      • "OUTBOUND"
    • IpAddresses — (Array<map>)

      The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC.

      Note: Even though the minimum is 1, Route 53 requires that you create at least two.
      • SubnetIdrequired — (String)

        The ID of the subnet that contains the IP address.

      • Ip — (String)

        The IPv4 address that you want to use for DNS queries.

      • Ipv6 — (String)

        The IPv6 address that you want to use for DNS queries.

    • OutpostArn — (String)

      The Amazon Resource Name (ARN) of the Outpost. If you specify this, you must also specify a value for the PreferredInstanceType.

    • PreferredInstanceType — (String)

      The instance type. If you specify this, you must also specify a value for the OutpostArn.

    • Tags — (Array<map>)

      A list of the tag keys and values that you want to associate with the endpoint.

      • Keyrequired — (String)

        The name for the tag. For example, if you want to associate Resolver resources with the account IDs of your customers for billing purposes, the value of Key might be account-id.

      • Valuerequired — (String)

        The value for the tag. For example, if Key is account-id, then Value might be the ID of the customer account that you're creating the resource for.

    • ResolverEndpointType — (String)

      For the endpoint type you can choose either IPv4, IPv6, or dual-stack. A dual-stack endpoint means that it will resolve via both IPv4 and IPv6. This endpoint type is applied to all IP addresses.

      Possible values include:
      • "IPV6"
      • "IPV4"
      • "DUALSTACK"
    • Protocols — (Array<String>)

      The protocols you want to use for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

      For an inbound endpoint you can apply the protocols as follows:

      • Do53 and DoH in combination.

      • Do53 and DoH-FIPS in combination.

      • Do53 alone.

      • DoH alone.

      • DoH-FIPS alone.

      • None, which is treated as Do53.

      For an outbound endpoint you can apply the protocols as follows:

      • Do53 and DoH in combination.

      • Do53 alone.

      • DoH alone.

      • None, which is treated as Do53.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverEndpoint — (map)

        Information about the CreateResolverEndpoint request, including the status of the request.

        • Id — (String)

          The ID of the Resolver endpoint.

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver endpoint.

        • Name — (String)

          The name that you assigned to the Resolver endpoint when you submitted a CreateResolverEndpoint request.

        • SecurityGroupIds — (Array<String>)

          The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

        • Direction — (String)

          Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:

          • INBOUND: allows DNS queries to your VPC from your network

          • OUTBOUND: allows DNS queries from your VPC to your network

          Possible values include:
          • "INBOUND"
          • "OUTBOUND"
        • IpAddressCount — (Integer)

          The number of IP addresses that the Resolver endpoint can use for DNS queries.

        • HostVPCId — (String)

          The ID of the VPC that you want to create the Resolver endpoint in.

        • Status — (String)

          A code that specifies the current status of the Resolver endpoint. Valid values include the following:

          • CREATING: Resolver is creating and configuring one or more Amazon VPC network interfaces for this endpoint.

          • OPERATIONAL: The Amazon VPC network interfaces for this endpoint are correctly configured and able to pass inbound or outbound DNS queries between your network and Resolver.

          • UPDATING: Resolver is associating or disassociating one or more network interfaces with this endpoint.

          • AUTO_RECOVERING: Resolver is trying to recover one or more of the network interfaces that are associated with this endpoint. During the recovery process, the endpoint functions with limited capacity because of the limit on the number of DNS queries per IP address (per network interface). For the current limit, see Limits on Route 53 Resolver.

          • ACTION_NEEDED: This endpoint is unhealthy, and Resolver can't automatically recover it. To resolve the problem, we recommend that you check each IP address that you associated with the endpoint. For each IP address that isn't available, add another IP address and then delete the IP address that isn't available. (An endpoint must always include at least two IP addresses.) A status of ACTION_NEEDED can have a variety of causes. Here are two common causes:

            • One or more of the network interfaces that are associated with the endpoint were deleted using Amazon VPC.

            • The network interface couldn't be created for some reason that's outside the control of Resolver.

          • DELETING: Resolver is deleting this endpoint and the associated network interfaces.

          Possible values include:
          • "CREATING"
          • "OPERATIONAL"
          • "UPDATING"
          • "AUTO_RECOVERING"
          • "ACTION_NEEDED"
          • "DELETING"
        • StatusMessage — (String)

          A detailed description of the status of the Resolver endpoint.

        • CreationTime — (String)

          The date and time that the endpoint was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the endpoint was last modified, in Unix time format and Coordinated Universal Time (UTC).

        • OutpostArn — (String)

          The ARN (Amazon Resource Name) for the Outpost.

        • PreferredInstanceType — (String)

          The Amazon EC2 instance type.

        • ResolverEndpointType — (String)

          The Resolver endpoint IP address type.

          Possible values include:
          • "IPV6"
          • "IPV4"
          • "DUALSTACK"
        • Protocols — (Array<String>)

          Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

          For an inbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 and DoH-FIPS in combination.

          • Do53 alone.

          • DoH alone.

          • DoH-FIPS alone.

          • None, which is treated as Do53.

          For an outbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 alone.

          • DoH alone.

          • None, which is treated as Do53.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createResolverQueryLogConfig(params = {}, callback) ⇒ AWS.Request

Creates a Resolver query logging configuration, which defines where you want Resolver to save DNS query logs that originate in your VPCs. Resolver can log queries only for VPCs that are in the same Region as the query logging configuration.

To specify which VPCs you want to log queries for, you use AssociateResolverQueryLogConfig. For more information, see AssociateResolverQueryLogConfig.

You can optionally use Resource Access Manager (RAM) to share a query logging configuration with other Amazon Web Services accounts. The other accounts can then associate VPCs with the configuration. The query logs that Resolver creates for a configuration include all DNS queries that originate in all VPCs that are associated with the configuration.

Service Reference:

Examples:

Calling the createResolverQueryLogConfig operation

var params = {
  CreatorRequestId: 'STRING_VALUE', /* required */
  DestinationArn: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
route53resolver.createResolverQueryLogConfig(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Name — (String)

      The name that you want to give the query logging configuration.

    • DestinationArn — (String)

      The ARN of the resource that you want Resolver to send query logs. You can send query logs to an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream. Examples of valid values include the following:

      • S3 bucket:

        arn:aws:s3:::examplebucket

        You can optionally append a file prefix to the end of the ARN.

        arn:aws:s3:::examplebucket/development/

      • CloudWatch Logs log group:

        arn:aws:logs:us-west-1:123456789012:log-group:/mystack-testgroup-12ABC1AB12A1:*

      • Kinesis Data Firehose delivery stream:

        arn:aws:kinesis:us-east-2:0123456789:stream/my_stream_name

    • CreatorRequestId — (String)

      A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp.

      If a token is not provided, the SDK will use a version 4 UUID.
    • Tags — (Array<map>)

      A list of the tag keys and values that you want to associate with the query logging configuration.

      • Keyrequired — (String)

        The name for the tag. For example, if you want to associate Resolver resources with the account IDs of your customers for billing purposes, the value of Key might be account-id.

      • Valuerequired — (String)

        The value for the tag. For example, if Key is account-id, then Value might be the ID of the customer account that you're creating the resource for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverQueryLogConfig — (map)

        Information about the CreateResolverQueryLogConfig request, including the status of the request.

        • Id — (String)

          The ID for the query logging configuration.

        • OwnerId — (String)

          The Amazon Web Services account ID for the account that created the query logging configuration.

        • Status — (String)

          The status of the specified query logging configuration. Valid values include the following:

          • CREATING: Resolver is creating the query logging configuration.

          • CREATED: The query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC.

          • DELETING: Resolver is deleting this query logging configuration.

          • FAILED: Resolver can't deliver logs to the location that is specified in the query logging configuration. Here are two common causes:

            • The specified destination (for example, an Amazon S3 bucket) was deleted.

            • Permissions don't allow sending logs to the destination.

          Possible values include:
          • "CREATING"
          • "CREATED"
          • "DELETING"
          • "FAILED"
        • ShareStatus — (String)

          An indication of whether the query logging configuration is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM).

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"
        • AssociationCount — (Integer)

          The number of VPCs that are associated with the query logging configuration.

        • Arn — (String)

          The ARN for the query logging configuration.

        • Name — (String)

          The name of the query logging configuration.

        • DestinationArn — (String)

          The ARN of the resource that you want Resolver to send query logs: an Amazon S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the query logging configuration. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • CreationTime — (String)

          The date and time that the query logging configuration was created, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createResolverRule(params = {}, callback) ⇒ AWS.Request

For DNS queries that originate in your VPCs, specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network.

Service Reference:

Examples:

Calling the createResolverRule operation

var params = {
  CreatorRequestId: 'STRING_VALUE', /* required */
  RuleType: FORWARD | SYSTEM | RECURSIVE, /* required */
  DomainName: 'STRING_VALUE',
  Name: 'STRING_VALUE',
  ResolverEndpointId: 'STRING_VALUE',
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ],
  TargetIps: [
    {
      Ip: 'STRING_VALUE',
      Ipv6: 'STRING_VALUE',
      Port: 'NUMBER_VALUE',
      Protocol: DoH | Do53 | DoH-FIPS
    },
    /* more items */
  ]
};
route53resolver.createResolverRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • CreatorRequestId — (String)

      A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp.

    • Name — (String)

      A friendly name that lets you easily find a rule in the Resolver dashboard in the Route 53 console.

    • RuleType — (String)

      When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD.

      When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.

      For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType.

      Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType.

      Possible values include:
      • "FORWARD"
      • "SYSTEM"
      • "RECURSIVE"
    • DomainName — (String)

      DNS queries for this domain name are forwarded to the IP addresses that you specify in TargetIps. If a query matches multiple Resolver rules (example.com and www.example.com), outbound DNS queries are routed using the Resolver rule that contains the most specific domain name (www.example.com).

    • TargetIps — (Array<map>)

      The IPs that you want Resolver to forward DNS queries to. You can specify either Ipv4 or Ipv6 addresses but not both in the same rule. Separate IP addresses with a space.

      TargetIps is available only when the value of Rule type is FORWARD.

      • Ip — (String)

        One IPv4 address that you want to forward DNS queries to.

      • Port — (Integer)

        The port at Ip that you want to forward DNS queries to.

      • Ipv6 — (String)

        One IPv6 address that you want to forward DNS queries to.

      • Protocol — (String)

        The protocols for the Resolver endpoints. DoH-FIPS is applicable for inbound endpoints only.

        For an inbound endpoint you can apply the protocols as follows:

        • Do53 and DoH in combination.

        • Do53 and DoH-FIPS in combination.

        • Do53 alone.

        • DoH alone.

        • DoH-FIPS alone.

        • None, which is treated as Do53.

        For an outbound endpoint you can apply the protocols as follows:

        • Do53 and DoH in combination.

        • Do53 alone.

        • DoH alone.

        • None, which is treated as Do53.

        Possible values include:
        • "DoH"
        • "Do53"
        • "DoH-FIPS"
    • ResolverEndpointId — (String)

      The ID of the outbound Resolver endpoint that you want to use to route DNS queries to the IP addresses that you specify in TargetIps.

    • Tags — (Array<map>)

      A list of the tag keys and values that you want to associate with the endpoint.

      • Keyrequired — (String)

        The name for the tag. For example, if you want to associate Resolver resources with the account IDs of your customers for billing purposes, the value of Key might be account-id.

      • Valuerequired — (String)

        The value for the tag. For example, if Key is account-id, then Value might be the ID of the customer account that you're creating the resource for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverRule — (map)

        Information about the CreateResolverRule request, including the status of the request.

        • Id — (String)

          The ID that Resolver assigned to the Resolver rule when you created it.

        • CreatorRequestId — (String)

          A unique string that you specified when you created the Resolver rule. CreatorRequestId identifies the request and allows failed requests to be retried without the risk of running the operation twice.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver rule specified by Id.

        • DomainName — (String)

          DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps. If a query matches multiple Resolver rules (example.com and www.example.com), the query is routed using the Resolver rule that contains the most specific domain name (www.example.com).

        • Status — (String)

          A code that specifies the current status of the Resolver rule.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
          • "FAILED"
        • StatusMessage — (String)

          A detailed description of the status of a Resolver rule.

        • RuleType — (String)

          When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD.

          When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.

          For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType.

          Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType.

          Possible values include:
          • "FORWARD"
          • "SYSTEM"
          • "RECURSIVE"
        • Name — (String)

          The name for the Resolver rule, which you specified when you created the Resolver rule.

        • TargetIps — (Array<map>)

          An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network.

          • Ip — (String)

            One IPv4 address that you want to forward DNS queries to.

          • Port — (Integer)

            The port at Ip that you want to forward DNS queries to.

          • Ipv6 — (String)

            One IPv6 address that you want to forward DNS queries to.

          • Protocol — (String)

            The protocols for the Resolver endpoints. DoH-FIPS is applicable for inbound endpoints only.

            For an inbound endpoint you can apply the protocols as follows:

            • Do53 and DoH in combination.

            • Do53 and DoH-FIPS in combination.

            • Do53 alone.

            • DoH alone.

            • DoH-FIPS alone.

            • None, which is treated as Do53.

            For an outbound endpoint you can apply the protocols as follows:

            • Do53 and DoH in combination.

            • Do53 alone.

            • DoH alone.

            • None, which is treated as Do53.

            Possible values include:
            • "DoH"
            • "Do53"
            • "DoH-FIPS"
        • ResolverEndpointId — (String)

          The ID of the endpoint that the rule is associated with.

        • OwnerId — (String)

          When a rule is shared with another Amazon Web Services account, the account ID of the account that the rule is shared with.

        • ShareStatus — (String)

          Whether the rule is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account.

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"
        • CreationTime — (String)

          The date and time that the Resolver rule was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the Resolver rule was last updated, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteFirewallDomainList(params = {}, callback) ⇒ AWS.Request

Deletes the specified domain list.

Service Reference:

Examples:

Calling the deleteFirewallDomainList operation

var params = {
  FirewallDomainListId: 'STRING_VALUE' /* required */
};
route53resolver.deleteFirewallDomainList(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • FirewallDomainListId — (String)

      The ID of the domain list that you want to delete.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallDomainList — (map)

        The domain list that you just deleted.

        • Id — (String)

          The ID of the domain list.

        • Arn — (String)

          The Amazon Resource Name (ARN) of the firewall domain list.

        • Name — (String)

          The name of the domain list.

        • DomainCount — (Integer)

          The number of domain names that are specified in the domain list.

        • Status — (String)

          The status of the domain list.

          Possible values include:
          • "COMPLETE"
          • "COMPLETE_IMPORT_FAILED"
          • "IMPORTING"
          • "DELETING"
          • "UPDATING"
        • StatusMessage — (String)

          Additional information about the status of the list, if available.

        • ManagedOwnerName — (String)

          The owner of the list, used only for lists that are not managed by you. For example, the managed domain list AWSManagedDomainsMalwareDomainList has the managed owner name Route 53 Resolver DNS Firewall.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • CreationTime — (String)

          The date and time that the domain list was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the domain list was last modified, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteFirewallRule(params = {}, callback) ⇒ AWS.Request

Deletes the specified firewall rule.

Service Reference:

Examples:

Calling the deleteFirewallRule operation

var params = {
  FirewallDomainListId: 'STRING_VALUE', /* required */
  FirewallRuleGroupId: 'STRING_VALUE', /* required */
  Qtype: 'STRING_VALUE'
};
route53resolver.deleteFirewallRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • FirewallRuleGroupId — (String)

      The unique identifier of the firewall rule group that you want to delete the rule from.

    • FirewallDomainListId — (String)

      The ID of the domain list that's used in the rule.

    • Qtype — (String)

      The DNS query type that the rule you are deleting evaluates. Allowed values are;

      • A: Returns an IPv4 address.

      • AAAA: Returns an Ipv6 address.

      • CAA: Restricts CAs that can create SSL/TLS certifications for the domain.

      • CNAME: Returns another domain name.

      • DS: Record that identifies the DNSSEC signing key of a delegated zone.

      • MX: Specifies mail servers.

      • NAPTR: Regular-expression-based rewriting of domain names.

      • NS: Authoritative name servers.

      • PTR: Maps an IP address to a domain name.

      • SOA: Start of authority record for the zone.

      • SPF: Lists the servers authorized to send emails from a domain.

      • SRV: Application specific values that identify servers.

      • TXT: Verifies email senders and application-specific values.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallRule — (map)

        The specification for the firewall rule that you just deleted.

        • FirewallRuleGroupId — (String)

          The unique identifier of the firewall rule group of the rule.

        • FirewallDomainListId — (String)

          The ID of the domain list that's used in the rule.

        • Name — (String)

          The name of the rule.

        • Priority — (Integer)

          The priority of the rule in the rule group. This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.

        • Action — (String)

          The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:

          • ALLOW - Permit the request to go through.

          • ALERT - Permit the request to go through but send an alert to the logs.

          • BLOCK - Disallow the request. If this is specified, additional handling details are provided in the rule's BlockResponse setting.

          Possible values include:
          • "ALLOW"
          • "BLOCK"
          • "ALERT"
        • BlockResponse — (String)

          The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK.

          • NODATA - Respond indicating that the query was successful, but no response is available for it.

          • NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.

          • OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.

          Possible values include:
          • "NODATA"
          • "NXDOMAIN"
          • "OVERRIDE"
        • BlockOverrideDomain — (String)

          The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

        • BlockOverrideDnsType — (String)

          The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

          Possible values include:
          • "CNAME"
        • BlockOverrideTtl — (Integer)

          The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.

        • CreationTime — (String)

          The date and time that the rule was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC).

        • Qtype — (String)

          The DNS query type you want the rule to evaluate. Allowed values are;

          • A: Returns an IPv4 address.

          • AAAA: Returns an Ipv6 address.

          • CAA: Restricts CAs that can create SSL/TLS certifications for the domain.

          • CNAME: Returns another domain name.

          • DS: Record that identifies the DNSSEC signing key of a delegated zone.

          • MX: Specifies mail servers.

          • NAPTR: Regular-expression-based rewriting of domain names.

          • NS: Authoritative name servers.

          • PTR: Maps an IP address to a domain name.

          • SOA: Start of authority record for the zone.

          • SPF: Lists the servers authorized to send emails from a domain.

          • SRV: Application specific values that identify servers.

          • TXT: Verifies email senders and application-specific values.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteFirewallRuleGroup(params = {}, callback) ⇒ AWS.Request

Deletes the specified firewall rule group.

Service Reference:

Examples:

Calling the deleteFirewallRuleGroup operation

var params = {
  FirewallRuleGroupId: 'STRING_VALUE' /* required */
};
route53resolver.deleteFirewallRuleGroup(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • FirewallRuleGroupId — (String)

      The unique identifier of the firewall rule group that you want to delete.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallRuleGroup — (map)

        A collection of rules used to filter DNS network traffic.

        • Id — (String)

          The ID of the rule group.

        • Arn — (String)

          The ARN (Amazon Resource Name) of the rule group.

        • Name — (String)

          The name of the rule group.

        • RuleCount — (Integer)

          The number of rules in the rule group.

        • Status — (String)

          The status of the domain list.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
        • StatusMessage — (String)

          Additional information about the status of the rule group, if available.

        • OwnerId — (String)

          The Amazon Web Services account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • ShareStatus — (String)

          Whether the rule group is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM).

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"
        • CreationTime — (String)

          The date and time that the rule group was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the rule group was last modified, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteOutpostResolver(params = {}, callback) ⇒ AWS.Request

Deletes a Resolver on the Outpost.

Service Reference:

Examples:

Calling the deleteOutpostResolver operation

var params = {
  Id: 'STRING_VALUE' /* required */
};
route53resolver.deleteOutpostResolver(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Id — (String)

      A unique string that identifies the Resolver on the Outpost.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • OutpostResolver — (map)

        Information about the DeleteOutpostResolver request, including the status of the request.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver on an Outpost.

        • CreationTime — (String)

          The date and time that the Outpost Resolver was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the Outpost Resolver was modified, in Unix time format and Coordinated Universal Time (UTC).

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • Id — (String)

          The ID of the Resolver on Outpost.

        • InstanceCount — (Integer)

          Amazon EC2 instance count for the Resolver on the Outpost.

        • PreferredInstanceType — (String)

          The Amazon EC2 instance type.

        • Name — (String)

          Name of the Resolver.

        • Status — (String)

          Status of the Resolver.

          Possible values include:
          • "CREATING"
          • "OPERATIONAL"
          • "UPDATING"
          • "DELETING"
          • "ACTION_NEEDED"
          • "FAILED_CREATION"
          • "FAILED_DELETION"
        • StatusMessage — (String)

          A detailed description of the Resolver.

        • OutpostArn — (String)

          The ARN (Amazon Resource Name) for the Outpost.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteResolverEndpoint(params = {}, callback) ⇒ AWS.Request

Deletes a Resolver endpoint. The effect of deleting a Resolver endpoint depends on whether it's an inbound or an outbound Resolver endpoint:

  • Inbound: DNS queries from your network are no longer routed to the DNS service for the specified VPC.

  • Outbound: DNS queries from a VPC are no longer routed to your network.

Service Reference:

Examples:

Calling the deleteResolverEndpoint operation

var params = {
  ResolverEndpointId: 'STRING_VALUE' /* required */
};
route53resolver.deleteResolverEndpoint(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverEndpointId — (String)

      The ID of the Resolver endpoint that you want to delete.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverEndpoint — (map)

        Information about the DeleteResolverEndpoint request, including the status of the request.

        • Id — (String)

          The ID of the Resolver endpoint.

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver endpoint.

        • Name — (String)

          The name that you assigned to the Resolver endpoint when you submitted a CreateResolverEndpoint request.

        • SecurityGroupIds — (Array<String>)

          The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

        • Direction — (String)

          Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:

          • INBOUND: allows DNS queries to your VPC from your network

          • OUTBOUND: allows DNS queries from your VPC to your network

          Possible values include:
          • "INBOUND"
          • "OUTBOUND"
        • IpAddressCount — (Integer)

          The number of IP addresses that the Resolver endpoint can use for DNS queries.

        • HostVPCId — (String)

          The ID of the VPC that you want to create the Resolver endpoint in.

        • Status — (String)

          A code that specifies the current status of the Resolver endpoint. Valid values include the following:

          • CREATING: Resolver is creating and configuring one or more Amazon VPC network interfaces for this endpoint.

          • OPERATIONAL: The Amazon VPC network interfaces for this endpoint are correctly configured and able to pass inbound or outbound DNS queries between your network and Resolver.

          • UPDATING: Resolver is associating or disassociating one or more network interfaces with this endpoint.

          • AUTO_RECOVERING: Resolver is trying to recover one or more of the network interfaces that are associated with this endpoint. During the recovery process, the endpoint functions with limited capacity because of the limit on the number of DNS queries per IP address (per network interface). For the current limit, see Limits on Route 53 Resolver.

          • ACTION_NEEDED: This endpoint is unhealthy, and Resolver can't automatically recover it. To resolve the problem, we recommend that you check each IP address that you associated with the endpoint. For each IP address that isn't available, add another IP address and then delete the IP address that isn't available. (An endpoint must always include at least two IP addresses.) A status of ACTION_NEEDED can have a variety of causes. Here are two common causes:

            • One or more of the network interfaces that are associated with the endpoint were deleted using Amazon VPC.

            • The network interface couldn't be created for some reason that's outside the control of Resolver.

          • DELETING: Resolver is deleting this endpoint and the associated network interfaces.

          Possible values include:
          • "CREATING"
          • "OPERATIONAL"
          • "UPDATING"
          • "AUTO_RECOVERING"
          • "ACTION_NEEDED"
          • "DELETING"
        • StatusMessage — (String)

          A detailed description of the status of the Resolver endpoint.

        • CreationTime — (String)

          The date and time that the endpoint was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the endpoint was last modified, in Unix time format and Coordinated Universal Time (UTC).

        • OutpostArn — (String)

          The ARN (Amazon Resource Name) for the Outpost.

        • PreferredInstanceType — (String)

          The Amazon EC2 instance type.

        • ResolverEndpointType — (String)

          The Resolver endpoint IP address type.

          Possible values include:
          • "IPV6"
          • "IPV4"
          • "DUALSTACK"
        • Protocols — (Array<String>)

          Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

          For an inbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 and DoH-FIPS in combination.

          • Do53 alone.

          • DoH alone.

          • DoH-FIPS alone.

          • None, which is treated as Do53.

          For an outbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 alone.

          • DoH alone.

          • None, which is treated as Do53.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteResolverQueryLogConfig(params = {}, callback) ⇒ AWS.Request

Deletes a query logging configuration. When you delete a configuration, Resolver stops logging DNS queries for all of the Amazon VPCs that are associated with the configuration. This also applies if the query logging configuration is shared with other Amazon Web Services accounts, and the other accounts have associated VPCs with the shared configuration.

Before you can delete a query logging configuration, you must first disassociate all VPCs from the configuration. See DisassociateResolverQueryLogConfig.

If you used Resource Access Manager (RAM) to share a query logging configuration with other accounts, you must stop sharing the configuration before you can delete a configuration. The accounts that you shared the configuration with can first disassociate VPCs that they associated with the configuration, but that's not necessary. If you stop sharing the configuration, those VPCs are automatically disassociated from the configuration.

Service Reference:

Examples:

Calling the deleteResolverQueryLogConfig operation

var params = {
  ResolverQueryLogConfigId: 'STRING_VALUE' /* required */
};
route53resolver.deleteResolverQueryLogConfig(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverQueryLogConfigId — (String)

      The ID of the query logging configuration that you want to delete.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverQueryLogConfig — (map)

        Information about the query logging configuration that you deleted, including the status of the request.

        • Id — (String)

          The ID for the query logging configuration.

        • OwnerId — (String)

          The Amazon Web Services account ID for the account that created the query logging configuration.

        • Status — (String)

          The status of the specified query logging configuration. Valid values include the following:

          • CREATING: Resolver is creating the query logging configuration.

          • CREATED: The query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC.

          • DELETING: Resolver is deleting this query logging configuration.

          • FAILED: Resolver can't deliver logs to the location that is specified in the query logging configuration. Here are two common causes:

            • The specified destination (for example, an Amazon S3 bucket) was deleted.

            • Permissions don't allow sending logs to the destination.

          Possible values include:
          • "CREATING"
          • "CREATED"
          • "DELETING"
          • "FAILED"
        • ShareStatus — (String)

          An indication of whether the query logging configuration is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM).

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"
        • AssociationCount — (Integer)

          The number of VPCs that are associated with the query logging configuration.

        • Arn — (String)

          The ARN for the query logging configuration.

        • Name — (String)

          The name of the query logging configuration.

        • DestinationArn — (String)

          The ARN of the resource that you want Resolver to send query logs: an Amazon S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the query logging configuration. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • CreationTime — (String)

          The date and time that the query logging configuration was created, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteResolverRule(params = {}, callback) ⇒ AWS.Request

Deletes a Resolver rule. Before you can delete a Resolver rule, you must disassociate it from all the VPCs that you associated the Resolver rule with. For more information, see DisassociateResolverRule.

Service Reference:

Examples:

Calling the deleteResolverRule operation

var params = {
  ResolverRuleId: 'STRING_VALUE' /* required */
};
route53resolver.deleteResolverRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverRuleId — (String)

      The ID of the Resolver rule that you want to delete.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverRule — (map)

        Information about the DeleteResolverRule request, including the status of the request.

        • Id — (String)

          The ID that Resolver assigned to the Resolver rule when you created it.

        • CreatorRequestId — (String)

          A unique string that you specified when you created the Resolver rule. CreatorRequestId identifies the request and allows failed requests to be retried without the risk of running the operation twice.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver rule specified by Id.

        • DomainName — (String)

          DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps. If a query matches multiple Resolver rules (example.com and www.example.com), the query is routed using the Resolver rule that contains the most specific domain name (www.example.com).

        • Status — (String)

          A code that specifies the current status of the Resolver rule.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
          • "FAILED"
        • StatusMessage — (String)

          A detailed description of the status of a Resolver rule.

        • RuleType — (String)

          When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD.

          When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.

          For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType.

          Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType.

          Possible values include:
          • "FORWARD"
          • "SYSTEM"
          • "RECURSIVE"
        • Name — (String)

          The name for the Resolver rule, which you specified when you created the Resolver rule.

        • TargetIps — (Array<map>)

          An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network.

          • Ip — (String)

            One IPv4 address that you want to forward DNS queries to.

          • Port — (Integer)

            The port at Ip that you want to forward DNS queries to.

          • Ipv6 — (String)

            One IPv6 address that you want to forward DNS queries to.

          • Protocol — (String)

            The protocols for the Resolver endpoints. DoH-FIPS is applicable for inbound endpoints only.

            For an inbound endpoint you can apply the protocols as follows:

            • Do53 and DoH in combination.

            • Do53 and DoH-FIPS in combination.

            • Do53 alone.

            • DoH alone.

            • DoH-FIPS alone.

            • None, which is treated as Do53.

            For an outbound endpoint you can apply the protocols as follows:

            • Do53 and DoH in combination.

            • Do53 alone.

            • DoH alone.

            • None, which is treated as Do53.

            Possible values include:
            • "DoH"
            • "Do53"
            • "DoH-FIPS"
        • ResolverEndpointId — (String)

          The ID of the endpoint that the rule is associated with.

        • OwnerId — (String)

          When a rule is shared with another Amazon Web Services account, the account ID of the account that the rule is shared with.

        • ShareStatus — (String)

          Whether the rule is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account.

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"
        • CreationTime — (String)

          The date and time that the Resolver rule was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the Resolver rule was last updated, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

disassociateFirewallRuleGroup(params = {}, callback) ⇒ AWS.Request

Disassociates a FirewallRuleGroup from a VPC, to remove DNS filtering from the VPC.

Service Reference:

Examples:

Calling the disassociateFirewallRuleGroup operation

var params = {
  FirewallRuleGroupAssociationId: 'STRING_VALUE' /* required */
};
route53resolver.disassociateFirewallRuleGroup(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallRuleGroupAssociation — (map)

        The firewall rule group association that you just removed.

        • Id — (String)

          The identifier for the association.

        • Arn — (String)

          The Amazon Resource Name (ARN) of the firewall rule group association.

        • FirewallRuleGroupId — (String)

          The unique identifier of the firewall rule group.

        • VpcId — (String)

          The unique identifier of the VPC that is associated with the rule group.

        • Name — (String)

          The name of the association.

        • Priority — (Integer)

          The setting that determines the processing order of the rule group among the rule groups that are associated with a single VPC. DNS Firewall filters VPC traffic starting from rule group with the lowest numeric priority setting.

        • MutationProtection — (String)

          If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections.

          Possible values include:
          • "ENABLED"
          • "DISABLED"
        • ManagedOwnerName — (String)

          The owner of the association, used only for associations that are not managed by you. If you use Firewall Manager to manage your DNS Firewalls, then this reports Firewall Manager as the managed owner.

        • Status — (String)

          The current status of the association.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
        • StatusMessage — (String)

          Additional information about the status of the response, if available.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • CreationTime — (String)

          The date and time that the association was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the association was last modified, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

disassociateResolverEndpointIpAddress(params = {}, callback) ⇒ AWS.Request

Removes IP addresses from an inbound or an outbound Resolver endpoint. If you want to remove more than one IP address, submit one DisassociateResolverEndpointIpAddress request for each IP address.

To add an IP address to an endpoint, see AssociateResolverEndpointIpAddress.

Examples:

Calling the disassociateResolverEndpointIpAddress operation

var params = {
  IpAddress: { /* required */
    Ip: 'STRING_VALUE',
    IpId: 'STRING_VALUE',
    Ipv6: 'STRING_VALUE',
    SubnetId: 'STRING_VALUE'
  },
  ResolverEndpointId: 'STRING_VALUE' /* required */
};
route53resolver.disassociateResolverEndpointIpAddress(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverEndpointId — (String)

      The ID of the Resolver endpoint that you want to disassociate an IP address from.

    • IpAddress — (map)

      The IPv4 address that you want to remove from a Resolver endpoint.

      • IpId — (String)

        Only when removing an IP address from a Resolver endpoint: The ID of the IP address that you want to remove. To get this ID, use GetResolverEndpoint.

      • SubnetId — (String)

        The ID of the subnet that includes the IP address that you want to update. To get this ID, use GetResolverEndpoint.

      • Ip — (String)

        The new IPv4 address.

      • Ipv6 — (String)

        The new IPv6 address.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverEndpoint — (map)

        The response to an DisassociateResolverEndpointIpAddress request.

        • Id — (String)

          The ID of the Resolver endpoint.

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver endpoint.

        • Name — (String)

          The name that you assigned to the Resolver endpoint when you submitted a CreateResolverEndpoint request.

        • SecurityGroupIds — (Array<String>)

          The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

        • Direction — (String)

          Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:

          • INBOUND: allows DNS queries to your VPC from your network

          • OUTBOUND: allows DNS queries from your VPC to your network

          Possible values include:
          • "INBOUND"
          • "OUTBOUND"
        • IpAddressCount — (Integer)

          The number of IP addresses that the Resolver endpoint can use for DNS queries.

        • HostVPCId — (String)

          The ID of the VPC that you want to create the Resolver endpoint in.

        • Status — (String)

          A code that specifies the current status of the Resolver endpoint. Valid values include the following:

          • CREATING: Resolver is creating and configuring one or more Amazon VPC network interfaces for this endpoint.

          • OPERATIONAL: The Amazon VPC network interfaces for this endpoint are correctly configured and able to pass inbound or outbound DNS queries between your network and Resolver.

          • UPDATING: Resolver is associating or disassociating one or more network interfaces with this endpoint.

          • AUTO_RECOVERING: Resolver is trying to recover one or more of the network interfaces that are associated with this endpoint. During the recovery process, the endpoint functions with limited capacity because of the limit on the number of DNS queries per IP address (per network interface). For the current limit, see Limits on Route 53 Resolver.

          • ACTION_NEEDED: This endpoint is unhealthy, and Resolver can't automatically recover it. To resolve the problem, we recommend that you check each IP address that you associated with the endpoint. For each IP address that isn't available, add another IP address and then delete the IP address that isn't available. (An endpoint must always include at least two IP addresses.) A status of ACTION_NEEDED can have a variety of causes. Here are two common causes:

            • One or more of the network interfaces that are associated with the endpoint were deleted using Amazon VPC.

            • The network interface couldn't be created for some reason that's outside the control of Resolver.

          • DELETING: Resolver is deleting this endpoint and the associated network interfaces.

          Possible values include:
          • "CREATING"
          • "OPERATIONAL"
          • "UPDATING"
          • "AUTO_RECOVERING"
          • "ACTION_NEEDED"
          • "DELETING"
        • StatusMessage — (String)

          A detailed description of the status of the Resolver endpoint.

        • CreationTime — (String)

          The date and time that the endpoint was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the endpoint was last modified, in Unix time format and Coordinated Universal Time (UTC).

        • OutpostArn — (String)

          The ARN (Amazon Resource Name) for the Outpost.

        • PreferredInstanceType — (String)

          The Amazon EC2 instance type.

        • ResolverEndpointType — (String)

          The Resolver endpoint IP address type.

          Possible values include:
          • "IPV6"
          • "IPV4"
          • "DUALSTACK"
        • Protocols — (Array<String>)

          Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

          For an inbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 and DoH-FIPS in combination.

          • Do53 alone.

          • DoH alone.

          • DoH-FIPS alone.

          • None, which is treated as Do53.

          For an outbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 alone.

          • DoH alone.

          • None, which is treated as Do53.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

disassociateResolverQueryLogConfig(params = {}, callback) ⇒ AWS.Request

Disassociates a VPC from a query logging configuration.

Note: Before you can delete a query logging configuration, you must first disassociate all VPCs from the configuration. If you used Resource Access Manager (RAM) to share a query logging configuration with other accounts, VPCs can be disassociated from the configuration in the following ways:
  • The accounts that you shared the configuration with can disassociate VPCs from the configuration.
  • You can stop sharing the configuration.

Examples:

Calling the disassociateResolverQueryLogConfig operation

var params = {
  ResolverQueryLogConfigId: 'STRING_VALUE', /* required */
  ResourceId: 'STRING_VALUE' /* required */
};
route53resolver.disassociateResolverQueryLogConfig(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverQueryLogConfigId — (String)

      The ID of the query logging configuration that you want to disassociate a specified VPC from.

    • ResourceId — (String)

      The ID of the Amazon VPC that you want to disassociate from a specified query logging configuration.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverQueryLogConfigAssociation — (map)

        A complex type that contains settings for the association that you deleted between an Amazon VPC and a query logging configuration.

        • Id — (String)

          The ID of the query logging association.

        • ResolverQueryLogConfigId — (String)

          The ID of the query logging configuration that a VPC is associated with.

        • ResourceId — (String)

          The ID of the Amazon VPC that is associated with the query logging configuration.

        • Status — (String)

          The status of the specified query logging association. Valid values include the following:

          • CREATING: Resolver is creating an association between an Amazon VPC and a query logging configuration.

          • CREATED: The association between an Amazon VPC and a query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC.

          • DELETING: Resolver is deleting this query logging association.

          • FAILED: Resolver either couldn't create or couldn't delete the query logging association.

          Possible values include:
          • "CREATING"
          • "ACTIVE"
          • "ACTION_NEEDED"
          • "DELETING"
          • "FAILED"
        • Error — (String)

          If the value of Status is FAILED, the value of Error indicates the cause:

          • DESTINATION_NOT_FOUND: The specified destination (for example, an Amazon S3 bucket) was deleted.

          • ACCESS_DENIED: Permissions don't allow sending logs to the destination.

          If the value of Status is a value other than FAILED, Error is null.

          Possible values include:
          • "NONE"
          • "DESTINATION_NOT_FOUND"
          • "ACCESS_DENIED"
          • "INTERNAL_SERVICE_ERROR"
        • ErrorMessage — (String)

          Contains additional information about the error. If the value or Error is null, the value of ErrorMessage also is null.

        • CreationTime — (String)

          The date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

disassociateResolverRule(params = {}, callback) ⇒ AWS.Request

Removes the association between a specified Resolver rule and a specified VPC.

If you disassociate a Resolver rule from a VPC, Resolver stops forwarding DNS queries for the domain name that you specified in the Resolver rule.

Service Reference:

Examples:

Calling the disassociateResolverRule operation

var params = {
  ResolverRuleId: 'STRING_VALUE', /* required */
  VPCId: 'STRING_VALUE' /* required */
};
route53resolver.disassociateResolverRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • VPCId — (String)

      The ID of the VPC that you want to disassociate the Resolver rule from.

    • ResolverRuleId — (String)

      The ID of the Resolver rule that you want to disassociate from the specified VPC.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverRuleAssociation — (map)

        Information about the DisassociateResolverRule request, including the status of the request.

        • Id — (String)

          The ID of the association between a Resolver rule and a VPC. Resolver assigns this value when you submit an AssociateResolverRule request.

        • ResolverRuleId — (String)

          The ID of the Resolver rule that you associated with the VPC that is specified by VPCId.

        • Name — (String)

          The name of an association between a Resolver rule and a VPC.

        • VPCId — (String)

          The ID of the VPC that you associated the Resolver rule with.

        • Status — (String)

          A code that specifies the current status of the association between a Resolver rule and a VPC.

          Possible values include:
          • "CREATING"
          • "COMPLETE"
          • "DELETING"
          • "FAILED"
          • "OVERRIDDEN"
        • StatusMessage — (String)

          A detailed description of the status of the association between a Resolver rule and a VPC.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getFirewallConfig(params = {}, callback) ⇒ AWS.Request

Retrieves the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC).

Service Reference:

Examples:

Calling the getFirewallConfig operation

var params = {
  ResourceId: 'STRING_VALUE' /* required */
};
route53resolver.getFirewallConfig(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResourceId — (String)

      The ID of the VPC from Amazon VPC that the configuration is for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallConfig — (map)

        Configuration of the firewall behavior provided by DNS Firewall for a single VPC from AmazonVPC.

        • Id — (String)

          The ID of the firewall configuration.

        • ResourceId — (String)

          The ID of the VPC that this firewall configuration applies to.

        • OwnerId — (String)

          The Amazon Web Services account ID of the owner of the VPC that this firewall configuration applies to.

        • FirewallFailOpen — (String)

          Determines how DNS Firewall operates during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply.

          • By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall returns a failure error when it is unable to properly evaluate a query.

          • If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them.

          This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association.

          Possible values include:
          • "ENABLED"
          • "DISABLED"
          • "USE_LOCAL_RESOURCE_SETTING"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getFirewallDomainList(params = {}, callback) ⇒ AWS.Request

Retrieves the specified firewall domain list.

Service Reference:

Examples:

Calling the getFirewallDomainList operation

var params = {
  FirewallDomainListId: 'STRING_VALUE' /* required */
};
route53resolver.getFirewallDomainList(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • FirewallDomainListId — (String)

      The ID of the domain list.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallDomainList — (map)

        The domain list that you requested.

        • Id — (String)

          The ID of the domain list.

        • Arn — (String)

          The Amazon Resource Name (ARN) of the firewall domain list.

        • Name — (String)

          The name of the domain list.

        • DomainCount — (Integer)

          The number of domain names that are specified in the domain list.

        • Status — (String)

          The status of the domain list.

          Possible values include:
          • "COMPLETE"
          • "COMPLETE_IMPORT_FAILED"
          • "IMPORTING"
          • "DELETING"
          • "UPDATING"
        • StatusMessage — (String)

          Additional information about the status of the list, if available.

        • ManagedOwnerName — (String)

          The owner of the list, used only for lists that are not managed by you. For example, the managed domain list AWSManagedDomainsMalwareDomainList has the managed owner name Route 53 Resolver DNS Firewall.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • CreationTime — (String)

          The date and time that the domain list was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the domain list was last modified, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getFirewallRuleGroup(params = {}, callback) ⇒ AWS.Request

Retrieves the specified firewall rule group.

Service Reference:

Examples:

Calling the getFirewallRuleGroup operation

var params = {
  FirewallRuleGroupId: 'STRING_VALUE' /* required */
};
route53resolver.getFirewallRuleGroup(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • FirewallRuleGroupId — (String)

      The unique identifier of the firewall rule group.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallRuleGroup — (map)

        A collection of rules used to filter DNS network traffic.

        • Id — (String)

          The ID of the rule group.

        • Arn — (String)

          The ARN (Amazon Resource Name) of the rule group.

        • Name — (String)

          The name of the rule group.

        • RuleCount — (Integer)

          The number of rules in the rule group.

        • Status — (String)

          The status of the domain list.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
        • StatusMessage — (String)

          Additional information about the status of the rule group, if available.

        • OwnerId — (String)

          The Amazon Web Services account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • ShareStatus — (String)

          Whether the rule group is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM).

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"
        • CreationTime — (String)

          The date and time that the rule group was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the rule group was last modified, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getFirewallRuleGroupAssociation(params = {}, callback) ⇒ AWS.Request

Retrieves a firewall rule group association, which enables DNS filtering for a VPC with one rule group. A VPC can have more than one firewall rule group association, and a rule group can be associated with more than one VPC.

Service Reference:

Examples:

Calling the getFirewallRuleGroupAssociation operation

var params = {
  FirewallRuleGroupAssociationId: 'STRING_VALUE' /* required */
};
route53resolver.getFirewallRuleGroupAssociation(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallRuleGroupAssociation — (map)

        The association that you requested.

        • Id — (String)

          The identifier for the association.

        • Arn — (String)

          The Amazon Resource Name (ARN) of the firewall rule group association.

        • FirewallRuleGroupId — (String)

          The unique identifier of the firewall rule group.

        • VpcId — (String)

          The unique identifier of the VPC that is associated with the rule group.

        • Name — (String)

          The name of the association.

        • Priority — (Integer)

          The setting that determines the processing order of the rule group among the rule groups that are associated with a single VPC. DNS Firewall filters VPC traffic starting from rule group with the lowest numeric priority setting.

        • MutationProtection — (String)

          If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections.

          Possible values include:
          • "ENABLED"
          • "DISABLED"
        • ManagedOwnerName — (String)

          The owner of the association, used only for associations that are not managed by you. If you use Firewall Manager to manage your DNS Firewalls, then this reports Firewall Manager as the managed owner.

        • Status — (String)

          The current status of the association.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
        • StatusMessage — (String)

          Additional information about the status of the response, if available.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • CreationTime — (String)

          The date and time that the association was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the association was last modified, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getFirewallRuleGroupPolicy(params = {}, callback) ⇒ AWS.Request

Returns the Identity and Access Management (Amazon Web Services IAM) policy for sharing the specified rule group. You can use the policy to share the rule group using Resource Access Manager (RAM).

Service Reference:

Examples:

Calling the getFirewallRuleGroupPolicy operation

var params = {
  Arn: 'STRING_VALUE' /* required */
};
route53resolver.getFirewallRuleGroupPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Arn — (String)

      The ARN (Amazon Resource Name) for the rule group.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallRuleGroupPolicy — (String)

        The Identity and Access Management (Amazon Web Services IAM) policy for sharing the specified rule group. You can use the policy to share the rule group using Resource Access Manager (RAM).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getOutpostResolver(params = {}, callback) ⇒ AWS.Request

Gets information about a specified Resolver on the Outpost, such as its instance count and type, name, and the current status of the Resolver.

Service Reference:

Examples:

Calling the getOutpostResolver operation

var params = {
  Id: 'STRING_VALUE' /* required */
};
route53resolver.getOutpostResolver(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Id — (String)

      The ID of the Resolver on the Outpost.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • OutpostResolver — (map)

        Information about the GetOutpostResolver request, including the status of the request.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver on an Outpost.

        • CreationTime — (String)

          The date and time that the Outpost Resolver was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the Outpost Resolver was modified, in Unix time format and Coordinated Universal Time (UTC).

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • Id — (String)

          The ID of the Resolver on Outpost.

        • InstanceCount — (Integer)

          Amazon EC2 instance count for the Resolver on the Outpost.

        • PreferredInstanceType — (String)

          The Amazon EC2 instance type.

        • Name — (String)

          Name of the Resolver.

        • Status — (String)

          Status of the Resolver.

          Possible values include:
          • "CREATING"
          • "OPERATIONAL"
          • "UPDATING"
          • "DELETING"
          • "ACTION_NEEDED"
          • "FAILED_CREATION"
          • "FAILED_DELETION"
        • StatusMessage — (String)

          A detailed description of the Resolver.

        • OutpostArn — (String)

          The ARN (Amazon Resource Name) for the Outpost.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getResolverConfig(params = {}, callback) ⇒ AWS.Request

Retrieves the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud.

Service Reference:

Examples:

Calling the getResolverConfig operation

var params = {
  ResourceId: 'STRING_VALUE' /* required */
};
route53resolver.getResolverConfig(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResourceId — (String)

      Resource ID of the Amazon VPC that you want to get information about.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverConfig — (map)

        Information about the behavior configuration of Route 53 Resolver behavior for the VPC you specified in the GetResolverConfig request.

        • Id — (String)

          ID for the Resolver configuration.

        • ResourceId — (String)

          The ID of the Amazon Virtual Private Cloud VPC that you're configuring Resolver for.

        • OwnerId — (String)

          The owner account ID of the Amazon Virtual Private Cloud VPC.

        • AutodefinedReverse — (String)

          The status of whether or not the Resolver will create autodefined rules for reverse DNS lookups. This is enabled by default. The status can be one of following:

          • ENABLING: Autodefined rules for reverse DNS lookups are being enabled but are not complete.

          • ENABLED: Autodefined rules for reverse DNS lookups are enabled.

          • DISABLING: Autodefined rules for reverse DNS lookups are being disabled but are not complete.

          • DISABLED: Autodefined rules for reverse DNS lookups are disabled.

          Possible values include:
          • "ENABLING"
          • "ENABLED"
          • "DISABLING"
          • "DISABLED"
          • "UPDATING_TO_USE_LOCAL_RESOURCE_SETTING"
          • "USE_LOCAL_RESOURCE_SETTING"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getResolverDnssecConfig(params = {}, callback) ⇒ AWS.Request

Gets DNSSEC validation information for a specified resource.

Service Reference:

Examples:

Calling the getResolverDnssecConfig operation

var params = {
  ResourceId: 'STRING_VALUE' /* required */
};
route53resolver.getResolverDnssecConfig(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResourceId — (String)

      The ID of the virtual private cloud (VPC) for the DNSSEC validation status.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverDNSSECConfig — (map)

        The information about a configuration for DNSSEC validation.

        • Id — (String)

          The ID for a configuration for DNSSEC validation.

        • OwnerId — (String)

          The owner account ID of the virtual private cloud (VPC) for a configuration for DNSSEC validation.

        • ResourceId — (String)

          The ID of the virtual private cloud (VPC) that you're configuring the DNSSEC validation status for.

        • ValidationStatus — (String)

          The validation status for a DNSSEC configuration. The status can be one of the following:

          • ENABLING: DNSSEC validation is being enabled but is not complete.

          • ENABLED: DNSSEC validation is enabled.

          • DISABLING: DNSSEC validation is being disabled but is not complete.

          • DISABLED DNSSEC validation is disabled.

          Possible values include:
          • "ENABLING"
          • "ENABLED"
          • "DISABLING"
          • "DISABLED"
          • "UPDATING_TO_USE_LOCAL_RESOURCE_SETTING"
          • "USE_LOCAL_RESOURCE_SETTING"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getResolverEndpoint(params = {}, callback) ⇒ AWS.Request

Gets information about a specified Resolver endpoint, such as whether it's an inbound or an outbound Resolver endpoint, and the current status of the endpoint.

Service Reference:

Examples:

Calling the getResolverEndpoint operation

var params = {
  ResolverEndpointId: 'STRING_VALUE' /* required */
};
route53resolver.getResolverEndpoint(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverEndpointId — (String)

      The ID of the Resolver endpoint that you want to get information about.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverEndpoint — (map)

        Information about the Resolver endpoint that you specified in a GetResolverEndpoint request.

        • Id — (String)

          The ID of the Resolver endpoint.

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver endpoint.

        • Name — (String)

          The name that you assigned to the Resolver endpoint when you submitted a CreateResolverEndpoint request.

        • SecurityGroupIds — (Array<String>)

          The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

        • Direction — (String)

          Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:

          • INBOUND: allows DNS queries to your VPC from your network

          • OUTBOUND: allows DNS queries from your VPC to your network

          Possible values include:
          • "INBOUND"
          • "OUTBOUND"
        • IpAddressCount — (Integer)

          The number of IP addresses that the Resolver endpoint can use for DNS queries.

        • HostVPCId — (String)

          The ID of the VPC that you want to create the Resolver endpoint in.

        • Status — (String)

          A code that specifies the current status of the Resolver endpoint. Valid values include the following:

          • CREATING: Resolver is creating and configuring one or more Amazon VPC network interfaces for this endpoint.

          • OPERATIONAL: The Amazon VPC network interfaces for this endpoint are correctly configured and able to pass inbound or outbound DNS queries between your network and Resolver.

          • UPDATING: Resolver is associating or disassociating one or more network interfaces with this endpoint.

          • AUTO_RECOVERING: Resolver is trying to recover one or more of the network interfaces that are associated with this endpoint. During the recovery process, the endpoint functions with limited capacity because of the limit on the number of DNS queries per IP address (per network interface). For the current limit, see Limits on Route 53 Resolver.

          • ACTION_NEEDED: This endpoint is unhealthy, and Resolver can't automatically recover it. To resolve the problem, we recommend that you check each IP address that you associated with the endpoint. For each IP address that isn't available, add another IP address and then delete the IP address that isn't available. (An endpoint must always include at least two IP addresses.) A status of ACTION_NEEDED can have a variety of causes. Here are two common causes:

            • One or more of the network interfaces that are associated with the endpoint were deleted using Amazon VPC.

            • The network interface couldn't be created for some reason that's outside the control of Resolver.

          • DELETING: Resolver is deleting this endpoint and the associated network interfaces.

          Possible values include:
          • "CREATING"
          • "OPERATIONAL"
          • "UPDATING"
          • "AUTO_RECOVERING"
          • "ACTION_NEEDED"
          • "DELETING"
        • StatusMessage — (String)

          A detailed description of the status of the Resolver endpoint.

        • CreationTime — (String)

          The date and time that the endpoint was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the endpoint was last modified, in Unix time format and Coordinated Universal Time (UTC).

        • OutpostArn — (String)

          The ARN (Amazon Resource Name) for the Outpost.

        • PreferredInstanceType — (String)

          The Amazon EC2 instance type.

        • ResolverEndpointType — (String)

          The Resolver endpoint IP address type.

          Possible values include:
          • "IPV6"
          • "IPV4"
          • "DUALSTACK"
        • Protocols — (Array<String>)

          Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

          For an inbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 and DoH-FIPS in combination.

          • Do53 alone.

          • DoH alone.

          • DoH-FIPS alone.

          • None, which is treated as Do53.

          For an outbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 alone.

          • DoH alone.

          • None, which is treated as Do53.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getResolverQueryLogConfig(params = {}, callback) ⇒ AWS.Request

Gets information about a specified Resolver query logging configuration, such as the number of VPCs that the configuration is logging queries for and the location that logs are sent to.

Service Reference:

Examples:

Calling the getResolverQueryLogConfig operation

var params = {
  ResolverQueryLogConfigId: 'STRING_VALUE' /* required */
};
route53resolver.getResolverQueryLogConfig(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverQueryLogConfigId — (String)

      The ID of the Resolver query logging configuration that you want to get information about.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverQueryLogConfig — (map)

        Information about the Resolver query logging configuration that you specified in a GetQueryLogConfig request.

        • Id — (String)

          The ID for the query logging configuration.

        • OwnerId — (String)

          The Amazon Web Services account ID for the account that created the query logging configuration.

        • Status — (String)

          The status of the specified query logging configuration. Valid values include the following:

          • CREATING: Resolver is creating the query logging configuration.

          • CREATED: The query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC.

          • DELETING: Resolver is deleting this query logging configuration.

          • FAILED: Resolver can't deliver logs to the location that is specified in the query logging configuration. Here are two common causes:

            • The specified destination (for example, an Amazon S3 bucket) was deleted.

            • Permissions don't allow sending logs to the destination.

          Possible values include:
          • "CREATING"
          • "CREATED"
          • "DELETING"
          • "FAILED"
        • ShareStatus — (String)

          An indication of whether the query logging configuration is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM).

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"
        • AssociationCount — (Integer)

          The number of VPCs that are associated with the query logging configuration.

        • Arn — (String)

          The ARN for the query logging configuration.

        • Name — (String)

          The name of the query logging configuration.

        • DestinationArn — (String)

          The ARN of the resource that you want Resolver to send query logs: an Amazon S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the query logging configuration. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • CreationTime — (String)

          The date and time that the query logging configuration was created, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getResolverQueryLogConfigAssociation(params = {}, callback) ⇒ AWS.Request

Gets information about a specified association between a Resolver query logging configuration and an Amazon VPC. When you associate a VPC with a query logging configuration, Resolver logs DNS queries that originate in that VPC.

Examples:

Calling the getResolverQueryLogConfigAssociation operation

var params = {
  ResolverQueryLogConfigAssociationId: 'STRING_VALUE' /* required */
};
route53resolver.getResolverQueryLogConfigAssociation(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverQueryLogConfigAssociationId — (String)

      The ID of the Resolver query logging configuration association that you want to get information about.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverQueryLogConfigAssociation — (map)

        Information about the Resolver query logging configuration association that you specified in a GetQueryLogConfigAssociation request.

        • Id — (String)

          The ID of the query logging association.

        • ResolverQueryLogConfigId — (String)

          The ID of the query logging configuration that a VPC is associated with.

        • ResourceId — (String)

          The ID of the Amazon VPC that is associated with the query logging configuration.

        • Status — (String)

          The status of the specified query logging association. Valid values include the following:

          • CREATING: Resolver is creating an association between an Amazon VPC and a query logging configuration.

          • CREATED: The association between an Amazon VPC and a query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC.

          • DELETING: Resolver is deleting this query logging association.

          • FAILED: Resolver either couldn't create or couldn't delete the query logging association.

          Possible values include:
          • "CREATING"
          • "ACTIVE"
          • "ACTION_NEEDED"
          • "DELETING"
          • "FAILED"
        • Error — (String)

          If the value of Status is FAILED, the value of Error indicates the cause:

          • DESTINATION_NOT_FOUND: The specified destination (for example, an Amazon S3 bucket) was deleted.

          • ACCESS_DENIED: Permissions don't allow sending logs to the destination.

          If the value of Status is a value other than FAILED, Error is null.

          Possible values include:
          • "NONE"
          • "DESTINATION_NOT_FOUND"
          • "ACCESS_DENIED"
          • "INTERNAL_SERVICE_ERROR"
        • ErrorMessage — (String)

          Contains additional information about the error. If the value or Error is null, the value of ErrorMessage also is null.

        • CreationTime — (String)

          The date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getResolverQueryLogConfigPolicy(params = {}, callback) ⇒ AWS.Request

Gets information about a query logging policy. A query logging policy specifies the Resolver query logging operations and resources that you want to allow another Amazon Web Services account to be able to use.

Service Reference:

Examples:

Calling the getResolverQueryLogConfigPolicy operation

var params = {
  Arn: 'STRING_VALUE' /* required */
};
route53resolver.getResolverQueryLogConfigPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Arn — (String)

      The ARN of the query logging configuration that you want to get the query logging policy for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverQueryLogConfigPolicy — (String)

        Information about the query logging policy for the query logging configuration that you specified in a GetResolverQueryLogConfigPolicy request.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getResolverRule(params = {}, callback) ⇒ AWS.Request

Gets information about a specified Resolver rule, such as the domain name that the rule forwards DNS queries for and the ID of the outbound Resolver endpoint that the rule is associated with.

Service Reference:

Examples:

Calling the getResolverRule operation

var params = {
  ResolverRuleId: 'STRING_VALUE' /* required */
};
route53resolver.getResolverRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverRuleId — (String)

      The ID of the Resolver rule that you want to get information about.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverRule — (map)

        Information about the Resolver rule that you specified in a GetResolverRule request.

        • Id — (String)

          The ID that Resolver assigned to the Resolver rule when you created it.

        • CreatorRequestId — (String)

          A unique string that you specified when you created the Resolver rule. CreatorRequestId identifies the request and allows failed requests to be retried without the risk of running the operation twice.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver rule specified by Id.

        • DomainName — (String)

          DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps. If a query matches multiple Resolver rules (example.com and www.example.com), the query is routed using the Resolver rule that contains the most specific domain name (www.example.com).

        • Status — (String)

          A code that specifies the current status of the Resolver rule.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
          • "FAILED"
        • StatusMessage — (String)

          A detailed description of the status of a Resolver rule.

        • RuleType — (String)

          When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD.

          When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.

          For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType.

          Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType.

          Possible values include:
          • "FORWARD"
          • "SYSTEM"
          • "RECURSIVE"
        • Name — (String)

          The name for the Resolver rule, which you specified when you created the Resolver rule.

        • TargetIps — (Array<map>)

          An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network.

          • Ip — (String)

            One IPv4 address that you want to forward DNS queries to.

          • Port — (Integer)

            The port at Ip that you want to forward DNS queries to.

          • Ipv6 — (String)

            One IPv6 address that you want to forward DNS queries to.

          • Protocol — (String)

            The protocols for the Resolver endpoints. DoH-FIPS is applicable for inbound endpoints only.

            For an inbound endpoint you can apply the protocols as follows:

            • Do53 and DoH in combination.

            • Do53 and DoH-FIPS in combination.

            • Do53 alone.

            • DoH alone.

            • DoH-FIPS alone.

            • None, which is treated as Do53.

            For an outbound endpoint you can apply the protocols as follows:

            • Do53 and DoH in combination.

            • Do53 alone.

            • DoH alone.

            • None, which is treated as Do53.

            Possible values include:
            • "DoH"
            • "Do53"
            • "DoH-FIPS"
        • ResolverEndpointId — (String)

          The ID of the endpoint that the rule is associated with.

        • OwnerId — (String)

          When a rule is shared with another Amazon Web Services account, the account ID of the account that the rule is shared with.

        • ShareStatus — (String)

          Whether the rule is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account.

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"
        • CreationTime — (String)

          The date and time that the Resolver rule was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the Resolver rule was last updated, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getResolverRuleAssociation(params = {}, callback) ⇒ AWS.Request

Gets information about an association between a specified Resolver rule and a VPC. You associate a Resolver rule and a VPC using AssociateResolverRule.

Service Reference:

Examples:

Calling the getResolverRuleAssociation operation

var params = {
  ResolverRuleAssociationId: 'STRING_VALUE' /* required */
};
route53resolver.getResolverRuleAssociation(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverRuleAssociationId — (String)

      The ID of the Resolver rule association that you want to get information about.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverRuleAssociation — (map)

        Information about the Resolver rule association that you specified in a GetResolverRuleAssociation request.

        • Id — (String)

          The ID of the association between a Resolver rule and a VPC. Resolver assigns this value when you submit an AssociateResolverRule request.

        • ResolverRuleId — (String)

          The ID of the Resolver rule that you associated with the VPC that is specified by VPCId.

        • Name — (String)

          The name of an association between a Resolver rule and a VPC.

        • VPCId — (String)

          The ID of the VPC that you associated the Resolver rule with.

        • Status — (String)

          A code that specifies the current status of the association between a Resolver rule and a VPC.

          Possible values include:
          • "CREATING"
          • "COMPLETE"
          • "DELETING"
          • "FAILED"
          • "OVERRIDDEN"
        • StatusMessage — (String)

          A detailed description of the status of the association between a Resolver rule and a VPC.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getResolverRulePolicy(params = {}, callback) ⇒ AWS.Request

Gets information about the Resolver rule policy for a specified rule. A Resolver rule policy includes the rule that you want to share with another account, the account that you want to share the rule with, and the Resolver operations that you want to allow the account to use.

Service Reference:

Examples:

Calling the getResolverRulePolicy operation

var params = {
  Arn: 'STRING_VALUE' /* required */
};
route53resolver.getResolverRulePolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Arn — (String)

      The ID of the Resolver rule that you want to get the Resolver rule policy for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverRulePolicy — (String)

        The Resolver rule policy for the rule that you specified in a GetResolverRulePolicy request.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

importFirewallDomains(params = {}, callback) ⇒ AWS.Request

Imports domain names from a file into a domain list, for use in a DNS firewall rule group.

Each domain specification in your domain list must satisfy the following requirements:

  • It can optionally start with * (asterisk).

  • With the exception of the optional starting asterisk, it must only contain the following characters: A-Z, a-z, 0-9, - (hyphen).

  • It must be from 1-255 characters in length.

Service Reference:

Examples:

Calling the importFirewallDomains operation

var params = {
  DomainFileUrl: 'STRING_VALUE', /* required */
  FirewallDomainListId: 'STRING_VALUE', /* required */
  Operation: REPLACE /* required */
};
route53resolver.importFirewallDomains(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • FirewallDomainListId — (String)

      The ID of the domain list that you want to modify with the import operation.

    • Operation — (String)

      What you want DNS Firewall to do with the domains that are listed in the file. This must be set to REPLACE, which updates the domain list to exactly match the list in the file.

      Possible values include:
      • "REPLACE"
    • DomainFileUrl — (String)

      The fully qualified URL or URI of the file stored in Amazon Simple Storage Service (Amazon S3) that contains the list of domains to import.

      The file must be in an S3 bucket that's in the same Region as your DNS Firewall. The file must be a text file and must contain a single domain per line.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Id — (String)

        The Id of the firewall domain list that DNS Firewall just updated.

      • Name — (String)

        The name of the domain list.

      • Status — (String)

        Status of the import request.

        Possible values include:
        • "COMPLETE"
        • "COMPLETE_IMPORT_FAILED"
        • "IMPORTING"
        • "DELETING"
        • "UPDATING"
      • StatusMessage — (String)

        Additional information about the status of the list, if available.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listFirewallConfigs(params = {}, callback) ⇒ AWS.Request

Retrieves the firewall configurations that you have defined. DNS Firewall uses the configurations to manage firewall behavior for your VPCs.

A single call might return only a partial list of the configurations. For information, see MaxResults.

Service Reference:

Examples:

Calling the listFirewallConfigs operation

var params = {
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
route53resolver.listFirewallConfigs(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • MaxResults — (Integer)

      The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

      If you don't specify a value for MaxResults, Resolver returns up to 100 objects.

    • NextToken — (String)

      For the first call to this list request, omit this value.

      When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.

      • FirewallConfigs — (Array<map>)

        The configurations for the firewall behavior provided by DNS Firewall for VPCs from Amazon Virtual Private Cloud (Amazon VPC).

        • Id — (String)

          The ID of the firewall configuration.

        • ResourceId — (String)

          The ID of the VPC that this firewall configuration applies to.

        • OwnerId — (String)

          The Amazon Web Services account ID of the owner of the VPC that this firewall configuration applies to.

        • FirewallFailOpen — (String)

          Determines how DNS Firewall operates during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply.

          • By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall returns a failure error when it is unable to properly evaluate a query.

          • If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them.

          This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association.

          Possible values include:
          • "ENABLED"
          • "DISABLED"
          • "USE_LOCAL_RESOURCE_SETTING"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listFirewallDomainLists(params = {}, callback) ⇒ AWS.Request

Retrieves the firewall domain lists that you have defined. For each firewall domain list, you can retrieve the domains that are defined for a list by calling ListFirewallDomains.

A single call to this list operation might return only a partial list of the domain lists. For information, see MaxResults.

Service Reference:

Examples:

Calling the listFirewallDomainLists operation

var params = {
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
route53resolver.listFirewallDomainLists(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • MaxResults — (Integer)

      The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

      If you don't specify a value for MaxResults, Resolver returns up to 100 objects.

    • NextToken — (String)

      For the first call to this list request, omit this value.

      When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.

      • FirewallDomainLists — (Array<map>)

        A list of the domain lists that you have defined.

        This might be a partial list of the domain lists that you've defined. For information, see MaxResults.

        • Id — (String)

          The ID of the domain list.

        • Arn — (String)

          The Amazon Resource Name (ARN) of the firewall domain list metadata.

        • Name — (String)

          The name of the domain list.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • ManagedOwnerName — (String)

          The owner of the list, used only for lists that are not managed by you. For example, the managed domain list AWSManagedDomainsMalwareDomainList has the managed owner name Route 53 Resolver DNS Firewall.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listFirewallDomains(params = {}, callback) ⇒ AWS.Request

Retrieves the domains that you have defined for the specified firewall domain list.

A single call might return only a partial list of the domains. For information, see MaxResults.

Service Reference:

Examples:

Calling the listFirewallDomains operation

var params = {
  FirewallDomainListId: 'STRING_VALUE', /* required */
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
route53resolver.listFirewallDomains(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • FirewallDomainListId — (String)

      The ID of the domain list whose domains you want to retrieve.

    • MaxResults — (Integer)

      The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

      If you don't specify a value for MaxResults, Resolver returns up to 100 objects.

    • NextToken — (String)

      For the first call to this list request, omit this value.

      When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.

      • Domains — (Array<String>)

        A list of the domains in the firewall domain list.

        This might be a partial list of the domains that you've defined in the domain list. For information, see MaxResults.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listFirewallRuleGroupAssociations(params = {}, callback) ⇒ AWS.Request

Retrieves the firewall rule group associations that you have defined. Each association enables DNS filtering for a VPC with one rule group.

A single call might return only a partial list of the associations. For information, see MaxResults.

Examples:

Calling the listFirewallRuleGroupAssociations operation

var params = {
  FirewallRuleGroupId: 'STRING_VALUE',
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE',
  Priority: 'NUMBER_VALUE',
  Status: COMPLETE | DELETING | UPDATING,
  VpcId: 'STRING_VALUE'
};
route53resolver.listFirewallRuleGroupAssociations(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • FirewallRuleGroupId — (String)

      The unique identifier of the firewall rule group that you want to retrieve the associations for. Leave this blank to retrieve associations for any rule group.

    • VpcId — (String)

      The unique identifier of the VPC that you want to retrieve the associations for. Leave this blank to retrieve associations for any VPC.

    • Priority — (Integer)

      The setting that determines the processing order of the rule group among the rule groups that are associated with a single VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting.

    • Status — (String)

      The association Status setting that you want DNS Firewall to filter on for the list. If you don't specify this, then DNS Firewall returns all associations, regardless of status.

      Possible values include:
      • "COMPLETE"
      • "DELETING"
      • "UPDATING"
    • MaxResults — (Integer)

      The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

      If you don't specify a value for MaxResults, Resolver returns up to 100 objects.

    • NextToken — (String)

      For the first call to this list request, omit this value.

      When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.

      • FirewallRuleGroupAssociations — (Array<map>)

        A list of your firewall rule group associations.

        This might be a partial list of the associations that you have defined. For information, see MaxResults.

        • Id — (String)

          The identifier for the association.

        • Arn — (String)

          The Amazon Resource Name (ARN) of the firewall rule group association.

        • FirewallRuleGroupId — (String)

          The unique identifier of the firewall rule group.

        • VpcId — (String)

          The unique identifier of the VPC that is associated with the rule group.

        • Name — (String)

          The name of the association.

        • Priority — (Integer)

          The setting that determines the processing order of the rule group among the rule groups that are associated with a single VPC. DNS Firewall filters VPC traffic starting from rule group with the lowest numeric priority setting.

        • MutationProtection — (String)

          If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections.

          Possible values include:
          • "ENABLED"
          • "DISABLED"
        • ManagedOwnerName — (String)

          The owner of the association, used only for associations that are not managed by you. If you use Firewall Manager to manage your DNS Firewalls, then this reports Firewall Manager as the managed owner.

        • Status — (String)

          The current status of the association.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
        • StatusMessage — (String)

          Additional information about the status of the response, if available.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • CreationTime — (String)

          The date and time that the association was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the association was last modified, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listFirewallRuleGroups(params = {}, callback) ⇒ AWS.Request

Retrieves the minimal high-level information for the rule groups that you have defined.

A single call might return only a partial list of the rule groups. For information, see MaxResults.

Service Reference:

Examples:

Calling the listFirewallRuleGroups operation

var params = {
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
route53resolver.listFirewallRuleGroups(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • MaxResults — (Integer)

      The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

      If you don't specify a value for MaxResults, Resolver returns up to 100 objects.

    • NextToken — (String)

      For the first call to this list request, omit this value.

      When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.

      • FirewallRuleGroups — (Array<map>)

        A list of your firewall rule groups.

        This might be a partial list of the rule groups that you have defined. For information, see MaxResults.

        • Id — (String)

          The ID of the rule group.

        • Arn — (String)

          The ARN (Amazon Resource Name) of the rule group.

        • Name — (String)

          The name of the rule group.

        • OwnerId — (String)

          The Amazon Web Services account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • ShareStatus — (String)

          Whether the rule group is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM).

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listFirewallRules(params = {}, callback) ⇒ AWS.Request

Retrieves the firewall rules that you have defined for the specified firewall rule group. DNS Firewall uses the rules in a rule group to filter DNS network traffic for a VPC.

A single call might return only a partial list of the rules. For information, see MaxResults.

Service Reference:

Examples:

Calling the listFirewallRules operation

var params = {
  FirewallRuleGroupId: 'STRING_VALUE', /* required */
  Action: ALLOW | BLOCK | ALERT,
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE',
  Priority: 'NUMBER_VALUE'
};
route53resolver.listFirewallRules(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • FirewallRuleGroupId — (String)

      The unique identifier of the firewall rule group that you want to retrieve the rules for.

    • Priority — (Integer)

      Optional additional filter for the rules to retrieve.

      The setting that determines the processing order of the rules in a rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.

    • Action — (String)

      Optional additional filter for the rules to retrieve.

      The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:

      • ALLOW - Permit the request to go through.

      • ALERT - Permit the request to go through but send an alert to the logs.

      • BLOCK - Disallow the request. If this is specified, additional handling details are provided in the rule's BlockResponse setting.

      Possible values include:
      • "ALLOW"
      • "BLOCK"
      • "ALERT"
    • MaxResults — (Integer)

      The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

      If you don't specify a value for MaxResults, Resolver returns up to 100 objects.

    • NextToken — (String)

      For the first call to this list request, omit this value.

      When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.

      • FirewallRules — (Array<map>)

        A list of the rules that you have defined.

        This might be a partial list of the firewall rules that you've defined. For information, see MaxResults.

        • FirewallRuleGroupId — (String)

          The unique identifier of the firewall rule group of the rule.

        • FirewallDomainListId — (String)

          The ID of the domain list that's used in the rule.

        • Name — (String)

          The name of the rule.

        • Priority — (Integer)

          The priority of the rule in the rule group. This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.

        • Action — (String)

          The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:

          • ALLOW - Permit the request to go through.

          • ALERT - Permit the request to go through but send an alert to the logs.

          • BLOCK - Disallow the request. If this is specified, additional handling details are provided in the rule's BlockResponse setting.

          Possible values include:
          • "ALLOW"
          • "BLOCK"
          • "ALERT"
        • BlockResponse — (String)

          The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK.

          • NODATA - Respond indicating that the query was successful, but no response is available for it.

          • NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.

          • OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.

          Possible values include:
          • "NODATA"
          • "NXDOMAIN"
          • "OVERRIDE"
        • BlockOverrideDomain — (String)

          The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

        • BlockOverrideDnsType — (String)

          The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

          Possible values include:
          • "CNAME"
        • BlockOverrideTtl — (Integer)

          The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.

        • CreationTime — (String)

          The date and time that the rule was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC).

        • Qtype — (String)

          The DNS query type you want the rule to evaluate. Allowed values are;

          • A: Returns an IPv4 address.

          • AAAA: Returns an Ipv6 address.

          • CAA: Restricts CAs that can create SSL/TLS certifications for the domain.

          • CNAME: Returns another domain name.

          • DS: Record that identifies the DNSSEC signing key of a delegated zone.

          • MX: Specifies mail servers.

          • NAPTR: Regular-expression-based rewriting of domain names.

          • NS: Authoritative name servers.

          • PTR: Maps an IP address to a domain name.

          • SOA: Start of authority record for the zone.

          • SPF: Lists the servers authorized to send emails from a domain.

          • SRV: Application specific values that identify servers.

          • TXT: Verifies email senders and application-specific values.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listOutpostResolvers(params = {}, callback) ⇒ AWS.Request

Lists all the Resolvers on Outposts that were created using the current Amazon Web Services account.

Service Reference:

Examples:

Calling the listOutpostResolvers operation

var params = {
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE',
  OutpostArn: 'STRING_VALUE'
};
route53resolver.listOutpostResolvers(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • OutpostArn — (String)

      The Amazon Resource Name (ARN) of the Outpost.

    • MaxResults — (Integer)

      The maximum number of Resolvers on the Outpost that you want to return in the response to a ListOutpostResolver request. If you don't specify a value for MaxResults, the request returns up to 100 Resolvers.

    • NextToken — (String)

      For the first ListOutpostResolver request, omit this value.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • OutpostResolvers — (Array<map>)

        The Resolvers on Outposts that were created by using the current Amazon Web Services account, and that match the specified filters, if any.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver on an Outpost.

        • CreationTime — (String)

          The date and time that the Outpost Resolver was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the Outpost Resolver was modified, in Unix time format and Coordinated Universal Time (UTC).

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • Id — (String)

          The ID of the Resolver on Outpost.

        • InstanceCount — (Integer)

          Amazon EC2 instance count for the Resolver on the Outpost.

        • PreferredInstanceType — (String)

          The Amazon EC2 instance type.

        • Name — (String)

          Name of the Resolver.

        • Status — (String)

          Status of the Resolver.

          Possible values include:
          • "CREATING"
          • "OPERATIONAL"
          • "UPDATING"
          • "DELETING"
          • "ACTION_NEEDED"
          • "FAILED_CREATION"
          • "FAILED_DELETION"
        • StatusMessage — (String)

          A detailed description of the Resolver.

        • OutpostArn — (String)

          The ARN (Amazon Resource Name) for the Outpost.

      • NextToken — (String)

        If more than MaxResults Resolvers match the specified criteria, you can submit another ListOutpostResolver request to get the next group of results. In the next request, specify the value of NextToken from the previous response.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listResolverConfigs(params = {}, callback) ⇒ AWS.Request

Retrieves the Resolver configurations that you have defined. Route 53 Resolver uses the configurations to manage DNS resolution behavior for your VPCs.

Service Reference:

Examples:

Calling the listResolverConfigs operation

var params = {
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
route53resolver.listResolverConfigs(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • MaxResults — (Integer)

      The maximum number of Resolver configurations that you want to return in the response to a ListResolverConfigs request. If you don't specify a value for MaxResults, up to 100 Resolver configurations are returned.

    • NextToken — (String)

      (Optional) If the current Amazon Web Services account has more than MaxResults Resolver configurations, use NextToken to get the second and subsequent pages of results.

      For the first ListResolverConfigs request, omit this value.

      For the second and subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If a response includes the last of the Resolver configurations that are associated with the current Amazon Web Services account, NextToken doesn't appear in the response.

        If a response doesn't include the last of the configurations, you can get more configurations by submitting another ListResolverConfigs request. Get the value of NextToken that Amazon Route 53 returned in the previous response and include it in NextToken in the next request.

      • ResolverConfigs — (Array<map>)

        An array that contains one ResolverConfigs element for each Resolver configuration that is associated with the current Amazon Web Services account.

        • Id — (String)

          ID for the Resolver configuration.

        • ResourceId — (String)

          The ID of the Amazon Virtual Private Cloud VPC that you're configuring Resolver for.

        • OwnerId — (String)

          The owner account ID of the Amazon Virtual Private Cloud VPC.

        • AutodefinedReverse — (String)

          The status of whether or not the Resolver will create autodefined rules for reverse DNS lookups. This is enabled by default. The status can be one of following:

          • ENABLING: Autodefined rules for reverse DNS lookups are being enabled but are not complete.

          • ENABLED: Autodefined rules for reverse DNS lookups are enabled.

          • DISABLING: Autodefined rules for reverse DNS lookups are being disabled but are not complete.

          • DISABLED: Autodefined rules for reverse DNS lookups are disabled.

          Possible values include:
          • "ENABLING"
          • "ENABLED"
          • "DISABLING"
          • "DISABLED"
          • "UPDATING_TO_USE_LOCAL_RESOURCE_SETTING"
          • "USE_LOCAL_RESOURCE_SETTING"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listResolverDnssecConfigs(params = {}, callback) ⇒ AWS.Request

Lists the configurations for DNSSEC validation that are associated with the current Amazon Web Services account.

Service Reference:

Examples:

Calling the listResolverDnssecConfigs operation

var params = {
  Filters: [
    {
      Name: 'STRING_VALUE',
      Values: [
        'STRING_VALUE',
        /* more items */
      ]
    },
    /* more items */
  ],
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
route53resolver.listResolverDnssecConfigs(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • MaxResults — (Integer)

      Optional: An integer that specifies the maximum number of DNSSEC configuration results that you want Amazon Route 53 to return. If you don't specify a value for MaxResults, Route 53 returns up to 100 configuration per page.

    • NextToken — (String)

      (Optional) If the current Amazon Web Services account has more than MaxResults DNSSEC configurations, use NextToken to get the second and subsequent pages of results.

      For the first ListResolverDnssecConfigs request, omit this value.

      For the second and subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request.

    • Filters — (Array<map>)

      An optional specification to return a subset of objects.

      • Name — (String)

        The name of the parameter that you want to use to filter objects.

        The valid values for Name depend on the action that you're including the filter in, ListResolverEndpoints, ListResolverRules, ListResolverRuleAssociations, ListResolverQueryLogConfigs, or ListResolverQueryLogConfigAssociations.

        Note: In early versions of Resolver, values for Name were listed as uppercase, with underscore (_) delimiters. For example, CreatorRequestId was originally listed as CREATOR_REQUEST_ID. Uppercase values for Name are still supported.

        ListResolverEndpoints

        Valid values for Name include the following:

        • CreatorRequestId: The value that you specified when you created the Resolver endpoint.

        • Direction: Whether you want to return inbound or outbound Resolver endpoints. If you specify DIRECTION for Name, specify INBOUND or OUTBOUND for Values.

        • HostVPCId: The ID of the VPC that inbound DNS queries pass through on the way from your network to your VPCs in a region, or the VPC that outbound queries pass through on the way from your VPCs to your network. In a CreateResolverEndpoint request, SubnetId indirectly identifies the VPC. In a GetResolverEndpoint request, the VPC ID for a Resolver endpoint is returned in the HostVPCId element.

        • IpAddressCount: The number of IP addresses that you have associated with the Resolver endpoint.

        • Name: The name of the Resolver endpoint.

        • SecurityGroupIds: The IDs of the VPC security groups that you specified when you created the Resolver endpoint.

        • Status: The status of the Resolver endpoint. If you specify Status for Name, specify one of the following status codes for Values: CREATING, OPERATIONAL, UPDATING, AUTO_RECOVERING, ACTION_NEEDED, or DELETING. For more information, see Status in ResolverEndpoint.

        ListResolverRules

        Valid values for Name include the following:

        • CreatorRequestId: The value that you specified when you created the Resolver rule.

        • DomainName: The domain name for which Resolver is forwarding DNS queries to your network. In the value that you specify for Values, include a trailing dot (.) after the domain name. For example, if the domain name is example.com, specify the following value. Note the "." after com:

          example.com.

        • Name: The name of the Resolver rule.

        • ResolverEndpointId: The ID of the Resolver endpoint that the Resolver rule is associated with.

          Note: You can filter on the Resolver endpoint only for rules that have a value of FORWARD for RuleType.
        • Status: The status of the Resolver rule. If you specify Status for Name, specify one of the following status codes for Values: COMPLETE, DELETING, UPDATING, or FAILED.

        • Type: The type of the Resolver rule. If you specify TYPE for Name, specify FORWARD or SYSTEM for Values.

        ListResolverRuleAssociations

        Valid values for Name include the following:

        • Name: The name of the Resolver rule association.

        • ResolverRuleId: The ID of the Resolver rule that is associated with one or more VPCs.

        • Status: The status of the Resolver rule association. If you specify Status for Name, specify one of the following status codes for Values: CREATING, COMPLETE, DELETING, or FAILED.

        • VPCId: The ID of the VPC that the Resolver rule is associated with.

        ListResolverQueryLogConfigs

        Valid values for Name include the following:

        • Arn: The ARN for the query logging configuration.

        • AssociationCount: The number of VPCs that are associated with the query logging configuration.

        • CreationTime: The date and time that the query logging configuration was created, in Unix time format and Coordinated Universal Time (UTC).

        • CreatorRequestId: A unique string that identifies the request that created the query logging configuration.

        • Destination: The Amazon Web Services service that you want to forward query logs to. Valid values include the following:

          • S3

          • CloudWatchLogs

          • KinesisFirehose

        • DestinationArn: The ARN of the location that Resolver is sending query logs to. This value can be the ARN for an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.

        • Id: The ID of the query logging configuration

        • Name: The name of the query logging configuration

        • OwnerId: The Amazon Web Services account ID for the account that created the query logging configuration.

        • ShareStatus: An indication of whether the query logging configuration is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Valid values include: NOT_SHARED, SHARED_WITH_ME, or SHARED_BY_ME.

        • Status: The status of the query logging configuration. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status.

        ListResolverQueryLogConfigAssociations

        Valid values for Name include the following:

        • CreationTime: The date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC).

        • Error: If the value of Status is FAILED, specify the cause: DESTINATION_NOT_FOUND or ACCESS_DENIED.

        • Id: The ID of the query logging association.

        • ResolverQueryLogConfigId: The ID of the query logging configuration that a VPC is associated with.

        • ResourceId: The ID of the Amazon VPC that is associated with the query logging configuration.

        • Status: The status of the query logging association. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status.

      • Values — (Array<String>)

        When you're using a List operation and you want the operation to return a subset of objects, such as Resolver endpoints or Resolver rules, the value of the parameter that you want to use to filter objects. For example, to list only inbound Resolver endpoints, specify Direction for Name and specify INBOUND for Values.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If a response includes the last of the DNSSEC configurations that are associated with the current Amazon Web Services account, NextToken doesn't appear in the response.

        If a response doesn't include the last of the configurations, you can get more configurations by submitting another ListResolverDnssecConfigs request. Get the value of NextToken that Amazon Route 53 returned in the previous response and include it in NextToken in the next request.

      • ResolverDnssecConfigs — (Array<map>)

        An array that contains one ResolverDnssecConfig element for each configuration for DNSSEC validation that is associated with the current Amazon Web Services account. It doesn't contain disabled DNSSEC configurations for the resource.

        • Id — (String)

          The ID for a configuration for DNSSEC validation.

        • OwnerId — (String)

          The owner account ID of the virtual private cloud (VPC) for a configuration for DNSSEC validation.

        • ResourceId — (String)

          The ID of the virtual private cloud (VPC) that you're configuring the DNSSEC validation status for.

        • ValidationStatus — (String)

          The validation status for a DNSSEC configuration. The status can be one of the following:

          • ENABLING: DNSSEC validation is being enabled but is not complete.

          • ENABLED: DNSSEC validation is enabled.

          • DISABLING: DNSSEC validation is being disabled but is not complete.

          • DISABLED DNSSEC validation is disabled.

          Possible values include:
          • "ENABLING"
          • "ENABLED"
          • "DISABLING"
          • "DISABLED"
          • "UPDATING_TO_USE_LOCAL_RESOURCE_SETTING"
          • "USE_LOCAL_RESOURCE_SETTING"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listResolverEndpointIpAddresses(params = {}, callback) ⇒ AWS.Request

Gets the IP addresses for a specified Resolver endpoint.

Service Reference:

Examples:

Calling the listResolverEndpointIpAddresses operation

var params = {
  ResolverEndpointId: 'STRING_VALUE', /* required */
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
route53resolver.listResolverEndpointIpAddresses(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverEndpointId — (String)

      The ID of the Resolver endpoint that you want to get IP addresses for.

    • MaxResults — (Integer)

      The maximum number of IP addresses that you want to return in the response to a ListResolverEndpointIpAddresses request. If you don't specify a value for MaxResults, Resolver returns up to 100 IP addresses.

    • NextToken — (String)

      For the first ListResolverEndpointIpAddresses request, omit this value.

      If the specified Resolver endpoint has more than MaxResults IP addresses, you can submit another ListResolverEndpointIpAddresses request to get the next group of IP addresses. In the next request, specify the value of NextToken from the previous response.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If the specified endpoint has more than MaxResults IP addresses, you can submit another ListResolverEndpointIpAddresses request to get the next group of IP addresses. In the next request, specify the value of NextToken from the previous response.

      • MaxResults — (Integer)

        The value that you specified for MaxResults in the request.

      • IpAddresses — (Array<map>)

        Information about the IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints).

        • IpId — (String)

          The ID of one IP address.

        • SubnetId — (String)

          The ID of one subnet.

        • Ip — (String)

          One IPv4 address that the Resolver endpoint uses for DNS queries.

        • Ipv6 — (String)

          One IPv6 address that the Resolver endpoint uses for DNS queries.

        • Status — (String)

          A status code that gives the current status of the request.

          Possible values include:
          • "CREATING"
          • "FAILED_CREATION"
          • "ATTACHING"
          • "ATTACHED"
          • "REMAP_DETACHING"
          • "REMAP_ATTACHING"
          • "DETACHING"
          • "FAILED_RESOURCE_GONE"
          • "DELETING"
          • "DELETE_FAILED_FAS_EXPIRED"
          • "UPDATING"
          • "UPDATE_FAILED"
        • StatusMessage — (String)

          A message that provides additional information about the status of the request.

        • CreationTime — (String)

          The date and time that the IP address was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the IP address was last modified, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listResolverEndpoints(params = {}, callback) ⇒ AWS.Request

Lists all the Resolver endpoints that were created using the current Amazon Web Services account.

Service Reference:

Examples:

Calling the listResolverEndpoints operation

var params = {
  Filters: [
    {
      Name: 'STRING_VALUE',
      Values: [
        'STRING_VALUE',
        /* more items */
      ]
    },
    /* more items */
  ],
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
route53resolver.listResolverEndpoints(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • MaxResults — (Integer)

      The maximum number of Resolver endpoints that you want to return in the response to a ListResolverEndpoints request. If you don't specify a value for MaxResults, Resolver returns up to 100 Resolver endpoints.

    • NextToken — (String)

      For the first ListResolverEndpoints request, omit this value.

      If you have more than MaxResults Resolver endpoints, you can submit another ListResolverEndpoints request to get the next group of Resolver endpoints. In the next request, specify the value of NextToken from the previous response.

    • Filters — (Array<map>)

      An optional specification to return a subset of Resolver endpoints, such as all inbound Resolver endpoints.

      Note: If you submit a second or subsequent ListResolverEndpoints request and specify the NextToken parameter, you must use the same values for Filters, if any, as in the previous request.
      • Name — (String)

        The name of the parameter that you want to use to filter objects.

        The valid values for Name depend on the action that you're including the filter in, ListResolverEndpoints, ListResolverRules, ListResolverRuleAssociations, ListResolverQueryLogConfigs, or ListResolverQueryLogConfigAssociations.

        Note: In early versions of Resolver, values for Name were listed as uppercase, with underscore (_) delimiters. For example, CreatorRequestId was originally listed as CREATOR_REQUEST_ID. Uppercase values for Name are still supported.

        ListResolverEndpoints

        Valid values for Name include the following:

        • CreatorRequestId: The value that you specified when you created the Resolver endpoint.

        • Direction: Whether you want to return inbound or outbound Resolver endpoints. If you specify DIRECTION for Name, specify INBOUND or OUTBOUND for Values.

        • HostVPCId: The ID of the VPC that inbound DNS queries pass through on the way from your network to your VPCs in a region, or the VPC that outbound queries pass through on the way from your VPCs to your network. In a CreateResolverEndpoint request, SubnetId indirectly identifies the VPC. In a GetResolverEndpoint request, the VPC ID for a Resolver endpoint is returned in the HostVPCId element.

        • IpAddressCount: The number of IP addresses that you have associated with the Resolver endpoint.

        • Name: The name of the Resolver endpoint.

        • SecurityGroupIds: The IDs of the VPC security groups that you specified when you created the Resolver endpoint.

        • Status: The status of the Resolver endpoint. If you specify Status for Name, specify one of the following status codes for Values: CREATING, OPERATIONAL, UPDATING, AUTO_RECOVERING, ACTION_NEEDED, or DELETING. For more information, see Status in ResolverEndpoint.

        ListResolverRules

        Valid values for Name include the following:

        • CreatorRequestId: The value that you specified when you created the Resolver rule.

        • DomainName: The domain name for which Resolver is forwarding DNS queries to your network. In the value that you specify for Values, include a trailing dot (.) after the domain name. For example, if the domain name is example.com, specify the following value. Note the "." after com:

          example.com.

        • Name: The name of the Resolver rule.

        • ResolverEndpointId: The ID of the Resolver endpoint that the Resolver rule is associated with.

          Note: You can filter on the Resolver endpoint only for rules that have a value of FORWARD for RuleType.
        • Status: The status of the Resolver rule. If you specify Status for Name, specify one of the following status codes for Values: COMPLETE, DELETING, UPDATING, or FAILED.

        • Type: The type of the Resolver rule. If you specify TYPE for Name, specify FORWARD or SYSTEM for Values.

        ListResolverRuleAssociations

        Valid values for Name include the following:

        • Name: The name of the Resolver rule association.

        • ResolverRuleId: The ID of the Resolver rule that is associated with one or more VPCs.

        • Status: The status of the Resolver rule association. If you specify Status for Name, specify one of the following status codes for Values: CREATING, COMPLETE, DELETING, or FAILED.

        • VPCId: The ID of the VPC that the Resolver rule is associated with.

        ListResolverQueryLogConfigs

        Valid values for Name include the following:

        • Arn: The ARN for the query logging configuration.

        • AssociationCount: The number of VPCs that are associated with the query logging configuration.

        • CreationTime: The date and time that the query logging configuration was created, in Unix time format and Coordinated Universal Time (UTC).

        • CreatorRequestId: A unique string that identifies the request that created the query logging configuration.

        • Destination: The Amazon Web Services service that you want to forward query logs to. Valid values include the following:

          • S3

          • CloudWatchLogs

          • KinesisFirehose

        • DestinationArn: The ARN of the location that Resolver is sending query logs to. This value can be the ARN for an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.

        • Id: The ID of the query logging configuration

        • Name: The name of the query logging configuration

        • OwnerId: The Amazon Web Services account ID for the account that created the query logging configuration.

        • ShareStatus: An indication of whether the query logging configuration is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Valid values include: NOT_SHARED, SHARED_WITH_ME, or SHARED_BY_ME.

        • Status: The status of the query logging configuration. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status.

        ListResolverQueryLogConfigAssociations

        Valid values for Name include the following:

        • CreationTime: The date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC).

        • Error: If the value of Status is FAILED, specify the cause: DESTINATION_NOT_FOUND or ACCESS_DENIED.

        • Id: The ID of the query logging association.

        • ResolverQueryLogConfigId: The ID of the query logging configuration that a VPC is associated with.

        • ResourceId: The ID of the Amazon VPC that is associated with the query logging configuration.

        • Status: The status of the query logging association. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status.

      • Values — (Array<String>)

        When you're using a List operation and you want the operation to return a subset of objects, such as Resolver endpoints or Resolver rules, the value of the parameter that you want to use to filter objects. For example, to list only inbound Resolver endpoints, specify Direction for Name and specify INBOUND for Values.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If more than MaxResults IP addresses match the specified criteria, you can submit another ListResolverEndpoint request to get the next group of results. In the next request, specify the value of NextToken from the previous response.

      • MaxResults — (Integer)

        The value that you specified for MaxResults in the request.

      • ResolverEndpoints — (Array<map>)

        The Resolver endpoints that were created by using the current Amazon Web Services account, and that match the specified filters, if any.

        • Id — (String)

          The ID of the Resolver endpoint.

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver endpoint.

        • Name — (String)

          The name that you assigned to the Resolver endpoint when you submitted a CreateResolverEndpoint request.

        • SecurityGroupIds — (Array<String>)

          The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

        • Direction — (String)

          Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:

          • INBOUND: allows DNS queries to your VPC from your network

          • OUTBOUND: allows DNS queries from your VPC to your network

          Possible values include:
          • "INBOUND"
          • "OUTBOUND"
        • IpAddressCount — (Integer)

          The number of IP addresses that the Resolver endpoint can use for DNS queries.

        • HostVPCId — (String)

          The ID of the VPC that you want to create the Resolver endpoint in.

        • Status — (String)

          A code that specifies the current status of the Resolver endpoint. Valid values include the following:

          • CREATING: Resolver is creating and configuring one or more Amazon VPC network interfaces for this endpoint.

          • OPERATIONAL: The Amazon VPC network interfaces for this endpoint are correctly configured and able to pass inbound or outbound DNS queries between your network and Resolver.

          • UPDATING: Resolver is associating or disassociating one or more network interfaces with this endpoint.

          • AUTO_RECOVERING: Resolver is trying to recover one or more of the network interfaces that are associated with this endpoint. During the recovery process, the endpoint functions with limited capacity because of the limit on the number of DNS queries per IP address (per network interface). For the current limit, see Limits on Route 53 Resolver.

          • ACTION_NEEDED: This endpoint is unhealthy, and Resolver can't automatically recover it. To resolve the problem, we recommend that you check each IP address that you associated with the endpoint. For each IP address that isn't available, add another IP address and then delete the IP address that isn't available. (An endpoint must always include at least two IP addresses.) A status of ACTION_NEEDED can have a variety of causes. Here are two common causes:

            • One or more of the network interfaces that are associated with the endpoint were deleted using Amazon VPC.

            • The network interface couldn't be created for some reason that's outside the control of Resolver.

          • DELETING: Resolver is deleting this endpoint and the associated network interfaces.

          Possible values include:
          • "CREATING"
          • "OPERATIONAL"
          • "UPDATING"
          • "AUTO_RECOVERING"
          • "ACTION_NEEDED"
          • "DELETING"
        • StatusMessage — (String)

          A detailed description of the status of the Resolver endpoint.

        • CreationTime — (String)

          The date and time that the endpoint was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the endpoint was last modified, in Unix time format and Coordinated Universal Time (UTC).

        • OutpostArn — (String)

          The ARN (Amazon Resource Name) for the Outpost.

        • PreferredInstanceType — (String)

          The Amazon EC2 instance type.

        • ResolverEndpointType — (String)

          The Resolver endpoint IP address type.

          Possible values include:
          • "IPV6"
          • "IPV4"
          • "DUALSTACK"
        • Protocols — (Array<String>)

          Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

          For an inbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 and DoH-FIPS in combination.

          • Do53 alone.

          • DoH alone.

          • DoH-FIPS alone.

          • None, which is treated as Do53.

          For an outbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 alone.

          • DoH alone.

          • None, which is treated as Do53.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listResolverQueryLogConfigAssociations(params = {}, callback) ⇒ AWS.Request

Lists information about associations between Amazon VPCs and query logging configurations.

Examples:

Calling the listResolverQueryLogConfigAssociations operation

var params = {
  Filters: [
    {
      Name: 'STRING_VALUE',
      Values: [
        'STRING_VALUE',
        /* more items */
      ]
    },
    /* more items */
  ],
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE',
  SortBy: 'STRING_VALUE',
  SortOrder: ASCENDING | DESCENDING
};
route53resolver.listResolverQueryLogConfigAssociations(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • MaxResults — (Integer)

      The maximum number of query logging associations that you want to return in the response to a ListResolverQueryLogConfigAssociations request. If you don't specify a value for MaxResults, Resolver returns up to 100 query logging associations.

    • NextToken — (String)

      For the first ListResolverQueryLogConfigAssociations request, omit this value.

      If there are more than MaxResults query logging associations that match the values that you specify for Filters, you can submit another ListResolverQueryLogConfigAssociations request to get the next group of associations. In the next request, specify the value of NextToken from the previous response.

    • Filters — (Array<map>)

      An optional specification to return a subset of query logging associations.

      Note: If you submit a second or subsequent ListResolverQueryLogConfigAssociations request and specify the NextToken parameter, you must use the same values for Filters, if any, as in the previous request.
      • Name — (String)

        The name of the parameter that you want to use to filter objects.

        The valid values for Name depend on the action that you're including the filter in, ListResolverEndpoints, ListResolverRules, ListResolverRuleAssociations, ListResolverQueryLogConfigs, or ListResolverQueryLogConfigAssociations.

        Note: In early versions of Resolver, values for Name were listed as uppercase, with underscore (_) delimiters. For example, CreatorRequestId was originally listed as CREATOR_REQUEST_ID. Uppercase values for Name are still supported.

        ListResolverEndpoints

        Valid values for Name include the following:

        • CreatorRequestId: The value that you specified when you created the Resolver endpoint.

        • Direction: Whether you want to return inbound or outbound Resolver endpoints. If you specify DIRECTION for Name, specify INBOUND or OUTBOUND for Values.

        • HostVPCId: The ID of the VPC that inbound DNS queries pass through on the way from your network to your VPCs in a region, or the VPC that outbound queries pass through on the way from your VPCs to your network. In a CreateResolverEndpoint request, SubnetId indirectly identifies the VPC. In a GetResolverEndpoint request, the VPC ID for a Resolver endpoint is returned in the HostVPCId element.

        • IpAddressCount: The number of IP addresses that you have associated with the Resolver endpoint.

        • Name: The name of the Resolver endpoint.

        • SecurityGroupIds: The IDs of the VPC security groups that you specified when you created the Resolver endpoint.

        • Status: The status of the Resolver endpoint. If you specify Status for Name, specify one of the following status codes for Values: CREATING, OPERATIONAL, UPDATING, AUTO_RECOVERING, ACTION_NEEDED, or DELETING. For more information, see Status in ResolverEndpoint.

        ListResolverRules

        Valid values for Name include the following:

        • CreatorRequestId: The value that you specified when you created the Resolver rule.

        • DomainName: The domain name for which Resolver is forwarding DNS queries to your network. In the value that you specify for Values, include a trailing dot (.) after the domain name. For example, if the domain name is example.com, specify the following value. Note the "." after com:

          example.com.

        • Name: The name of the Resolver rule.

        • ResolverEndpointId: The ID of the Resolver endpoint that the Resolver rule is associated with.

          Note: You can filter on the Resolver endpoint only for rules that have a value of FORWARD for RuleType.
        • Status: The status of the Resolver rule. If you specify Status for Name, specify one of the following status codes for Values: COMPLETE, DELETING, UPDATING, or FAILED.

        • Type: The type of the Resolver rule. If you specify TYPE for Name, specify FORWARD or SYSTEM for Values.

        ListResolverRuleAssociations

        Valid values for Name include the following:

        • Name: The name of the Resolver rule association.

        • ResolverRuleId: The ID of the Resolver rule that is associated with one or more VPCs.

        • Status: The status of the Resolver rule association. If you specify Status for Name, specify one of the following status codes for Values: CREATING, COMPLETE, DELETING, or FAILED.

        • VPCId: The ID of the VPC that the Resolver rule is associated with.

        ListResolverQueryLogConfigs

        Valid values for Name include the following:

        • Arn: The ARN for the query logging configuration.

        • AssociationCount: The number of VPCs that are associated with the query logging configuration.

        • CreationTime: The date and time that the query logging configuration was created, in Unix time format and Coordinated Universal Time (UTC).

        • CreatorRequestId: A unique string that identifies the request that created the query logging configuration.

        • Destination: The Amazon Web Services service that you want to forward query logs to. Valid values include the following:

          • S3

          • CloudWatchLogs

          • KinesisFirehose

        • DestinationArn: The ARN of the location that Resolver is sending query logs to. This value can be the ARN for an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.

        • Id: The ID of the query logging configuration

        • Name: The name of the query logging configuration

        • OwnerId: The Amazon Web Services account ID for the account that created the query logging configuration.

        • ShareStatus: An indication of whether the query logging configuration is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Valid values include: NOT_SHARED, SHARED_WITH_ME, or SHARED_BY_ME.

        • Status: The status of the query logging configuration. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status.

        ListResolverQueryLogConfigAssociations

        Valid values for Name include the following:

        • CreationTime: The date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC).

        • Error: If the value of Status is FAILED, specify the cause: DESTINATION_NOT_FOUND or ACCESS_DENIED.

        • Id: The ID of the query logging association.

        • ResolverQueryLogConfigId: The ID of the query logging configuration that a VPC is associated with.

        • ResourceId: The ID of the Amazon VPC that is associated with the query logging configuration.

        • Status: The status of the query logging association. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status.

      • Values — (Array<String>)

        When you're using a List operation and you want the operation to return a subset of objects, such as Resolver endpoints or Resolver rules, the value of the parameter that you want to use to filter objects. For example, to list only inbound Resolver endpoints, specify Direction for Name and specify INBOUND for Values.

    • SortBy — (String)

      The element that you want Resolver to sort query logging associations by.

      Note: If you submit a second or subsequent ListResolverQueryLogConfigAssociations request and specify the NextToken parameter, you must use the same value for SortBy, if any, as in the previous request.

      Valid values include the following elements:

      • CreationTime: The ID of the query logging association.

      • Error: If the value of Status is FAILED, the value of Error indicates the cause:

        • DESTINATION_NOT_FOUND: The specified destination (for example, an Amazon S3 bucket) was deleted.

        • ACCESS_DENIED: Permissions don't allow sending logs to the destination.

        If Status is a value other than FAILED, ERROR is null.

      • Id: The ID of the query logging association

      • ResolverQueryLogConfigId: The ID of the query logging configuration

      • ResourceId: The ID of the VPC that is associated with the query logging configuration

      • Status: The current status of the configuration. Valid values include the following:

        • CREATING: Resolver is creating an association between an Amazon VPC and a query logging configuration.

        • CREATED: The association between an Amazon VPC and a query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC.

        • DELETING: Resolver is deleting this query logging association.

        • FAILED: Resolver either couldn't create or couldn't delete the query logging association. Here are two common causes:

          • The specified destination (for example, an Amazon S3 bucket) was deleted.

          • Permissions don't allow sending logs to the destination.

    • SortOrder — (String)

      If you specified a value for SortBy, the order that you want query logging associations to be listed in, ASCENDING or DESCENDING.

      Note: If you submit a second or subsequent ListResolverQueryLogConfigAssociations request and specify the NextToken parameter, you must use the same value for SortOrder, if any, as in the previous request.
      Possible values include:
      • "ASCENDING"
      • "DESCENDING"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If there are more than MaxResults query logging associations, you can submit another ListResolverQueryLogConfigAssociations request to get the next group of associations. In the next request, specify the value of NextToken from the previous response.

      • TotalCount — (Integer)

        The total number of query logging associations that were created by the current account in the specified Region. This count can differ from the number of associations that are returned in a ListResolverQueryLogConfigAssociations response, depending on the values that you specify in the request.

      • TotalFilteredCount — (Integer)

        The total number of query logging associations that were created by the current account in the specified Region and that match the filters that were specified in the ListResolverQueryLogConfigAssociations request. For the total number of associations that were created by the current account in the specified Region, see TotalCount.

      • ResolverQueryLogConfigAssociations — (Array<map>)

        A list that contains one ResolverQueryLogConfigAssociations element for each query logging association that matches the values that you specified for Filter.

        • Id — (String)

          The ID of the query logging association.

        • ResolverQueryLogConfigId — (String)

          The ID of the query logging configuration that a VPC is associated with.

        • ResourceId — (String)

          The ID of the Amazon VPC that is associated with the query logging configuration.

        • Status — (String)

          The status of the specified query logging association. Valid values include the following:

          • CREATING: Resolver is creating an association between an Amazon VPC and a query logging configuration.

          • CREATED: The association between an Amazon VPC and a query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC.

          • DELETING: Resolver is deleting this query logging association.

          • FAILED: Resolver either couldn't create or couldn't delete the query logging association.

          Possible values include:
          • "CREATING"
          • "ACTIVE"
          • "ACTION_NEEDED"
          • "DELETING"
          • "FAILED"
        • Error — (String)

          If the value of Status is FAILED, the value of Error indicates the cause:

          • DESTINATION_NOT_FOUND: The specified destination (for example, an Amazon S3 bucket) was deleted.

          • ACCESS_DENIED: Permissions don't allow sending logs to the destination.

          If the value of Status is a value other than FAILED, Error is null.

          Possible values include:
          • "NONE"
          • "DESTINATION_NOT_FOUND"
          • "ACCESS_DENIED"
          • "INTERNAL_SERVICE_ERROR"
        • ErrorMessage — (String)

          Contains additional information about the error. If the value or Error is null, the value of ErrorMessage also is null.

        • CreationTime — (String)

          The date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listResolverQueryLogConfigs(params = {}, callback) ⇒ AWS.Request

Lists information about the specified query logging configurations. Each configuration defines where you want Resolver to save DNS query logs and specifies the VPCs that you want to log queries for.

Service Reference:

Examples:

Calling the listResolverQueryLogConfigs operation

var params = {
  Filters: [
    {
      Name: 'STRING_VALUE',
      Values: [
        'STRING_VALUE',
        /* more items */
      ]
    },
    /* more items */
  ],
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE',
  SortBy: 'STRING_VALUE',
  SortOrder: ASCENDING | DESCENDING
};
route53resolver.listResolverQueryLogConfigs(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • MaxResults — (Integer)

      The maximum number of query logging configurations that you want to return in the response to a ListResolverQueryLogConfigs request. If you don't specify a value for MaxResults, Resolver returns up to 100 query logging configurations.

    • NextToken — (String)

      For the first ListResolverQueryLogConfigs request, omit this value.

      If there are more than MaxResults query logging configurations that match the values that you specify for Filters, you can submit another ListResolverQueryLogConfigs request to get the next group of configurations. In the next request, specify the value of NextToken from the previous response.

    • Filters — (Array<map>)

      An optional specification to return a subset of query logging configurations.

      Note: If you submit a second or subsequent ListResolverQueryLogConfigs request and specify the NextToken parameter, you must use the same values for Filters, if any, as in the previous request.
      • Name — (String)

        The name of the parameter that you want to use to filter objects.

        The valid values for Name depend on the action that you're including the filter in, ListResolverEndpoints, ListResolverRules, ListResolverRuleAssociations, ListResolverQueryLogConfigs, or ListResolverQueryLogConfigAssociations.

        Note: In early versions of Resolver, values for Name were listed as uppercase, with underscore (_) delimiters. For example, CreatorRequestId was originally listed as CREATOR_REQUEST_ID. Uppercase values for Name are still supported.

        ListResolverEndpoints

        Valid values for Name include the following:

        • CreatorRequestId: The value that you specified when you created the Resolver endpoint.

        • Direction: Whether you want to return inbound or outbound Resolver endpoints. If you specify DIRECTION for Name, specify INBOUND or OUTBOUND for Values.

        • HostVPCId: The ID of the VPC that inbound DNS queries pass through on the way from your network to your VPCs in a region, or the VPC that outbound queries pass through on the way from your VPCs to your network. In a CreateResolverEndpoint request, SubnetId indirectly identifies the VPC. In a GetResolverEndpoint request, the VPC ID for a Resolver endpoint is returned in the HostVPCId element.

        • IpAddressCount: The number of IP addresses that you have associated with the Resolver endpoint.

        • Name: The name of the Resolver endpoint.

        • SecurityGroupIds: The IDs of the VPC security groups that you specified when you created the Resolver endpoint.

        • Status: The status of the Resolver endpoint. If you specify Status for Name, specify one of the following status codes for Values: CREATING, OPERATIONAL, UPDATING, AUTO_RECOVERING, ACTION_NEEDED, or DELETING. For more information, see Status in ResolverEndpoint.

        ListResolverRules

        Valid values for Name include the following:

        • CreatorRequestId: The value that you specified when you created the Resolver rule.

        • DomainName: The domain name for which Resolver is forwarding DNS queries to your network. In the value that you specify for Values, include a trailing dot (.) after the domain name. For example, if the domain name is example.com, specify the following value. Note the "." after com:

          example.com.

        • Name: The name of the Resolver rule.

        • ResolverEndpointId: The ID of the Resolver endpoint that the Resolver rule is associated with.

          Note: You can filter on the Resolver endpoint only for rules that have a value of FORWARD for RuleType.
        • Status: The status of the Resolver rule. If you specify Status for Name, specify one of the following status codes for Values: COMPLETE, DELETING, UPDATING, or FAILED.

        • Type: The type of the Resolver rule. If you specify TYPE for Name, specify FORWARD or SYSTEM for Values.

        ListResolverRuleAssociations

        Valid values for Name include the following:

        • Name: The name of the Resolver rule association.

        • ResolverRuleId: The ID of the Resolver rule that is associated with one or more VPCs.

        • Status: The status of the Resolver rule association. If you specify Status for Name, specify one of the following status codes for Values: CREATING, COMPLETE, DELETING, or FAILED.

        • VPCId: The ID of the VPC that the Resolver rule is associated with.

        ListResolverQueryLogConfigs

        Valid values for Name include the following:

        • Arn: The ARN for the query logging configuration.

        • AssociationCount: The number of VPCs that are associated with the query logging configuration.

        • CreationTime: The date and time that the query logging configuration was created, in Unix time format and Coordinated Universal Time (UTC).

        • CreatorRequestId: A unique string that identifies the request that created the query logging configuration.

        • Destination: The Amazon Web Services service that you want to forward query logs to. Valid values include the following:

          • S3

          • CloudWatchLogs

          • KinesisFirehose

        • DestinationArn: The ARN of the location that Resolver is sending query logs to. This value can be the ARN for an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.

        • Id: The ID of the query logging configuration

        • Name: The name of the query logging configuration

        • OwnerId: The Amazon Web Services account ID for the account that created the query logging configuration.

        • ShareStatus: An indication of whether the query logging configuration is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Valid values include: NOT_SHARED, SHARED_WITH_ME, or SHARED_BY_ME.

        • Status: The status of the query logging configuration. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status.

        ListResolverQueryLogConfigAssociations

        Valid values for Name include the following:

        • CreationTime: The date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC).

        • Error: If the value of Status is FAILED, specify the cause: DESTINATION_NOT_FOUND or ACCESS_DENIED.

        • Id: The ID of the query logging association.

        • ResolverQueryLogConfigId: The ID of the query logging configuration that a VPC is associated with.

        • ResourceId: The ID of the Amazon VPC that is associated with the query logging configuration.

        • Status: The status of the query logging association. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status.

      • Values — (Array<String>)

        When you're using a List operation and you want the operation to return a subset of objects, such as Resolver endpoints or Resolver rules, the value of the parameter that you want to use to filter objects. For example, to list only inbound Resolver endpoints, specify Direction for Name and specify INBOUND for Values.

    • SortBy — (String)

      The element that you want Resolver to sort query logging configurations by.

      Note: If you submit a second or subsequent ListResolverQueryLogConfigs request and specify the NextToken parameter, you must use the same value for SortBy, if any, as in the previous request.

      Valid values include the following elements:

      • Arn: The ARN of the query logging configuration

      • AssociationCount: The number of VPCs that are associated with the specified configuration

      • CreationTime: The date and time that Resolver returned when the configuration was created

      • CreatorRequestId: The value that was specified for CreatorRequestId when the configuration was created

      • DestinationArn: The location that logs are sent to

      • Id: The ID of the configuration

      • Name: The name of the configuration

      • OwnerId: The Amazon Web Services account number of the account that created the configuration

      • ShareStatus: Whether the configuration is shared with other Amazon Web Services accounts or shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM).

      • Status: The current status of the configuration. Valid values include the following:

        • CREATING: Resolver is creating the query logging configuration.

        • CREATED: The query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC.

        • DELETING: Resolver is deleting this query logging configuration.

        • FAILED: Resolver either couldn't create or couldn't delete the query logging configuration. Here are two common causes:

          • The specified destination (for example, an Amazon S3 bucket) was deleted.

          • Permissions don't allow sending logs to the destination.

    • SortOrder — (String)

      If you specified a value for SortBy, the order that you want query logging configurations to be listed in, ASCENDING or DESCENDING.

      Note: If you submit a second or subsequent ListResolverQueryLogConfigs request and specify the NextToken parameter, you must use the same value for SortOrder, if any, as in the previous request.
      Possible values include:
      • "ASCENDING"
      • "DESCENDING"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If there are more than MaxResults query logging configurations, you can submit another ListResolverQueryLogConfigs request to get the next group of configurations. In the next request, specify the value of NextToken from the previous response.

      • TotalCount — (Integer)

        The total number of query logging configurations that were created by the current account in the specified Region. This count can differ from the number of query logging configurations that are returned in a ListResolverQueryLogConfigs response, depending on the values that you specify in the request.

      • TotalFilteredCount — (Integer)

        The total number of query logging configurations that were created by the current account in the specified Region and that match the filters that were specified in the ListResolverQueryLogConfigs request. For the total number of query logging configurations that were created by the current account in the specified Region, see TotalCount.

      • ResolverQueryLogConfigs — (Array<map>)

        A list that contains one ResolverQueryLogConfig element for each query logging configuration that matches the values that you specified for Filter.

        • Id — (String)

          The ID for the query logging configuration.

        • OwnerId — (String)

          The Amazon Web Services account ID for the account that created the query logging configuration.

        • Status — (String)

          The status of the specified query logging configuration. Valid values include the following:

          • CREATING: Resolver is creating the query logging configuration.

          • CREATED: The query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC.

          • DELETING: Resolver is deleting this query logging configuration.

          • FAILED: Resolver can't deliver logs to the location that is specified in the query logging configuration. Here are two common causes:

            • The specified destination (for example, an Amazon S3 bucket) was deleted.

            • Permissions don't allow sending logs to the destination.

          Possible values include:
          • "CREATING"
          • "CREATED"
          • "DELETING"
          • "FAILED"
        • ShareStatus — (String)

          An indication of whether the query logging configuration is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM).

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"
        • AssociationCount — (Integer)

          The number of VPCs that are associated with the query logging configuration.

        • Arn — (String)

          The ARN for the query logging configuration.

        • Name — (String)

          The name of the query logging configuration.

        • DestinationArn — (String)

          The ARN of the resource that you want Resolver to send query logs: an Amazon S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the query logging configuration. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • CreationTime — (String)

          The date and time that the query logging configuration was created, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listResolverRuleAssociations(params = {}, callback) ⇒ AWS.Request

Lists the associations that were created between Resolver rules and VPCs using the current Amazon Web Services account.

Service Reference:

Examples:

Calling the listResolverRuleAssociations operation

var params = {
  Filters: [
    {
      Name: 'STRING_VALUE',
      Values: [
        'STRING_VALUE',
        /* more items */
      ]
    },
    /* more items */
  ],
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
route53resolver.listResolverRuleAssociations(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • MaxResults — (Integer)

      The maximum number of rule associations that you want to return in the response to a ListResolverRuleAssociations request. If you don't specify a value for MaxResults, Resolver returns up to 100 rule associations.

    • NextToken — (String)

      For the first ListResolverRuleAssociation request, omit this value.

      If you have more than MaxResults rule associations, you can submit another ListResolverRuleAssociation request to get the next group of rule associations. In the next request, specify the value of NextToken from the previous response.

    • Filters — (Array<map>)

      An optional specification to return a subset of Resolver rules, such as Resolver rules that are associated with the same VPC ID.

      Note: If you submit a second or subsequent ListResolverRuleAssociations request and specify the NextToken parameter, you must use the same values for Filters, if any, as in the previous request.
      • Name — (String)

        The name of the parameter that you want to use to filter objects.

        The valid values for Name depend on the action that you're including the filter in, ListResolverEndpoints, ListResolverRules, ListResolverRuleAssociations, ListResolverQueryLogConfigs, or ListResolverQueryLogConfigAssociations.

        Note: In early versions of Resolver, values for Name were listed as uppercase, with underscore (_) delimiters. For example, CreatorRequestId was originally listed as CREATOR_REQUEST_ID. Uppercase values for Name are still supported.

        ListResolverEndpoints

        Valid values for Name include the following:

        • CreatorRequestId: The value that you specified when you created the Resolver endpoint.

        • Direction: Whether you want to return inbound or outbound Resolver endpoints. If you specify DIRECTION for Name, specify INBOUND or OUTBOUND for Values.

        • HostVPCId: The ID of the VPC that inbound DNS queries pass through on the way from your network to your VPCs in a region, or the VPC that outbound queries pass through on the way from your VPCs to your network. In a CreateResolverEndpoint request, SubnetId indirectly identifies the VPC. In a GetResolverEndpoint request, the VPC ID for a Resolver endpoint is returned in the HostVPCId element.

        • IpAddressCount: The number of IP addresses that you have associated with the Resolver endpoint.

        • Name: The name of the Resolver endpoint.

        • SecurityGroupIds: The IDs of the VPC security groups that you specified when you created the Resolver endpoint.

        • Status: The status of the Resolver endpoint. If you specify Status for Name, specify one of the following status codes for Values: CREATING, OPERATIONAL, UPDATING, AUTO_RECOVERING, ACTION_NEEDED, or DELETING. For more information, see Status in ResolverEndpoint.

        ListResolverRules

        Valid values for Name include the following:

        • CreatorRequestId: The value that you specified when you created the Resolver rule.

        • DomainName: The domain name for which Resolver is forwarding DNS queries to your network. In the value that you specify for Values, include a trailing dot (.) after the domain name. For example, if the domain name is example.com, specify the following value. Note the "." after com:

          example.com.

        • Name: The name of the Resolver rule.

        • ResolverEndpointId: The ID of the Resolver endpoint that the Resolver rule is associated with.

          Note: You can filter on the Resolver endpoint only for rules that have a value of FORWARD for RuleType.
        • Status: The status of the Resolver rule. If you specify Status for Name, specify one of the following status codes for Values: COMPLETE, DELETING, UPDATING, or FAILED.

        • Type: The type of the Resolver rule. If you specify TYPE for Name, specify FORWARD or SYSTEM for Values.

        ListResolverRuleAssociations

        Valid values for Name include the following:

        • Name: The name of the Resolver rule association.

        • ResolverRuleId: The ID of the Resolver rule that is associated with one or more VPCs.

        • Status: The status of the Resolver rule association. If you specify Status for Name, specify one of the following status codes for Values: CREATING, COMPLETE, DELETING, or FAILED.

        • VPCId: The ID of the VPC that the Resolver rule is associated with.

        ListResolverQueryLogConfigs

        Valid values for Name include the following:

        • Arn: The ARN for the query logging configuration.

        • AssociationCount: The number of VPCs that are associated with the query logging configuration.

        • CreationTime: The date and time that the query logging configuration was created, in Unix time format and Coordinated Universal Time (UTC).

        • CreatorRequestId: A unique string that identifies the request that created the query logging configuration.

        • Destination: The Amazon Web Services service that you want to forward query logs to. Valid values include the following:

          • S3

          • CloudWatchLogs

          • KinesisFirehose

        • DestinationArn: The ARN of the location that Resolver is sending query logs to. This value can be the ARN for an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.

        • Id: The ID of the query logging configuration

        • Name: The name of the query logging configuration

        • OwnerId: The Amazon Web Services account ID for the account that created the query logging configuration.

        • ShareStatus: An indication of whether the query logging configuration is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Valid values include: NOT_SHARED, SHARED_WITH_ME, or SHARED_BY_ME.

        • Status: The status of the query logging configuration. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status.

        ListResolverQueryLogConfigAssociations

        Valid values for Name include the following:

        • CreationTime: The date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC).

        • Error: If the value of Status is FAILED, specify the cause: DESTINATION_NOT_FOUND or ACCESS_DENIED.

        • Id: The ID of the query logging association.

        • ResolverQueryLogConfigId: The ID of the query logging configuration that a VPC is associated with.

        • ResourceId: The ID of the Amazon VPC that is associated with the query logging configuration.

        • Status: The status of the query logging association. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status.

      • Values — (Array<String>)

        When you're using a List operation and you want the operation to return a subset of objects, such as Resolver endpoints or Resolver rules, the value of the parameter that you want to use to filter objects. For example, to list only inbound Resolver endpoints, specify Direction for Name and specify INBOUND for Values.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If more than MaxResults rule associations match the specified criteria, you can submit another ListResolverRuleAssociation request to get the next group of results. In the next request, specify the value of NextToken from the previous response.

      • MaxResults — (Integer)

        The value that you specified for MaxResults in the request.

      • ResolverRuleAssociations — (Array<map>)

        The associations that were created between Resolver rules and VPCs using the current Amazon Web Services account, and that match the specified filters, if any.

        • Id — (String)

          The ID of the association between a Resolver rule and a VPC. Resolver assigns this value when you submit an AssociateResolverRule request.

        • ResolverRuleId — (String)

          The ID of the Resolver rule that you associated with the VPC that is specified by VPCId.

        • Name — (String)

          The name of an association between a Resolver rule and a VPC.

        • VPCId — (String)

          The ID of the VPC that you associated the Resolver rule with.

        • Status — (String)

          A code that specifies the current status of the association between a Resolver rule and a VPC.

          Possible values include:
          • "CREATING"
          • "COMPLETE"
          • "DELETING"
          • "FAILED"
          • "OVERRIDDEN"
        • StatusMessage — (String)

          A detailed description of the status of the association between a Resolver rule and a VPC.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listResolverRules(params = {}, callback) ⇒ AWS.Request

Lists the Resolver rules that were created using the current Amazon Web Services account.

Service Reference:

Examples:

Calling the listResolverRules operation

var params = {
  Filters: [
    {
      Name: 'STRING_VALUE',
      Values: [
        'STRING_VALUE',
        /* more items */
      ]
    },
    /* more items */
  ],
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
route53resolver.listResolverRules(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • MaxResults — (Integer)

      The maximum number of Resolver rules that you want to return in the response to a ListResolverRules request. If you don't specify a value for MaxResults, Resolver returns up to 100 Resolver rules.

    • NextToken — (String)

      For the first ListResolverRules request, omit this value.

      If you have more than MaxResults Resolver rules, you can submit another ListResolverRules request to get the next group of Resolver rules. In the next request, specify the value of NextToken from the previous response.

    • Filters — (Array<map>)

      An optional specification to return a subset of Resolver rules, such as all Resolver rules that are associated with the same Resolver endpoint.

      Note: If you submit a second or subsequent ListResolverRules request and specify the NextToken parameter, you must use the same values for Filters, if any, as in the previous request.
      • Name — (String)

        The name of the parameter that you want to use to filter objects.

        The valid values for Name depend on the action that you're including the filter in, ListResolverEndpoints, ListResolverRules, ListResolverRuleAssociations, ListResolverQueryLogConfigs, or ListResolverQueryLogConfigAssociations.

        Note: In early versions of Resolver, values for Name were listed as uppercase, with underscore (_) delimiters. For example, CreatorRequestId was originally listed as CREATOR_REQUEST_ID. Uppercase values for Name are still supported.

        ListResolverEndpoints

        Valid values for Name include the following:

        • CreatorRequestId: The value that you specified when you created the Resolver endpoint.

        • Direction: Whether you want to return inbound or outbound Resolver endpoints. If you specify DIRECTION for Name, specify INBOUND or OUTBOUND for Values.

        • HostVPCId: The ID of the VPC that inbound DNS queries pass through on the way from your network to your VPCs in a region, or the VPC that outbound queries pass through on the way from your VPCs to your network. In a CreateResolverEndpoint request, SubnetId indirectly identifies the VPC. In a GetResolverEndpoint request, the VPC ID for a Resolver endpoint is returned in the HostVPCId element.

        • IpAddressCount: The number of IP addresses that you have associated with the Resolver endpoint.

        • Name: The name of the Resolver endpoint.

        • SecurityGroupIds: The IDs of the VPC security groups that you specified when you created the Resolver endpoint.

        • Status: The status of the Resolver endpoint. If you specify Status for Name, specify one of the following status codes for Values: CREATING, OPERATIONAL, UPDATING, AUTO_RECOVERING, ACTION_NEEDED, or DELETING. For more information, see Status in ResolverEndpoint.

        ListResolverRules

        Valid values for Name include the following:

        • CreatorRequestId: The value that you specified when you created the Resolver rule.

        • DomainName: The domain name for which Resolver is forwarding DNS queries to your network. In the value that you specify for Values, include a trailing dot (.) after the domain name. For example, if the domain name is example.com, specify the following value. Note the "." after com:

          example.com.

        • Name: The name of the Resolver rule.

        • ResolverEndpointId: The ID of the Resolver endpoint that the Resolver rule is associated with.

          Note: You can filter on the Resolver endpoint only for rules that have a value of FORWARD for RuleType.
        • Status: The status of the Resolver rule. If you specify Status for Name, specify one of the following status codes for Values: COMPLETE, DELETING, UPDATING, or FAILED.

        • Type: The type of the Resolver rule. If you specify TYPE for Name, specify FORWARD or SYSTEM for Values.

        ListResolverRuleAssociations

        Valid values for Name include the following:

        • Name: The name of the Resolver rule association.

        • ResolverRuleId: The ID of the Resolver rule that is associated with one or more VPCs.

        • Status: The status of the Resolver rule association. If you specify Status for Name, specify one of the following status codes for Values: CREATING, COMPLETE, DELETING, or FAILED.

        • VPCId: The ID of the VPC that the Resolver rule is associated with.

        ListResolverQueryLogConfigs

        Valid values for Name include the following:

        • Arn: The ARN for the query logging configuration.

        • AssociationCount: The number of VPCs that are associated with the query logging configuration.

        • CreationTime: The date and time that the query logging configuration was created, in Unix time format and Coordinated Universal Time (UTC).

        • CreatorRequestId: A unique string that identifies the request that created the query logging configuration.

        • Destination: The Amazon Web Services service that you want to forward query logs to. Valid values include the following:

          • S3

          • CloudWatchLogs

          • KinesisFirehose

        • DestinationArn: The ARN of the location that Resolver is sending query logs to. This value can be the ARN for an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.

        • Id: The ID of the query logging configuration

        • Name: The name of the query logging configuration

        • OwnerId: The Amazon Web Services account ID for the account that created the query logging configuration.

        • ShareStatus: An indication of whether the query logging configuration is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Valid values include: NOT_SHARED, SHARED_WITH_ME, or SHARED_BY_ME.

        • Status: The status of the query logging configuration. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status.

        ListResolverQueryLogConfigAssociations

        Valid values for Name include the following:

        • CreationTime: The date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC).

        • Error: If the value of Status is FAILED, specify the cause: DESTINATION_NOT_FOUND or ACCESS_DENIED.

        • Id: The ID of the query logging association.

        • ResolverQueryLogConfigId: The ID of the query logging configuration that a VPC is associated with.

        • ResourceId: The ID of the Amazon VPC that is associated with the query logging configuration.

        • Status: The status of the query logging association. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status.

      • Values — (Array<String>)

        When you're using a List operation and you want the operation to return a subset of objects, such as Resolver endpoints or Resolver rules, the value of the parameter that you want to use to filter objects. For example, to list only inbound Resolver endpoints, specify Direction for Name and specify INBOUND for Values.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If more than MaxResults Resolver rules match the specified criteria, you can submit another ListResolverRules request to get the next group of results. In the next request, specify the value of NextToken from the previous response.

      • MaxResults — (Integer)

        The value that you specified for MaxResults in the request.

      • ResolverRules — (Array<map>)

        The Resolver rules that were created using the current Amazon Web Services account and that match the specified filters, if any.

        • Id — (String)

          The ID that Resolver assigned to the Resolver rule when you created it.

        • CreatorRequestId — (String)

          A unique string that you specified when you created the Resolver rule. CreatorRequestId identifies the request and allows failed requests to be retried without the risk of running the operation twice.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver rule specified by Id.

        • DomainName — (String)

          DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps. If a query matches multiple Resolver rules (example.com and www.example.com), the query is routed using the Resolver rule that contains the most specific domain name (www.example.com).

        • Status — (String)

          A code that specifies the current status of the Resolver rule.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
          • "FAILED"
        • StatusMessage — (String)

          A detailed description of the status of a Resolver rule.

        • RuleType — (String)

          When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD.

          When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.

          For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType.

          Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType.

          Possible values include:
          • "FORWARD"
          • "SYSTEM"
          • "RECURSIVE"
        • Name — (String)

          The name for the Resolver rule, which you specified when you created the Resolver rule.

        • TargetIps — (Array<map>)

          An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network.

          • Ip — (String)

            One IPv4 address that you want to forward DNS queries to.

          • Port — (Integer)

            The port at Ip that you want to forward DNS queries to.

          • Ipv6 — (String)

            One IPv6 address that you want to forward DNS queries to.

          • Protocol — (String)

            The protocols for the Resolver endpoints. DoH-FIPS is applicable for inbound endpoints only.

            For an inbound endpoint you can apply the protocols as follows:

            • Do53 and DoH in combination.

            • Do53 and DoH-FIPS in combination.

            • Do53 alone.

            • DoH alone.

            • DoH-FIPS alone.

            • None, which is treated as Do53.

            For an outbound endpoint you can apply the protocols as follows:

            • Do53 and DoH in combination.

            • Do53 alone.

            • DoH alone.

            • None, which is treated as Do53.

            Possible values include:
            • "DoH"
            • "Do53"
            • "DoH-FIPS"
        • ResolverEndpointId — (String)

          The ID of the endpoint that the rule is associated with.

        • OwnerId — (String)

          When a rule is shared with another Amazon Web Services account, the account ID of the account that the rule is shared with.

        • ShareStatus — (String)

          Whether the rule is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account.

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"
        • CreationTime — (String)

          The date and time that the Resolver rule was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the Resolver rule was last updated, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listTagsForResource(params = {}, callback) ⇒ AWS.Request

Lists the tags that you associated with the specified resource.

Service Reference:

Examples:

Calling the listTagsForResource operation

var params = {
  ResourceArn: 'STRING_VALUE', /* required */
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
route53resolver.listTagsForResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResourceArn — (String)

      The Amazon Resource Name (ARN) for the resource that you want to list tags for.

    • MaxResults — (Integer)

      The maximum number of tags that you want to return in the response to a ListTagsForResource request. If you don't specify a value for MaxResults, Resolver returns up to 100 tags.

    • NextToken — (String)

      For the first ListTagsForResource request, omit this value.

      If you have more than MaxResults tags, you can submit another ListTagsForResource request to get the next group of tags for the resource. In the next request, specify the value of NextToken from the previous response.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Tags — (Array<map>)

        The tags that are associated with the resource that you specified in the ListTagsForResource request.

        • Keyrequired — (String)

          The name for the tag. For example, if you want to associate Resolver resources with the account IDs of your customers for billing purposes, the value of Key might be account-id.

        • Valuerequired — (String)

          The value for the tag. For example, if Key is account-id, then Value might be the ID of the customer account that you're creating the resource for.

      • NextToken — (String)

        If more than MaxResults tags match the specified criteria, you can submit another ListTagsForResource request to get the next group of results. In the next request, specify the value of NextToken from the previous response.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putFirewallRuleGroupPolicy(params = {}, callback) ⇒ AWS.Request

Attaches an Identity and Access Management (Amazon Web Services IAM) policy for sharing the rule group. You can use the policy to share the rule group using Resource Access Manager (RAM).

Service Reference:

Examples:

Calling the putFirewallRuleGroupPolicy operation

var params = {
  Arn: 'STRING_VALUE', /* required */
  FirewallRuleGroupPolicy: 'STRING_VALUE' /* required */
};
route53resolver.putFirewallRuleGroupPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Arn — (String)

      The ARN (Amazon Resource Name) for the rule group that you want to share.

    • FirewallRuleGroupPolicy — (String)

      The Identity and Access Management (Amazon Web Services IAM) policy to attach to the rule group.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ReturnValue — (Boolean)

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putResolverQueryLogConfigPolicy(params = {}, callback) ⇒ AWS.Request

Specifies an Amazon Web Services account that you want to share a query logging configuration with, the query logging configuration that you want to share, and the operations that you want the account to be able to perform on the configuration.

Service Reference:

Examples:

Calling the putResolverQueryLogConfigPolicy operation

var params = {
  Arn: 'STRING_VALUE', /* required */
  ResolverQueryLogConfigPolicy: 'STRING_VALUE' /* required */
};
route53resolver.putResolverQueryLogConfigPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Arn — (String)

      The Amazon Resource Name (ARN) of the account that you want to share rules with.

    • ResolverQueryLogConfigPolicy — (String)

      An Identity and Access Management policy statement that lists the query logging configurations that you want to share with another Amazon Web Services account and the operations that you want the account to be able to perform. You can specify the following operations in the Actions section of the statement:

      • route53resolver:AssociateResolverQueryLogConfig

      • route53resolver:DisassociateResolverQueryLogConfig

      • route53resolver:ListResolverQueryLogConfigs

      In the Resource section of the statement, you specify the ARNs for the query logging configurations that you want to share with the account that you specified in Arn.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ReturnValue — (Boolean)

        Whether the PutResolverQueryLogConfigPolicy request was successful.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putResolverRulePolicy(params = {}, callback) ⇒ AWS.Request

Specifies an Amazon Web Services rule that you want to share with another account, the account that you want to share the rule with, and the operations that you want the account to be able to perform on the rule.

Service Reference:

Examples:

Calling the putResolverRulePolicy operation

var params = {
  Arn: 'STRING_VALUE', /* required */
  ResolverRulePolicy: 'STRING_VALUE' /* required */
};
route53resolver.putResolverRulePolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Arn — (String)

      The Amazon Resource Name (ARN) of the rule that you want to share with another account.

    • ResolverRulePolicy — (String)

      An Identity and Access Management policy statement that lists the rules that you want to share with another Amazon Web Services account and the operations that you want the account to be able to perform. You can specify the following operations in the Action section of the statement:

      • route53resolver:GetResolverRule

      • route53resolver:AssociateResolverRule

      • route53resolver:DisassociateResolverRule

      • route53resolver:ListResolverRules

      • route53resolver:ListResolverRuleAssociations

      In the Resource section of the statement, specify the ARN for the rule that you want to share with another account. Specify the same ARN that you specified in Arn.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ReturnValue — (Boolean)

        Whether the PutResolverRulePolicy request was successful.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

tagResource(params = {}, callback) ⇒ AWS.Request

Adds one or more tags to a specified resource.

Service Reference:

Examples:

Calling the tagResource operation

var params = {
  ResourceArn: 'STRING_VALUE', /* required */
  Tags: [ /* required */
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
route53resolver.tagResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResourceArn — (String)

      The Amazon Resource Name (ARN) for the resource that you want to add tags to. To get the ARN for a resource, use the applicable Get or List command:

    • Tags — (Array<map>)

      The tags that you want to add to the specified resource.

      • Keyrequired — (String)

        The name for the tag. For example, if you want to associate Resolver resources with the account IDs of your customers for billing purposes, the value of Key might be account-id.

      • Valuerequired — (String)

        The value for the tag. For example, if Key is account-id, then Value might be the ID of the customer account that you're creating the resource for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

untagResource(params = {}, callback) ⇒ AWS.Request

Removes one or more tags from a specified resource.

Service Reference:

Examples:

Calling the untagResource operation

var params = {
  ResourceArn: 'STRING_VALUE', /* required */
  TagKeys: [ /* required */
    'STRING_VALUE',
    /* more items */
  ]
};
route53resolver.untagResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateFirewallConfig(params = {}, callback) ⇒ AWS.Request

Updates the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC).

Service Reference:

Examples:

Calling the updateFirewallConfig operation

var params = {
  FirewallFailOpen: ENABLED | DISABLED | USE_LOCAL_RESOURCE_SETTING, /* required */
  ResourceId: 'STRING_VALUE' /* required */
};
route53resolver.updateFirewallConfig(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResourceId — (String)

      The ID of the VPC that the configuration is for.

    • FirewallFailOpen — (String)

      Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply.

      • By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly.

      • If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them.

      This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association.

      Possible values include:
      • "ENABLED"
      • "DISABLED"
      • "USE_LOCAL_RESOURCE_SETTING"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallConfig — (map)

        Configuration of the firewall behavior provided by DNS Firewall for a single VPC.

        • Id — (String)

          The ID of the firewall configuration.

        • ResourceId — (String)

          The ID of the VPC that this firewall configuration applies to.

        • OwnerId — (String)

          The Amazon Web Services account ID of the owner of the VPC that this firewall configuration applies to.

        • FirewallFailOpen — (String)

          Determines how DNS Firewall operates during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply.

          • By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall returns a failure error when it is unable to properly evaluate a query.

          • If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them.

          This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association.

          Possible values include:
          • "ENABLED"
          • "DISABLED"
          • "USE_LOCAL_RESOURCE_SETTING"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateFirewallDomains(params = {}, callback) ⇒ AWS.Request

Updates the firewall domain list from an array of domain specifications.

Service Reference:

Examples:

Calling the updateFirewallDomains operation

var params = {
  Domains: [ /* required */
    'STRING_VALUE',
    /* more items */
  ],
  FirewallDomainListId: 'STRING_VALUE', /* required */
  Operation: ADD | REMOVE | REPLACE /* required */
};
route53resolver.updateFirewallDomains(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • FirewallDomainListId — (String)

      The ID of the domain list whose domains you want to update.

    • Operation — (String)

      What you want DNS Firewall to do with the domains that you are providing:

      • ADD - Add the domains to the ones that are already in the domain list.

      • REMOVE - Search the domain list for the domains and remove them from the list.

      • REPLACE - Update the domain list to exactly match the list that you are providing.

      Possible values include:
      • "ADD"
      • "REMOVE"
      • "REPLACE"
    • Domains — (Array<String>)

      A list of domains to use in the update operation.

      There is a limit of 1000 domains per request.

      Each domain specification in your domain list must satisfy the following requirements:

      • It can optionally start with * (asterisk).

      • With the exception of the optional starting asterisk, it must only contain the following characters: A-Z, a-z, 0-9, - (hyphen).

      • It must be from 1-255 characters in length.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Id — (String)

        The ID of the firewall domain list that DNS Firewall just updated.

      • Name — (String)

        The name of the domain list.

      • Status — (String)

        Status of the UpdateFirewallDomains request.

        Possible values include:
        • "COMPLETE"
        • "COMPLETE_IMPORT_FAILED"
        • "IMPORTING"
        • "DELETING"
        • "UPDATING"
      • StatusMessage — (String)

        Additional information about the status of the list, if available.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateFirewallRule(params = {}, callback) ⇒ AWS.Request

Updates the specified firewall rule.

Service Reference:

Examples:

Calling the updateFirewallRule operation

var params = {
  FirewallDomainListId: 'STRING_VALUE', /* required */
  FirewallRuleGroupId: 'STRING_VALUE', /* required */
  Action: ALLOW | BLOCK | ALERT,
  BlockOverrideDnsType: CNAME,
  BlockOverrideDomain: 'STRING_VALUE',
  BlockOverrideTtl: 'NUMBER_VALUE',
  BlockResponse: NODATA | NXDOMAIN | OVERRIDE,
  Name: 'STRING_VALUE',
  Priority: 'NUMBER_VALUE',
  Qtype: 'STRING_VALUE'
};
route53resolver.updateFirewallRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • FirewallRuleGroupId — (String)

      The unique identifier of the firewall rule group for the rule.

    • FirewallDomainListId — (String)

      The ID of the domain list to use in the rule.

    • Priority — (Integer)

      The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.

      You must specify a unique priority for each rule in a rule group. To make it easier to insert rules later, leave space between the numbers, for example, use 100, 200, and so on. You can change the priority setting for the rules in a rule group at any time.

    • Action — (String)

      The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:

      • ALLOW - Permit the request to go through.

      • ALERT - Permit the request to go through but send an alert to the logs.

      • BLOCK - Disallow the request. This option requires additional details in the rule's BlockResponse.

      Possible values include:
      • "ALLOW"
      • "BLOCK"
      • "ALERT"
    • BlockResponse — (String)

      The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK.

      • NODATA - Respond indicating that the query was successful, but no response is available for it.

      • NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.

      • OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.

      Possible values include:
      • "NODATA"
      • "NXDOMAIN"
      • "OVERRIDE"
    • BlockOverrideDomain — (String)

      The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

    • BlockOverrideDnsType — (String)

      The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

      Possible values include:
      • "CNAME"
    • BlockOverrideTtl — (Integer)

      The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

    • Name — (String)

      The name of the rule.

    • Qtype — (String)

      The DNS query type you want the rule to evaluate. Allowed values are;

      • A: Returns an IPv4 address.

      • AAAA: Returns an Ipv6 address.

      • CAA: Restricts CAs that can create SSL/TLS certifications for the domain.

      • CNAME: Returns another domain name.

      • DS: Record that identifies the DNSSEC signing key of a delegated zone.

      • MX: Specifies mail servers.

      • NAPTR: Regular-expression-based rewriting of domain names.

      • NS: Authoritative name servers.

      • PTR: Maps an IP address to a domain name.

      • SOA: Start of authority record for the zone.

      • SPF: Lists the servers authorized to send emails from a domain.

      • SRV: Application specific values that identify servers.

      • TXT: Verifies email senders and application-specific values.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallRule — (map)

        The firewall rule that you just updated.

        • FirewallRuleGroupId — (String)

          The unique identifier of the firewall rule group of the rule.

        • FirewallDomainListId — (String)

          The ID of the domain list that's used in the rule.

        • Name — (String)

          The name of the rule.

        • Priority — (Integer)

          The priority of the rule in the rule group. This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.

        • Action — (String)

          The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:

          • ALLOW - Permit the request to go through.

          • ALERT - Permit the request to go through but send an alert to the logs.

          • BLOCK - Disallow the request. If this is specified, additional handling details are provided in the rule's BlockResponse setting.

          Possible values include:
          • "ALLOW"
          • "BLOCK"
          • "ALERT"
        • BlockResponse — (String)

          The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK.

          • NODATA - Respond indicating that the query was successful, but no response is available for it.

          • NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.

          • OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.

          Possible values include:
          • "NODATA"
          • "NXDOMAIN"
          • "OVERRIDE"
        • BlockOverrideDomain — (String)

          The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

        • BlockOverrideDnsType — (String)

          The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

          Possible values include:
          • "CNAME"
        • BlockOverrideTtl — (Integer)

          The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.

        • CreationTime — (String)

          The date and time that the rule was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC).

        • Qtype — (String)

          The DNS query type you want the rule to evaluate. Allowed values are;

          • A: Returns an IPv4 address.

          • AAAA: Returns an Ipv6 address.

          • CAA: Restricts CAs that can create SSL/TLS certifications for the domain.

          • CNAME: Returns another domain name.

          • DS: Record that identifies the DNSSEC signing key of a delegated zone.

          • MX: Specifies mail servers.

          • NAPTR: Regular-expression-based rewriting of domain names.

          • NS: Authoritative name servers.

          • PTR: Maps an IP address to a domain name.

          • SOA: Start of authority record for the zone.

          • SPF: Lists the servers authorized to send emails from a domain.

          • SRV: Application specific values that identify servers.

          • TXT: Verifies email senders and application-specific values.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateFirewallRuleGroupAssociation(params = {}, callback) ⇒ AWS.Request

Changes the association of a FirewallRuleGroup with a VPC. The association enables DNS filtering for the VPC.

Examples:

Calling the updateFirewallRuleGroupAssociation operation

var params = {
  FirewallRuleGroupAssociationId: 'STRING_VALUE', /* required */
  MutationProtection: ENABLED | DISABLED,
  Name: 'STRING_VALUE',
  Priority: 'NUMBER_VALUE'
};
route53resolver.updateFirewallRuleGroupAssociation(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • FirewallRuleGroupAssociationId — (String)

      The identifier of the FirewallRuleGroupAssociation.

    • Priority — (Integer)

      The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting.

      You must specify a unique priority for each rule group that you associate with a single VPC. To make it easier to insert rule groups later, leave space between the numbers, for example, use 100, 200, and so on. You can change the priority setting for a rule group association after you create it.

    • MutationProtection — (String)

      If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections.

      Possible values include:
      • "ENABLED"
      • "DISABLED"
    • Name — (String)

      The name of the rule group association.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • FirewallRuleGroupAssociation — (map)

        The association that you just updated.

        • Id — (String)

          The identifier for the association.

        • Arn — (String)

          The Amazon Resource Name (ARN) of the firewall rule group association.

        • FirewallRuleGroupId — (String)

          The unique identifier of the firewall rule group.

        • VpcId — (String)

          The unique identifier of the VPC that is associated with the rule group.

        • Name — (String)

          The name of the association.

        • Priority — (Integer)

          The setting that determines the processing order of the rule group among the rule groups that are associated with a single VPC. DNS Firewall filters VPC traffic starting from rule group with the lowest numeric priority setting.

        • MutationProtection — (String)

          If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections.

          Possible values include:
          • "ENABLED"
          • "DISABLED"
        • ManagedOwnerName — (String)

          The owner of the association, used only for associations that are not managed by you. If you use Firewall Manager to manage your DNS Firewalls, then this reports Firewall Manager as the managed owner.

        • Status — (String)

          The current status of the association.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
        • StatusMessage — (String)

          Additional information about the status of the response, if available.

        • CreatorRequestId — (String)

          A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp.

        • CreationTime — (String)

          The date and time that the association was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the association was last modified, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateOutpostResolver(params = {}, callback) ⇒ AWS.Request

You can use UpdateOutpostResolver to update the instance count, type, or name of a Resolver on an Outpost.

Service Reference:

Examples:

Calling the updateOutpostResolver operation

var params = {
  Id: 'STRING_VALUE', /* required */
  InstanceCount: 'NUMBER_VALUE',
  Name: 'STRING_VALUE',
  PreferredInstanceType: 'STRING_VALUE'
};
route53resolver.updateOutpostResolver(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Id — (String)

      A unique string that identifies Resolver on an Outpost.

    • Name — (String)

      Name of the Resolver on the Outpost.

    • InstanceCount — (Integer)

      The Amazon EC2 instance count for a Resolver on the Outpost.

    • PreferredInstanceType — (String)

      Amazon EC2 instance type.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • OutpostResolver — (map)

        The response to an UpdateOutpostResolver request.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver on an Outpost.

        • CreationTime — (String)

          The date and time that the Outpost Resolver was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the Outpost Resolver was modified, in Unix time format and Coordinated Universal Time (UTC).

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • Id — (String)

          The ID of the Resolver on Outpost.

        • InstanceCount — (Integer)

          Amazon EC2 instance count for the Resolver on the Outpost.

        • PreferredInstanceType — (String)

          The Amazon EC2 instance type.

        • Name — (String)

          Name of the Resolver.

        • Status — (String)

          Status of the Resolver.

          Possible values include:
          • "CREATING"
          • "OPERATIONAL"
          • "UPDATING"
          • "DELETING"
          • "ACTION_NEEDED"
          • "FAILED_CREATION"
          • "FAILED_DELETION"
        • StatusMessage — (String)

          A detailed description of the Resolver.

        • OutpostArn — (String)

          The ARN (Amazon Resource Name) for the Outpost.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateResolverConfig(params = {}, callback) ⇒ AWS.Request

Updates the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud.

Service Reference:

Examples:

Calling the updateResolverConfig operation

var params = {
  AutodefinedReverseFlag: ENABLE | DISABLE | USE_LOCAL_RESOURCE_SETTING, /* required */
  ResourceId: 'STRING_VALUE' /* required */
};
route53resolver.updateResolverConfig(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResourceId — (String)

      Resource ID of the Amazon VPC that you want to update the Resolver configuration for.

    • AutodefinedReverseFlag — (String)

      Indicates whether or not the Resolver will create autodefined rules for reverse DNS lookups. This is enabled by default. Disabling this option will also affect EC2-Classic instances using ClassicLink. For more information, see ClassicLink in the Amazon EC2 guide.

      We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon EC2 guide and the blog EC2-Classic Networking is Retiring – Here’s How to Prepare.

      Note: It can take some time for the status change to be completed.

      Possible values include:

      • "ENABLE"
      • "DISABLE"
      • "USE_LOCAL_RESOURCE_SETTING"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverConfig — (map)

        An array that contains settings for the specified Resolver configuration.

        • Id — (String)

          ID for the Resolver configuration.

        • ResourceId — (String)

          The ID of the Amazon Virtual Private Cloud VPC that you're configuring Resolver for.

        • OwnerId — (String)

          The owner account ID of the Amazon Virtual Private Cloud VPC.

        • AutodefinedReverse — (String)

          The status of whether or not the Resolver will create autodefined rules for reverse DNS lookups. This is enabled by default. The status can be one of following:

          • ENABLING: Autodefined rules for reverse DNS lookups are being enabled but are not complete.

          • ENABLED: Autodefined rules for reverse DNS lookups are enabled.

          • DISABLING: Autodefined rules for reverse DNS lookups are being disabled but are not complete.

          • DISABLED: Autodefined rules for reverse DNS lookups are disabled.

          Possible values include:
          • "ENABLING"
          • "ENABLED"
          • "DISABLING"
          • "DISABLED"
          • "UPDATING_TO_USE_LOCAL_RESOURCE_SETTING"
          • "USE_LOCAL_RESOURCE_SETTING"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateResolverDnssecConfig(params = {}, callback) ⇒ AWS.Request

Updates an existing DNSSEC validation configuration. If there is no existing DNSSEC validation configuration, one is created.

Service Reference:

Examples:

Calling the updateResolverDnssecConfig operation

var params = {
  ResourceId: 'STRING_VALUE', /* required */
  Validation: ENABLE | DISABLE | USE_LOCAL_RESOURCE_SETTING /* required */
};
route53resolver.updateResolverDnssecConfig(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResourceId — (String)

      The ID of the virtual private cloud (VPC) that you're updating the DNSSEC validation status for.

    • Validation — (String)

      The new value that you are specifying for DNSSEC validation for the VPC. The value can be ENABLE or DISABLE. Be aware that it can take time for a validation status change to be completed.

      Possible values include:
      • "ENABLE"
      • "DISABLE"
      • "USE_LOCAL_RESOURCE_SETTING"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverDNSSECConfig — (map)

        A complex type that contains settings for the specified DNSSEC configuration.

        • Id — (String)

          The ID for a configuration for DNSSEC validation.

        • OwnerId — (String)

          The owner account ID of the virtual private cloud (VPC) for a configuration for DNSSEC validation.

        • ResourceId — (String)

          The ID of the virtual private cloud (VPC) that you're configuring the DNSSEC validation status for.

        • ValidationStatus — (String)

          The validation status for a DNSSEC configuration. The status can be one of the following:

          • ENABLING: DNSSEC validation is being enabled but is not complete.

          • ENABLED: DNSSEC validation is enabled.

          • DISABLING: DNSSEC validation is being disabled but is not complete.

          • DISABLED DNSSEC validation is disabled.

          Possible values include:
          • "ENABLING"
          • "ENABLED"
          • "DISABLING"
          • "DISABLED"
          • "UPDATING_TO_USE_LOCAL_RESOURCE_SETTING"
          • "USE_LOCAL_RESOURCE_SETTING"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateResolverEndpoint(params = {}, callback) ⇒ AWS.Request

Updates the name, or endpoint type for an inbound or an outbound Resolver endpoint. You can only update between IPV4 and DUALSTACK, IPV6 endpoint type can't be updated to other type.

Service Reference:

Examples:

Calling the updateResolverEndpoint operation

var params = {
  ResolverEndpointId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE',
  Protocols: [
    DoH | Do53 | DoH-FIPS,
    /* more items */
  ],
  ResolverEndpointType: IPV6 | IPV4 | DUALSTACK,
  UpdateIpAddresses: [
    {
      IpId: 'STRING_VALUE', /* required */
      Ipv6: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
route53resolver.updateResolverEndpoint(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverEndpointId — (String)

      The ID of the Resolver endpoint that you want to update.

    • Name — (String)

      The name of the Resolver endpoint that you want to update.

    • ResolverEndpointType — (String)

      Specifies the endpoint type for what type of IP address the endpoint uses to forward DNS queries.

      Updating to IPV6 type isn't currently supported.

      Possible values include:
      • "IPV6"
      • "IPV4"
      • "DUALSTACK"
    • UpdateIpAddresses — (Array<map>)

      Specifies the IPv6 address when you update the Resolver endpoint from IPv4 to dual-stack. If you don't specify an IPv6 address, one will be automatically chosen from your subnet.

      • IpIdrequired — (String)

        The ID of the IP address, specified by the ResolverEndpointId.

      • Ipv6required — (String)

        The IPv6 address that you want to use for DNS queries.

    • Protocols — (Array<String>)

      The protocols you want to use for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

      For an inbound endpoint you can apply the protocols as follows:

      • Do53 and DoH in combination.

      • Do53 and DoH-FIPS in combination.

      • Do53 alone.

      • DoH alone.

      • DoH-FIPS alone.

      • None, which is treated as Do53.

      For an outbound endpoint you can apply the protocols as follows:

      • Do53 and DoH in combination.

      • Do53 alone.

      • DoH alone.

      • None, which is treated as Do53.

      You can't change the protocol of an inbound endpoint directly from only Do53 to only DoH, or DoH-FIPS. This is to prevent a sudden disruption to incoming traffic that relies on Do53. To change the protocol from Do53 to DoH, or DoH-FIPS, you must first enable both Do53 and DoH, or Do53 and DoH-FIPS, to make sure that all incoming traffic has transferred to using the DoH protocol, or DoH-FIPS, and then remove the Do53.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverEndpoint — (map)

        The response to an UpdateResolverEndpoint request.

        • Id — (String)

          The ID of the Resolver endpoint.

        • CreatorRequestId — (String)

          A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver endpoint.

        • Name — (String)

          The name that you assigned to the Resolver endpoint when you submitted a CreateResolverEndpoint request.

        • SecurityGroupIds — (Array<String>)

          The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

        • Direction — (String)

          Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:

          • INBOUND: allows DNS queries to your VPC from your network

          • OUTBOUND: allows DNS queries from your VPC to your network

          Possible values include:
          • "INBOUND"
          • "OUTBOUND"
        • IpAddressCount — (Integer)

          The number of IP addresses that the Resolver endpoint can use for DNS queries.

        • HostVPCId — (String)

          The ID of the VPC that you want to create the Resolver endpoint in.

        • Status — (String)

          A code that specifies the current status of the Resolver endpoint. Valid values include the following:

          • CREATING: Resolver is creating and configuring one or more Amazon VPC network interfaces for this endpoint.

          • OPERATIONAL: The Amazon VPC network interfaces for this endpoint are correctly configured and able to pass inbound or outbound DNS queries between your network and Resolver.

          • UPDATING: Resolver is associating or disassociating one or more network interfaces with this endpoint.

          • AUTO_RECOVERING: Resolver is trying to recover one or more of the network interfaces that are associated with this endpoint. During the recovery process, the endpoint functions with limited capacity because of the limit on the number of DNS queries per IP address (per network interface). For the current limit, see Limits on Route 53 Resolver.

          • ACTION_NEEDED: This endpoint is unhealthy, and Resolver can't automatically recover it. To resolve the problem, we recommend that you check each IP address that you associated with the endpoint. For each IP address that isn't available, add another IP address and then delete the IP address that isn't available. (An endpoint must always include at least two IP addresses.) A status of ACTION_NEEDED can have a variety of causes. Here are two common causes:

            • One or more of the network interfaces that are associated with the endpoint were deleted using Amazon VPC.

            • The network interface couldn't be created for some reason that's outside the control of Resolver.

          • DELETING: Resolver is deleting this endpoint and the associated network interfaces.

          Possible values include:
          • "CREATING"
          • "OPERATIONAL"
          • "UPDATING"
          • "AUTO_RECOVERING"
          • "ACTION_NEEDED"
          • "DELETING"
        • StatusMessage — (String)

          A detailed description of the status of the Resolver endpoint.

        • CreationTime — (String)

          The date and time that the endpoint was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the endpoint was last modified, in Unix time format and Coordinated Universal Time (UTC).

        • OutpostArn — (String)

          The ARN (Amazon Resource Name) for the Outpost.

        • PreferredInstanceType — (String)

          The Amazon EC2 instance type.

        • ResolverEndpointType — (String)

          The Resolver endpoint IP address type.

          Possible values include:
          • "IPV6"
          • "IPV4"
          • "DUALSTACK"
        • Protocols — (Array<String>)

          Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

          For an inbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 and DoH-FIPS in combination.

          • Do53 alone.

          • DoH alone.

          • DoH-FIPS alone.

          • None, which is treated as Do53.

          For an outbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 alone.

          • DoH alone.

          • None, which is treated as Do53.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateResolverRule(params = {}, callback) ⇒ AWS.Request

Updates settings for a specified Resolver rule. ResolverRuleId is required, and all other parameters are optional. If you don't specify a parameter, it retains its current value.

Service Reference:

Examples:

Calling the updateResolverRule operation

var params = {
  Config: { /* required */
    Name: 'STRING_VALUE',
    ResolverEndpointId: 'STRING_VALUE',
    TargetIps: [
      {
        Ip: 'STRING_VALUE',
        Ipv6: 'STRING_VALUE',
        Port: 'NUMBER_VALUE',
        Protocol: DoH | Do53 | DoH-FIPS
      },
      /* more items */
    ]
  },
  ResolverRuleId: 'STRING_VALUE' /* required */
};
route53resolver.updateResolverRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ResolverRuleId — (String)

      The ID of the Resolver rule that you want to update.

    • Config — (map)

      The new settings for the Resolver rule.

      • Name — (String)

        The new name for the Resolver rule. The name that you specify appears in the Resolver dashboard in the Route 53 console.

      • TargetIps — (Array<map>)

        For DNS queries that originate in your VPC, the new IP addresses that you want to route outbound DNS queries to.

        • Ip — (String)

          One IPv4 address that you want to forward DNS queries to.

        • Port — (Integer)

          The port at Ip that you want to forward DNS queries to.

        • Ipv6 — (String)

          One IPv6 address that you want to forward DNS queries to.

        • Protocol — (String)

          The protocols for the Resolver endpoints. DoH-FIPS is applicable for inbound endpoints only.

          For an inbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 and DoH-FIPS in combination.

          • Do53 alone.

          • DoH alone.

          • DoH-FIPS alone.

          • None, which is treated as Do53.

          For an outbound endpoint you can apply the protocols as follows:

          • Do53 and DoH in combination.

          • Do53 alone.

          • DoH alone.

          • None, which is treated as Do53.

          Possible values include:
          • "DoH"
          • "Do53"
          • "DoH-FIPS"
      • ResolverEndpointId — (String)

        The ID of the new outbound Resolver endpoint that you want to use to route DNS queries to the IP addresses that you specify in TargetIps.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ResolverRule — (map)

        The response to an UpdateResolverRule request.

        • Id — (String)

          The ID that Resolver assigned to the Resolver rule when you created it.

        • CreatorRequestId — (String)

          A unique string that you specified when you created the Resolver rule. CreatorRequestId identifies the request and allows failed requests to be retried without the risk of running the operation twice.

        • Arn — (String)

          The ARN (Amazon Resource Name) for the Resolver rule specified by Id.

        • DomainName — (String)

          DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps. If a query matches multiple Resolver rules (example.com and www.example.com), the query is routed using the Resolver rule that contains the most specific domain name (www.example.com).

        • Status — (String)

          A code that specifies the current status of the Resolver rule.

          Possible values include:
          • "COMPLETE"
          • "DELETING"
          • "UPDATING"
          • "FAILED"
        • StatusMessage — (String)

          A detailed description of the status of a Resolver rule.

        • RuleType — (String)

          When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD.

          When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.

          For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType.

          Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType.

          Possible values include:
          • "FORWARD"
          • "SYSTEM"
          • "RECURSIVE"
        • Name — (String)

          The name for the Resolver rule, which you specified when you created the Resolver rule.

        • TargetIps — (Array<map>)

          An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network.

          • Ip — (String)

            One IPv4 address that you want to forward DNS queries to.

          • Port — (Integer)

            The port at Ip that you want to forward DNS queries to.

          • Ipv6 — (String)

            One IPv6 address that you want to forward DNS queries to.

          • Protocol — (String)

            The protocols for the Resolver endpoints. DoH-FIPS is applicable for inbound endpoints only.

            For an inbound endpoint you can apply the protocols as follows:

            • Do53 and DoH in combination.

            • Do53 and DoH-FIPS in combination.

            • Do53 alone.

            • DoH alone.

            • DoH-FIPS alone.

            • None, which is treated as Do53.

            For an outbound endpoint you can apply the protocols as follows:

            • Do53 and DoH in combination.

            • Do53 alone.

            • DoH alone.

            • None, which is treated as Do53.

            Possible values include:
            • "DoH"
            • "Do53"
            • "DoH-FIPS"
        • ResolverEndpointId — (String)

          The ID of the endpoint that the rule is associated with.

        • OwnerId — (String)

          When a rule is shared with another Amazon Web Services account, the account ID of the account that the rule is shared with.

        • ShareStatus — (String)

          Whether the rule is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account.

          Possible values include:
          • "NOT_SHARED"
          • "SHARED_WITH_ME"
          • "SHARED_BY_ME"
        • CreationTime — (String)

          The date and time that the Resolver rule was created, in Unix time format and Coordinated Universal Time (UTC).

        • ModificationTime — (String)

          The date and time that the Resolver rule was last updated, in Unix time format and Coordinated Universal Time (UTC).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.