Interface IDnsFirewallRuleGroupConfig

NetworkConfig / CentralNetworkServicesConfig / ResolverConfig / DnsFirewallRuleGroupConfig

Route 53 DNS firewall rule group configuration.

Description

Use this configuration to define a group of rules for your DNS firewall. Rule groups contain one to many rules that can be associated with VPCs in your environment. These rules allow you to define the behavior of your DNS firewall.

The following example creates a rule group that contains one rule entry. The rule blocks a list of custom domains contained in a file in the accelerator configuration repository. The rule group is shared to the entire organization.

Example

- name: accelerator-rule-group
  regions:
    - us-east-1
  rules:
    - name: accelerator-dns-rule
      action: BLOCK
      priority: 100
      blockResponse: NXDOMAIN
      customDomainList: path/to/domains.txt
  shareTargets:
    organizationalUnits:
      - Root
  tags: []
interface IDnsFirewallRuleGroupConfig {
    name: string;
    regions: (
        | "af-south-1"
        | "ap-east-1"
        | "ap-northeast-1"
        | "ap-northeast-2"
        | "ap-northeast-3"
        | "ap-south-1"
        | "ap-south-2"
        | "ap-southeast-1"
        | "ap-southeast-2"
        | "ap-southeast-3"
        | "ap-southeast-4"
        | "ap-southeast-5"
        | "ca-central-1"
        | "ca-west-1"
        | "cn-north-1"
        | "cn-northwest-1"
        | "eu-central-1"
        | "eu-central-2"
        | "eu-north-1"
        | "eu-south-1"
        | "eu-south-2"
        | "eu-west-1"
        | "eu-west-2"
        | "eu-west-3"
        | "eu-isoe-west-1"
        | "il-central-1"
        | "me-central-1"
        | "me-south-1"
        | "mx-central-1"
        | "sa-east-1"
        | "us-east-1"
        | "us-east-2"
        | "us-gov-west-1"
        | "us-gov-east-1"
        | "us-iso-east-1"
        | "us-isob-east-1"
        | "us-iso-west-1"
        | "us-isof-south-1"
        | "us-isof-east-1"
        | "us-west-1"
        | "us-west-2")[];
    rules: IDnsFirewallRulesConfig[];
    shareTargets?: IShareTargets;
    tags?: ITag[];
}

Properties

name regions rules shareTargets? tags?

Properties

Readonlyname

name: string

A friendly name for the DNS firewall rule group.

Remarks

CAUTION: Changing this property value after initial deployment causes the configuration to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Readonlyregions

regions: (
    | "af-south-1"
    | "ap-east-1"
    | "ap-northeast-1"
    | "ap-northeast-2"
    | "ap-northeast-3"
    | "ap-south-1"
    | "ap-south-2"
    | "ap-southeast-1"
    | "ap-southeast-2"
    | "ap-southeast-3"
    | "ap-southeast-4"
    | "ap-southeast-5"
    | "ca-central-1"
    | "ca-west-1"
    | "cn-north-1"
    | "cn-northwest-1"
    | "eu-central-1"
    | "eu-central-2"
    | "eu-north-1"
    | "eu-south-1"
    | "eu-south-2"
    | "eu-west-1"
    | "eu-west-2"
    | "eu-west-3"
    | "eu-isoe-west-1"
    | "il-central-1"
    | "me-central-1"
    | "me-south-1"
    | "mx-central-1"
    | "sa-east-1"
    | "us-east-1"
    | "us-east-2"
    | "us-gov-west-1"
    | "us-gov-east-1"
    | "us-iso-east-1"
    | "us-isob-east-1"
    | "us-iso-west-1"
    | "us-isof-south-1"
    | "us-isof-east-1"
    | "us-west-1"
    | "us-west-2")[]

The regions to deploy the rule group to.

See

Region

Readonlyrules

rules: IDnsFirewallRulesConfig[]

An array of DNS firewall rule configurations.

See

DnsFirewallRulesConfig

Optional ReadonlyshareTargets

shareTargets?: IShareTargets

(OPTIONAL) Resource Access Manager (RAM) share targets.

Remarks

Targets can be account names and/or organizational units. Targets must include the account(s)/OU(s) of any VPCs that the logging configuration will be associated with. You do not need to target the delegated admin account.

See

ShareTargets

Optional Readonlytags

tags?: ITag[]

An array of tags for the rule group.

Settings

Member Visibility

On This Page

Properties