Interface IResolverRuleConfig

NetworkConfig / CentralNetworkServicesConfig / ResolverConfig / (ResolverEndpointConfig) / ResolverRuleConfig

Route 53 resolver rule configuration.

Description

Use this configuration to define resolver SYSTEM and FORWARD rules for your resolver. If you want Resolver to forward queries for specified domain names to your network, you create one forwarding rule for each domain name and specify the name of the domain for which you want to forward queries.

Remarks

FORWARD rules should be defined under an OUTBOUND ResolverEndpointConfig. SYSTEM rules should be defined directly under ResolverConfig.

The following example creates a forwarding rule for example.com that is shared with the entire organization. This rule targets an example on-prem IP address of 1.1.1.1.

Example

- name: accelerator-rule
  domainName: example.com
  ruleType: FORWARD
  shareTargets:
    organizationalUnits:
      - Root
  targetIps:
    - ip: 1.1.1.1
  tags: []
interface IResolverRuleConfig {
    domainName: string;
    excludedRegions?: (
        | "af-south-1"
        | "ap-east-1"
        | "ap-northeast-1"
        | "ap-northeast-2"
        | "ap-northeast-3"
        | "ap-south-1"
        | "ap-south-2"
        | "ap-southeast-1"
        | "ap-southeast-2"
        | "ap-southeast-3"
        | "ap-southeast-4"
        | "ap-southeast-5"
        | "ca-central-1"
        | "ca-west-1"
        | "cn-north-1"
        | "cn-northwest-1"
        | "eu-central-1"
        | "eu-central-2"
        | "eu-north-1"
        | "eu-south-1"
        | "eu-south-2"
        | "eu-west-1"
        | "eu-west-2"
        | "eu-west-3"
        | "eu-isoe-west-1"
        | "il-central-1"
        | "me-central-1"
        | "me-south-1"
        | "mx-central-1"
        | "sa-east-1"
        | "us-east-1"
        | "us-east-2"
        | "us-gov-west-1"
        | "us-gov-east-1"
        | "us-iso-east-1"
        | "us-isob-east-1"
        | "us-iso-west-1"
        | "us-isof-south-1"
        | "us-isof-east-1"
        | "us-west-1"
        | "us-west-2")[];
    inboundEndpointTarget?: string;
    name: string;
    ruleType?: RuleType;
    shareTargets?: IShareTargets;
    tags?: ITag[];
    targetIps?: IRuleTargetIps[];
}

Properties

domainName excludedRegions? inboundEndpointTarget? name ruleType? shareTargets? tags? targetIps?

Properties

ReadonlydomainName

domainName: string

The domain name for the resolver rule.

Remarks

CAUTION: Changing this property value after initial deployment may cause some interruptions to your network traffic.

Optional ReadonlyexcludedRegions

excludedRegions?: (
    | "af-south-1"
    | "ap-east-1"
    | "ap-northeast-1"
    | "ap-northeast-2"
    | "ap-northeast-3"
    | "ap-south-1"
    | "ap-south-2"
    | "ap-southeast-1"
    | "ap-southeast-2"
    | "ap-southeast-3"
    | "ap-southeast-4"
    | "ap-southeast-5"
    | "ca-central-1"
    | "ca-west-1"
    | "cn-north-1"
    | "cn-northwest-1"
    | "eu-central-1"
    | "eu-central-2"
    | "eu-north-1"
    | "eu-south-1"
    | "eu-south-2"
    | "eu-west-1"
    | "eu-west-2"
    | "eu-west-3"
    | "eu-isoe-west-1"
    | "il-central-1"
    | "me-central-1"
    | "me-south-1"
    | "mx-central-1"
    | "sa-east-1"
    | "us-east-1"
    | "us-east-2"
    | "us-gov-west-1"
    | "us-gov-east-1"
    | "us-iso-east-1"
    | "us-isob-east-1"
    | "us-iso-west-1"
    | "us-isof-south-1"
    | "us-isof-east-1"
    | "us-west-1"
    | "us-west-2")[]

(OPTIONAL) Regions to exclude from SYSTEM rule deployment.

Remarks

Only define this property if creating a SYSTEM rule type. This does not apply to rules of type FORWARD.

Optional ReadonlyinboundEndpointTarget

inboundEndpointTarget?: string

(OPTIONAL) The friendly name of an inbound endpoint to target.

Remarks

This is the logical name property of an INBOUND endpoint as defined in network-config.yaml.

Use this property to define resolver rules for resolving DNS records across subdomains hosted within the accelerator environment. This creates a FORWARD rule that targets the IP addresses of an INBOUND endpoint.

See

ResolverEndpointConfig

Readonlyname

name: string

A friendly name for the resolver rule.

Remarks

CAUTION: Changing this property value after initial deployment causes the rule to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Optional ReadonlyruleType

ruleType?: RuleType

(OPTIONAL) The type of rule to create.

Remarks

CAUTION: Changing this property value after initial deployment causes the rule to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD.

When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.

Currently, only the Resolver service can create rules that have a value of RECURSIVE for ruleType. Do not use type RECURSIVE. This is reserved for future use.

See

NetworkConfigTypes.ruleTypeEnum

Optional ReadonlyshareTargets

shareTargets?: IShareTargets

(OPTIONAL) Resource Access Manager (RAM) share targets.

Remarks

Targets can be account names and/or organizational units. Targets must include the account(s)/OU(s) of any VPCs that the rule will be associated with. You do not need to target the delegated admin account.

See

ShareTargets

Optional Readonlytags

tags?: ITag[]

(OPTIONAL) An array of tags for the resolver rule.

Optional ReadonlytargetIps

targetIps?: IRuleTargetIps[]

(OPTIONAL) An array of target IP configurations for the resolver rule.

Remarks

Use this property to define target IP addresses/ports to forward DNS queries to. Only define a port if the DNS server is using a non-standard port (i.e. any port other than port 53).

See

NetworkConfigTypes.ruleTargetIps

Settings

Member Visibility

On This Page

Properties