NetworkConfig / CentralNetworkServicesConfig / ResolverConfig / DnsFirewallRuleGroupConfig

Route 53 DNS firewall rule group configuration. Use this configuration to define a group of rules for your DNS firewall. Rule groups contain one to many rules that can be associated with VPCs in your environment. These rules allow you to define the behavior of your DNS firewall.

The following example creates a rule group that contains one rule entry. The rule blocks a list of custom domains contained in a file in the accelerator configuration repository. The rule group is shared to the entire organization.

Example

- name: accelerator-rule-group
regions:
- us-east-1
rules:
- name: accelerator-dns-rule
action: BLOCK
priority: 100
blockResponse: NXDOMAIN
customDomainList: path/to/domains.txt
shareTargets:
organizationalUnits:
- Root
tags: []

Hierarchy

  • DnsFirewallRuleGroupConfig

Implements

Constructors

Properties

Constructors

Properties

name: string = ''

A friendly name for the DNS firewall rule group.

Remarks

CAUTION: Changing this property value after initial deployment causes the configuration to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

regions: string[] = ...

The regions to deploy the rule group to.

See

Region

An array of DNS firewall rule configurations.

See

DnsFirewallRulesConfig

shareTargets: undefined | ShareTargets = undefined

(OPTIONAL) Resource Access Manager (RAM) share targets.

Remarks

Targets can be account names and/or organizational units. Targets must include the account(s)/OU(s) of any VPCs that the logging configuration will be associated with. You do not need to target the delegated admin account.

See

ShareTargets

tags: undefined | Tag[] = undefined

An array of tags for the rule group.

Generated using TypeDoc