Readonly
actionReadonly
block(OPTIONAL) Configure an override domain for BLOCK actions. This is a custom DNS record to send back in response to the query.
Only define this property if your are using a blockResponse
of OVERRIDE.
Readonly
block(OPTIONAL) Configure a time-to-live (TTL) for the override domain. This is the recommended amount of time for the DNS resolver or web browser to cache the override record and use it in response to this query, if it is received again. By default, this is zero, and the record isn't cached.
Only define this property if your are using a blockResponse
of OVERRIDE.
Readonly
blockConfigure a specific response type for BLOCK actions. Block response types are defined here: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-actions.html
Readonly
customA file containing a custom domain list in TXT format.
The file must exist in your accelerator configuration repository. The file must contain domain names separated by newlines.
Include only one of customDomainList
or managedDomainList
for each rule definition.
Readonly
managedConfigure a rule that uses an AWS-managed domain list. AWS-managed domain lists are defined here: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.html.
Before using a managed domain list, please ensure that it is available in the region you are deploying it to. Regional availability of managed domain lists is included in the link above.
Include only one of customDomainList
or managedDomainList
for each rule definition.
Readonly
nameA friendly name for the DNS firewall rule.
Readonly
priorityThe priority of the DNS firewall rule.
Rules are evaluated in order from low to high number. Priority values must be unique in each defined rule group.
Generated using TypeDoc
NetworkConfig / CentralNetworkServicesConfig / ResolverConfig / DnsFirewallRuleGroupConfig / DnsFirewallRulesConfig
Route 53 DNS firewall rule configuration. Use this configuration to define individual rules for your DNS firewall. This allows you to define the DNS firewall behavior for your VPCs.
Example
The following example creates a rule that blocks requests from a custom list of domains. The custom domain list path must exist in your accelerator configuration repository.
The following example creates a rule referencing an AWS-managed domain list. The managed domain list must be available in the region you are deploying the rule to.