NetworkConfig / CentralNetworkServicesConfig / ResolverConfig / DnsQueryLogsConfig

Route 53 Resolver DNS query logging configuration. Use this configuration to define a centralized query logging configuration that can be associated with VPCs in your environment. You can use this configuration to log queries that originate from your VPCs, queries to your inbound and outbound resolver endpoints, and queries that use Route 53 Resolver DNS firewall to allow, block, or monitor domain lists.

The following example creates a query logging configuration that logs to both S3 and a CloudWatch Logs log group. It is shared with the entire organization.

Example

name: accelerator-query-logs
destinations:
- s3
- cloud-watch-logs
shareTargets:
organizationalUnits:
- Root

Hierarchy

  • DnsQueryLogsConfig

Implements

Constructors

Properties

destinations: ("s3" | "cloud-watch-logs")[] = ...

An array of destination services used to store the logs.

excludedRegions: undefined | string[] = undefined
name: string = ''

The friendly name of the query logging config.

Remarks

CAUTION: Changing this property value after initial deployment causes the configuration to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

shareTargets: undefined | ShareTargets = undefined

Resource Access Manager (RAM) share targets.

Remarks

Targets can be account names and/or organizational units. Targets must include the account(s)/OU(s) of any VPCs that the logging configuration will be associated with. You do not need to target the delegated admin account.

See

ShareTargets

Generated using TypeDoc