NetworkConfig / CentralNetworkServicesConfig / ResolverConfig / (ResolverEndpointConfig) / ResolverRuleConfig

Route 53 resolver rule configuration. Use this configuration to define resolver SYSTEM and FORWARD rules for your resolver. If you want Resolver to forward queries for specified domain names to your network, you create one forwarding rule for each domain name and specify the name of the domain for which you want to forward queries.

Remarks

FORWARD rules should be defined under an OUTBOUND ResolverEndpointConfig. SYSTEM rules should be defined directly under ResolverConfig.

The following example creates a forwarding rule for example.com that is shared with the entire organization. This rule targets an example on-prem IP address of 1.1.1.1.

Example

- name: accelerator-rule
domainName: example.com
ruleType: FORWARD
shareTargets:
organizationalUnits:
- Root
targetIps:
- ip: 1.1.1.1
tags: []

Hierarchy

  • ResolverRuleConfig

Implements

Constructors

Properties

domainName: string = ''

The domain name for the resolver rule.

Remarks

CAUTION: Changing this property value after initial deployment may cause some interruptions to your network traffic.

excludedRegions: undefined | string[] = undefined

(OPTIONAL) Regions to exclude from SYSTEM rule deployment.

Remarks

Only define this property if creating a SYSTEM rule type. This does not apply to rules of type FORWARD.

inboundEndpointTarget: undefined | string = undefined

(OPTIONAL) The friendly name of an inbound endpoint to target.

Remarks

This is the logical name property of an INBOUND endpoint as defined in network-config.yaml.

Use this property to define resolver rules for resolving DNS records across subdomains hosted within the accelerator environment. This creates a FORWARD rule that targets the IP addresses of an INBOUND endpoint.

See

ResolverEndpointConfig

name: string = ''

A friendly name for the resolver rule.

Remarks

CAUTION: Changing this property value after initial deployment causes the rule to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

ruleType: undefined | "SYSTEM" | "FORWARD" | "RECURSIVE" = 'FORWARD'

(OPTIONAL) The type of rule to create.

Remarks

CAUTION: Changing this property value after initial deployment causes the rule to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD.

When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.

Currently, only the Resolver service can create rules that have a value of RECURSIVE for ruleType. Do not use type RECURSIVE. This is reserved for future use.

See

ruleTypeEnum

shareTargets: undefined | ShareTargets = undefined

(OPTIONAL) Resource Access Manager (RAM) share targets.

Remarks

Targets can be account names and/or organizational units. Targets must include the account(s)/OU(s) of any VPCs that the rule will be associated with. You do not need to target the delegated admin account.

See

ShareTargets

tags: undefined | Tag[] = undefined

(OPTIONAL) An array of tags for the resolver rule.

targetIps: undefined | {
    ip: string;
    port: undefined | string;
}[] = undefined

(OPTIONAL) An array of target IP configurations for the resolver rule.

Remarks

Use this property to define target IP addresses/ports to forward DNS queries to. Only define a port if the DNS server is using a non-standard port (i.e. any port other than port 53).

See

ruleTargetIps

Generated using TypeDoc