AWS::Route53Resolver::ResolverRule - AWS CloudFormation (original) (raw)
For DNS queries that originate in your VPCs, specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"Type" : "AWS::Route53Resolver::ResolverRule",
"Properties" : {
"DomainName" : String,
"Name" : String,
"ResolverEndpointId" : String,
"RuleType" : String,
"Tags" : [ Tag, ... ],
"TargetIps" : [ TargetAddress, ... ]
}
}
YAML
Type: AWS::Route53Resolver::ResolverRule
Properties:
DomainName: String
Name: String
ResolverEndpointId: String
RuleType: String
Tags:
- Tag
TargetIps:
- TargetAddress
Properties
DomainName
DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps. If a query matches multiple Resolver rules (example.com and www.example.com), the query is routed using the Resolver rule that contains the most specific domain name (www.example.com).
Required: No
Type: String
Minimum: 1
Maximum: 256
Update requires: Some interruptions
Name
The name for the Resolver rule, which you specified when you created the Resolver rule.
Required: No
Type: String
Minimum: 0
Maximum: 64
Update requires: No interruption
ResolverEndpointId
The ID of the endpoint that the rule is associated with.
Required: No
Type: String
Minimum: 1
Maximum: 64
Update requires: No interruption
RuleType
When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD.
When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.
For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType.
Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType.
Required: Yes
Type: String
Allowed values: FORWARD | SYSTEM | RECURSIVE | DELEGATE
Update requires: Replacement
Tags
Tags help organize and categorize your Resolver rules. Each tag consists of a key and an optional value, both of which you define.
Required: No
Type: Array of Tag
Maximum: 200
Update requires: No interruption
TargetIps
An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network.
Required: No
Type: Array of TargetAddress
Minimum: 1
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ResolverRule object, which contains detailed information about the rule.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
Arn
The Amazon Resource Name (ARN) of the resolver rule, such as arn:aws:route53resolver:us-east-1:123456789012:resolver-rule/resolver-rule-a1bzhi.
DomainName
DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps. If a query matches multiple resolver rules (example.com and www.example.com), the query is routed using the resolver rule that contains the most specific domain name (www.example.com).
Name
A friendly name that lets you easily find a rule in the Resolver dashboard in the Route 53 console.
ResolverEndpointId
The ID of the outbound endpoint that the rule is associated with, such as rslvr-out-fdc049932dexample.
ResolverRuleId
When the value of RuleType is FORWARD, the ID that Resolver assigned to the resolver rule when you created it, such as rslvr-rr-5328a0899aexample. This value isn't applicable when RuleType is SYSTEM.
TargetIps
When the value of RuleType is FORWARD, the IP addresses that the outbound endpoint forwards DNS queries to, typically the IP addresses for DNS resolvers on your network. This value isn't applicable when RuleType is SYSTEM.
Examples
Create Resolver rule
The following example creates an Amazon Route 53 outbound resolver rule.
JSON
{
"Type" : "AWS::Route53Resolver::ResolverRule",
"Properties" : {
"DomainName" : "example.com",
"Name" : "MyRule",
"ResolverEndpointId" : "rslvr-out-fdc049932dexample",
"RuleType" : "FORWARD",
"Tags" : [
{
"Key": "LineOfBusiness",
"Value": "Engineering"
}
],
"TargetIps" : [
{
"Ip" : "192.0.2.6",
"Port" : "53"
},
{
"Ip" : "192.0.2.99",
"Port" : "53"
}
]
}
}YAML
Type: AWS::Route53Resolver::ResolverRule
Properties:
DomainName: example.com
Name: MyRule
ResolverEndpointId: rslvr-out-fdc049932dexample
RuleType: FORWARD
Tags:
-
Key: LineOfBusiness
Value: Engineering
TargetIps:
-
Ip: 192.0.2.6
Port: 53
-
Ip: 192.0.2.99
Port: 53See also
- ResolverRule in the Amazon Route 53 API Reference