Resource: awsRoute53ResolverFirewallConfig
Provides a Route 53 Resolver DNS Firewall config resource.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcExample = new aws.vpc.Vpc(this, "example", {
cidrBlock: "10.0.0.0/16",
enableDnsHostnames: true,
enableDnsSupport: true,
});
const awsRoute53ResolverFirewallConfigExample =
new aws.route53ResolverFirewallConfig.Route53ResolverFirewallConfig(
this,
"example_1",
{
firewallFailOpen: "ENABLED",
resourceId: awsVpcExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsRoute53ResolverFirewallConfigExample.overrideLogicalId("example");
Argument Reference
The following argument is supported:
resourceId- (Required) The ID of the VPC that the configuration is for.firewallFailOpen- (Required) Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly. If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them. Valid values:enabled,disabled.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id- The ID of the firewall configuration.ownerId- The AWS account ID of the owner of the VPC that this firewall configuration applies to.
Import
Route 53 Resolver DNS Firewall configs can be imported using the Route 53 Resolver DNS Firewall config ID, e.g.,