Skip to content

Resource: awsRoute53ResolverFirewallRuleGroupAssociation

Provides a Route 53 Resolver DNS Firewall rule group association resource.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsRoute53ResolverFirewallRuleGroupExample =
  new aws.route53ResolverFirewallRuleGroup.Route53ResolverFirewallRuleGroup(
    this,
    "example",
    {
      name: "example",
    }
  );
const awsRoute53ResolverFirewallRuleGroupAssociationExample =
  new aws.route53ResolverFirewallRuleGroupAssociation.Route53ResolverFirewallRuleGroupAssociation(
    this,
    "example_1",
    {
      firewallRuleGroupId: awsRoute53ResolverFirewallRuleGroupExample.id,
      name: "example",
      priority: 100,
      vpcId: "${aws_vpc.example.id}",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsRoute53ResolverFirewallRuleGroupAssociationExample.overrideLogicalId(
  "example"
);

Argument Reference

The following argument is supported:

  • name - (Required) A name that lets you identify the rule group association, to manage and use it.
  • firewallRuleGroupId - (Required) The unique identifier of the firewall rule group.
  • mutationProtection - (Optional) If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections. Valid values: enabled, disabled.
  • priority - (Required) The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting.
  • vpcId - (Required) The unique identifier of the VPC that you want to associate with the rule group.
  • tags - (Optional) Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - The ARN (Amazon Resource Name) of the firewall rule group association.
  • id - The identifier for the association.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

Route 53 Resolver DNS Firewall rule group associations can be imported using the Route 53 Resolver DNS Firewall rule group association ID, e.g.,

$ terraform import aws_route53_resolver_firewall_rule_group_association.example rslvr-frgassoc-0123456789abcdef