Resource: awsRoute53ResolverFirewallRuleGroupAssociation
Provides a Route 53 Resolver DNS Firewall rule group association resource.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsRoute53ResolverFirewallRuleGroupExample =
new aws.route53ResolverFirewallRuleGroup.Route53ResolverFirewallRuleGroup(
this,
"example",
{
name: "example",
}
);
const awsRoute53ResolverFirewallRuleGroupAssociationExample =
new aws.route53ResolverFirewallRuleGroupAssociation.Route53ResolverFirewallRuleGroupAssociation(
this,
"example_1",
{
firewallRuleGroupId: awsRoute53ResolverFirewallRuleGroupExample.id,
name: "example",
priority: 100,
vpcId: "${aws_vpc.example.id}",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsRoute53ResolverFirewallRuleGroupAssociationExample.overrideLogicalId(
"example"
);
Argument Reference
The following argument is supported:
name
- (Required) A name that lets you identify the rule group association, to manage and use it.firewallRuleGroupId
- (Required) The unique identifier of the firewall rule group.mutationProtection
- (Optional) If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections. Valid values:enabled
,disabled
.priority
- (Required) The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting.vpcId
- (Required) The unique identifier of the VPC that you want to associate with the rule group.tags
- (Optional) Key-value map of resource tags. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn
- The ARN (Amazon Resource Name) of the firewall rule group association.id
- The identifier for the association.tagsAll
- A map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.
Import
Route 53 Resolver DNS Firewall rule group associations can be imported using the Route 53 Resolver DNS Firewall rule group association ID, e.g.,