@pulumi/aws
Version:
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
220 lines (219 loc) • 10.2 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* Provides a Route 53 Resolver DNS Firewall rule resource.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.route53.ResolverFirewallDomainList("example", {
* name: "example",
* domains: ["example.com"],
* tags: {},
* });
* const exampleResolverFirewallRuleGroup = new aws.route53.ResolverFirewallRuleGroup("example", {
* name: "example",
* tags: {},
* });
* const exampleResolverFirewallRule = new aws.route53.ResolverFirewallRule("example", {
* name: "example",
* action: "BLOCK",
* blockOverrideDnsType: "CNAME",
* blockOverrideDomain: "example.com",
* blockOverrideTtl: 1,
* blockResponse: "OVERRIDE",
* firewallDomainListId: example.id,
* firewallRuleGroupId: exampleResolverFirewallRuleGroup.id,
* priority: 100,
* });
* ```
*
* ## Import
*
* Using `pulumi import`, import Route 53 Resolver DNS Firewall rules using the Route 53 Resolver DNS Firewall rule group ID and domain list ID separated by ':'. For example:
*
* ```sh
* $ pulumi import aws:route53/resolverFirewallRule:ResolverFirewallRule example rslvr-frg-0123456789abcdef:rslvr-fdl-0123456789abcdef
* ```
*/
export declare class ResolverFirewallRule extends pulumi.CustomResource {
/**
* Get an existing ResolverFirewallRule resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ResolverFirewallRuleState, opts?: pulumi.CustomResourceOptions): ResolverFirewallRule;
/**
* Returns true if the given object is an instance of ResolverFirewallRule. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is ResolverFirewallRule;
/**
* The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: `ALLOW`, `BLOCK`, `ALERT`.
*/
readonly action: pulumi.Output<string>;
/**
* The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: `CNAME`.
*/
readonly blockOverrideDnsType: pulumi.Output<string | undefined>;
/**
* The custom DNS record to send back in response to the query.
*/
readonly blockOverrideDomain: pulumi.Output<string | undefined>;
/**
* The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
*/
readonly blockOverrideTtl: pulumi.Output<number | undefined>;
/**
* The way that you want DNS Firewall to block the request. Valid values: `NODATA`, `NXDOMAIN`, `OVERRIDE`.
*/
readonly blockResponse: pulumi.Output<string | undefined>;
/**
* The ID of the domain list that you want to use in the rule.
*/
readonly firewallDomainListId: pulumi.Output<string>;
/**
* Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are `INSPECT_REDIRECTION_DOMAIN` and `TRUST_REDIRECTION_DOMAIN`. Default value is `INSPECT_REDIRECTION_DOMAIN`.
*/
readonly firewallDomainRedirectionAction: pulumi.Output<string | undefined>;
/**
* The unique identifier of the firewall rule group where you want to create the rule.
*/
readonly firewallRuleGroupId: pulumi.Output<string>;
/**
* A name that lets you identify the rule, to manage and use it.
*/
readonly name: pulumi.Output<string>;
/**
* The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
*/
readonly priority: pulumi.Output<number>;
/**
* The query type you want the rule to evaluate. Additional details can be found [here](https://en.wikipedia.org/wiki/List_of_DNS_record_types)
*/
readonly qType: pulumi.Output<string | undefined>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
readonly region: pulumi.Output<string>;
/**
* Create a ResolverFirewallRule resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: ResolverFirewallRuleArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering ResolverFirewallRule resources.
*/
export interface ResolverFirewallRuleState {
/**
* The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: `ALLOW`, `BLOCK`, `ALERT`.
*/
action?: pulumi.Input<string>;
/**
* The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: `CNAME`.
*/
blockOverrideDnsType?: pulumi.Input<string>;
/**
* The custom DNS record to send back in response to the query.
*/
blockOverrideDomain?: pulumi.Input<string>;
/**
* The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
*/
blockOverrideTtl?: pulumi.Input<number>;
/**
* The way that you want DNS Firewall to block the request. Valid values: `NODATA`, `NXDOMAIN`, `OVERRIDE`.
*/
blockResponse?: pulumi.Input<string>;
/**
* The ID of the domain list that you want to use in the rule.
*/
firewallDomainListId?: pulumi.Input<string>;
/**
* Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are `INSPECT_REDIRECTION_DOMAIN` and `TRUST_REDIRECTION_DOMAIN`. Default value is `INSPECT_REDIRECTION_DOMAIN`.
*/
firewallDomainRedirectionAction?: pulumi.Input<string>;
/**
* The unique identifier of the firewall rule group where you want to create the rule.
*/
firewallRuleGroupId?: pulumi.Input<string>;
/**
* A name that lets you identify the rule, to manage and use it.
*/
name?: pulumi.Input<string>;
/**
* The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
*/
priority?: pulumi.Input<number>;
/**
* The query type you want the rule to evaluate. Additional details can be found [here](https://en.wikipedia.org/wiki/List_of_DNS_record_types)
*/
qType?: pulumi.Input<string>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
region?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a ResolverFirewallRule resource.
*/
export interface ResolverFirewallRuleArgs {
/**
* The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: `ALLOW`, `BLOCK`, `ALERT`.
*/
action: pulumi.Input<string>;
/**
* The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: `CNAME`.
*/
blockOverrideDnsType?: pulumi.Input<string>;
/**
* The custom DNS record to send back in response to the query.
*/
blockOverrideDomain?: pulumi.Input<string>;
/**
* The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.
*/
blockOverrideTtl?: pulumi.Input<number>;
/**
* The way that you want DNS Firewall to block the request. Valid values: `NODATA`, `NXDOMAIN`, `OVERRIDE`.
*/
blockResponse?: pulumi.Input<string>;
/**
* The ID of the domain list that you want to use in the rule.
*/
firewallDomainListId: pulumi.Input<string>;
/**
* Evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. Valid values are `INSPECT_REDIRECTION_DOMAIN` and `TRUST_REDIRECTION_DOMAIN`. Default value is `INSPECT_REDIRECTION_DOMAIN`.
*/
firewallDomainRedirectionAction?: pulumi.Input<string>;
/**
* The unique identifier of the firewall rule group where you want to create the rule.
*/
firewallRuleGroupId: pulumi.Input<string>;
/**
* A name that lets you identify the rule, to manage and use it.
*/
name?: pulumi.Input<string>;
/**
* The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
*/
priority: pulumi.Input<number>;
/**
* The query type you want the rule to evaluate. Additional details can be found [here](https://en.wikipedia.org/wiki/List_of_DNS_record_types)
*/
qType?: pulumi.Input<string>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
region?: pulumi.Input<string>;
}