2025/12/01 - Amazon Route 53 Global Resolver - 47 new api methods
Changes Add SDK for Amazon Route 53 Global Resolver, a fully managed DNS resolver service that offers broad DNS-filtering security controls.
Deletes a firewall domain list. This operation cannot be undone.
See also: AWS API Documentation
Request Syntax
client.delete_firewall_domain_list(
firewallDomainListId='string'
)
string
[REQUIRED]
The unique identifier of the firewall domain list to delete.
dict
Response Syntax
{
'arn': 'string',
'id': 'string',
'name': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING'
}
Response Structure
(dict) --
arn (string) --
The Amazon Resource Name (ARN) of the deleted firewall domain list.
id (string) --
The unique identifier of the deleted firewall domain list.
name (string) --
The name of the deleted firewall domain list.
status (string) --
The final status of the deleted firewall domain list.
Enables a disabled DNS view, allowing it to serve DNS queries again.
See also: AWS API Documentation
Request Syntax
client.enable_dns_view(
dnsViewId='string'
)
string
[REQUIRED]
The unique identifier of the DNS view to enable.
dict
Response Syntax
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'dnssecValidation': 'ENABLED'|'DISABLED',
'ednsClientSubnet': 'ENABLED'|'DISABLED',
'firewallRulesFailOpen': 'ENABLED'|'DISABLED',
'name': 'string',
'description': 'string',
'globalResolverId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'ENABLING'|'DISABLING'|'DISABLED'|'DELETING'
}
Response Structure
(dict) --
id (string) --
The unique identifier of the enabled DNS view.
arn (string) --
The Amazon Resource Name (ARN) of the enabled DNS view.
clientToken (string) --
The unique string that identifies the request and ensures idempotency.
dnssecValidation (string) --
Whether DNSSEC validation is enabled for the enabled DNS view.
ednsClientSubnet (string) --
Whether EDNS Client Subnet injection is enabled for the enabled DNS view.
firewallRulesFailOpen (string) --
The firewall rules fail-open behavior configured for the enabled DNS view.
name (string) --
The name of the enabled DNS view.
description (string) --
The description of the enabled DNS view.
globalResolverId (string) --
The ID of the Route 53 Global Resolver that the enabled DNS view is associated with.
createdAt (datetime) --
The date and time when the DNS view was originally created.
updatedAt (datetime) --
The date and time when the DNS view was last updated.
status (string) --
The current status of the enabled DNS view.
Retrieves information about a firewall domain list.
See also: AWS API Documentation
Request Syntax
client.get_firewall_domain_list(
firewallDomainListId='string'
)
string
[REQUIRED]
ID of the domain list.
dict
Response Syntax
{
'arn': 'string',
'globalResolverId': 'string',
'clientToken': 'string',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'domainCount': 123,
'id': 'string',
'name': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'statusMessage': 'string',
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
arn (string) --
Amazon Resource Name (ARN) of the domain list.
globalResolverId (string) --
ID of the Global Resolver that the domain list is associated to.
clientToken (string) --
A unique, case-sensitive identifier to ensure idempotency. This means that making the same request multiple times with the same clientToken has the same result every time.
createdAt (datetime) --
The time and date the domain list was created.
description (string) --
The description of the domain list.
domainCount (integer) --
Number of domains in the domain list.
id (string) --
ID of the domain list.
name (string) --
Name of the domain list.
status (string) --
Operational status of the domain list.
statusMessage (string) --
Additional information about the status of the domain list.
updatedAt (datetime) --
The date and time the domain list was updated.
Retrieves information about an access source.
See also: AWS API Documentation
Request Syntax
client.get_access_source(
accessSourceId='string'
)
string
[REQUIRED]
The unique identifier of the access source to retrieve.
dict
Response Syntax
{
'arn': 'string',
'cidr': 'string',
'createdAt': datetime(2015, 1, 1),
'id': 'string',
'ipAddressType': 'IPV4'|'IPV6',
'name': 'string',
'dnsViewId': 'string',
'protocol': 'DO53'|'DOH'|'DOT',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
arn (string) --
The Amazon Resource Name (ARN) of the access source.
cidr (string) --
The IP range for the rule's parameters in CIDR notation.
createdAt (datetime) --
The time and date the rule was created.
id (string) --
ID for the rule.
ipAddressType (string) --
The IP address type.
name (string) --
Name for the access source.
dnsViewId (string) --
ID for the DNS view that the rule is associated to.
protocol (string) --
The protocol determines how data is transmitted to a Global Resolver instance.
status (string) --
Information about the status of the rule.
updatedAt (datetime) --
The time and date the access source was updated.
Updates the configuration of a DNS view.
See also: AWS API Documentation
Request Syntax
client.update_dns_view(
dnsViewId='string',
name='string',
description='string',
dnssecValidation='ENABLED'|'DISABLED',
ednsClientSubnet='ENABLED'|'DISABLED',
firewallRulesFailOpen='ENABLED'|'DISABLED'
)
string
[REQUIRED]
The unique identifier of the DNS view to update.
string
The name of the DNS view.
string
A description of the DNS view.
string
Whether to enable DNSSEC validation for the DNS view.
string
Whether to enable EDNS Client Subnet injection for the DNS view.
string
Whether firewall rules should fail open when they cannot be evaluated.
dict
Response Syntax
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'dnssecValidation': 'ENABLED'|'DISABLED',
'ednsClientSubnet': 'ENABLED'|'DISABLED',
'firewallRulesFailOpen': 'ENABLED'|'DISABLED',
'name': 'string',
'description': 'string',
'globalResolverId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'ENABLING'|'DISABLING'|'DISABLED'|'DELETING'
}
Response Structure
(dict) --
id (string) --
The unique identifier of the updated DNS view.
arn (string) --
The Amazon Resource Name (ARN) of the updated DNS view.
clientToken (string) --
The unique string that identifies the request and ensures idempotency.
dnssecValidation (string) --
Whether DNSSEC validation is enabled for the updated DNS view.
ednsClientSubnet (string) --
Whether EDNS Client Subnet injection is enabled for the updated DNS view.
firewallRulesFailOpen (string) --
Whether firewall rules fail open when they cannot be evaluated for the updated DNS view.
name (string) --
The name of the updated DNS view.
description (string) --
The description of the updated DNS view.
globalResolverId (string) --
The ID of the global resolver associated with the updated DNS view.
createdAt (datetime) --
The date and time when the DNS view was originally created.
updatedAt (datetime) --
The date and time when the DNS view was last updated.
status (string) --
The current status of the updated DNS view.
Creates a DNS firewall rule. Firewall rules define actions (ALLOW, BLOCK, or ALERT) to take on DNS queries that match specified domain lists, managed domain lists, or advanced threat protections.
See also: AWS API Documentation
Request Syntax
client.create_firewall_rule(
action='ALLOW'|'ALERT'|'BLOCK',
blockOverrideDnsType='CNAME',
blockOverrideDomain='string',
blockOverrideTtl=123,
blockResponse='NODATA'|'NXDOMAIN'|'OVERRIDE',
clientToken='string',
confidenceThreshold='LOW'|'MEDIUM'|'HIGH',
description='string',
dnsAdvancedProtection='DGA'|'DNS_TUNNELING',
firewallDomainListId='string',
name='string',
priority=123,
dnsViewId='string',
qType='string'
)
string
[REQUIRED]
The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:
ALLOW - Permit the request to go through.
ALERT - Permit the request and send metrics and logs to CloudWatch.
BLOCK - Disallow the request. This option requires additional details in the rule's BlockResponse.
string
The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
This setting is required if the BlockResponse setting is OVERRIDE.
string
The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
This setting is required if the BlockResponse setting is OVERRIDE.
integer
The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
This setting is required if the BlockResponse setting is OVERRIDE.
string
The response to return when the action is BLOCK. Valid values are NXDOMAIN (domain does not exist), NODATA (domain exists but no records), or OVERRIDE (return custom response).
string
A unique, case-sensitive identifier to ensure idempotency. This means that making the same request multiple times with the same clientToken has the same result every time.
This field is autopopulated if not provided.
string
The confidence threshold for advanced threat detection. Valid values are HIGH, MEDIUM, or LOW, indicating the accuracy level required for threat detection.
string
An optional description for the firewall rule.
string
Whether to enable advanced DNS threat protection for this rule. Advanced protection can detect and block DNS tunneling and Domain Generation Algorithm (DGA) threats.
string
The ID of the firewall domain list to use in this rule.
string
[REQUIRED]
A descriptive name for the firewall rule.
integer
The priority of this rule. Rules are evaluated in priority order, with lower numbers having higher priority. When a DNS query matches multiple rules, the rule with the highest priority (lowest number) is applied.
string
[REQUIRED]
The ID of the DNS view to associate with this firewall rule.
string
The DNS query type to match for this rule. Examples include A (IPv4 address), AAAA (IPv6 address), MX (mail exchange), or TXT (text record).
dict
Response Syntax
{
'action': 'ALLOW'|'ALERT'|'BLOCK',
'blockOverrideDnsType': 'CNAME',
'blockOverrideDomain': 'string',
'blockOverrideTtl': 123,
'blockResponse': 'NODATA'|'NXDOMAIN'|'OVERRIDE',
'confidenceThreshold': 'LOW'|'MEDIUM'|'HIGH',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'dnsAdvancedProtection': 'DGA'|'DNS_TUNNELING',
'firewallDomainListId': 'string',
'id': 'string',
'name': 'string',
'priority': 123,
'dnsViewId': 'string',
'queryType': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
action (string) --
The action that DNS Firewall takes on DNS queries that match this rule.
blockOverrideDnsType (string) --
The DNS record type for the custom response when blockResponse is OVERRIDE.
blockOverrideDomain (string) --
The custom domain to return when the action is BLOCK and blockResponse is OVERRIDE.
blockOverrideTtl (integer) --
The time-to-live (TTL) value for the custom response when blockResponse is OVERRIDE.
blockResponse (string) --
The response to return when the action is BLOCK.
confidenceThreshold (string) --
The confidence threshold for advanced threat detection.
createdAt (datetime) --
The date and time when the firewall rule was created.
description (string) --
The description of the firewall rule.
dnsAdvancedProtection (string) --
Whether advanced DNS threat protection is enabled for this rule.
firewallDomainListId (string) --
The ID of the firewall domain list used in this rule.
id (string) --
The unique identifier for the firewall rule.
name (string) --
The name of the firewall rule.
priority (integer) --
The priority of the firewall rule.
dnsViewId (string) --
The ID of the DNS view associated with this firewall rule.
queryType (string) --
The DNS query type that this rule matches.
status (string) --
The operational status of the firewall rule.
updatedAt (datetime) --
The date and time when the firewall rule was last updated.
Lists the tags associated with a Route 53 Global Resolver resource.
See also: AWS API Documentation
Request Syntax
client.list_tags_for_resource(
resourceArn='string'
)
string
[REQUIRED]
Amazon Resource Name (ARN) for the resource.
dict
Response Syntax
{
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
tags (dict) --
An array of user-defined keys and optional values. These tags can be used for categorization and organization.
(string) --
(string) --
Updates the configuration of a Route 53 Global Resolver instance. You can modify the name, description, and observability region.
See also: AWS API Documentation
Request Syntax
client.update_global_resolver(
globalResolverId='string',
name='string',
observabilityRegion='string',
description='string'
)
string
[REQUIRED]
The ID of the Global Resolver.
string
The name of the Global Resolver.
string
The AWS Regions in which the users' Global Resolver query resolution logs will be propagated.
string
The description of the Global Resolver.
dict
Response Syntax
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'dnsName': 'string',
'observabilityRegion': 'string',
'name': 'string',
'description': 'string',
'regions': [
'string',
],
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'ipv4Addresses': [
'string',
]
}
Response Structure
(dict) --
id (string) --
The ID of the Global Resolver.
arn (string) --
The Amazon Resource Name (ARN) of the Global Resolver.
clientToken (string) --
A unique, case-sensitive identifier to ensure idempotency. This means that making the same request multiple times with the same clientToken has the same result every time.
dnsName (string) --
The hostname to be used by the customers' DNS clients for certification validation.
observabilityRegion (string) --
The AWS Regions in which the users' Global Resolver query resolution logs will be propagated.
name (string) --
Name of the Global Resolver.
description (string) --
Description of the Global Resolver.
regions (list) --
The AWS Regions in which the Global Resolver will operate.
(string) --
createdAt (datetime) --
The time and date the Global Resolverwas created.
updatedAt (datetime) --
The time and date the Global Resolver was updated.
status (string) --
The operational status of the Global Resolver.
ipv4Addresses (list) --
List of anycast IPv4 addresses associated with the Global Resolver instance.
(string) --
Updates multiple DNS firewall rules in a single operation. This is more efficient than updating rules individually.
See also: AWS API Documentation
Request Syntax
client.batch_update_firewall_rule(
firewallRules=[
{
'action': 'ALLOW'|'ALERT'|'BLOCK',
'blockOverrideDnsType': 'CNAME',
'blockOverrideDomain': 'string',
'blockOverrideTtl': 123,
'blockResponse': 'NODATA'|'NXDOMAIN'|'OVERRIDE',
'confidenceThreshold': 'LOW'|'MEDIUM'|'HIGH',
'description': 'string',
'dnsAdvancedProtection': 'DGA'|'DNS_TUNNELING',
'firewallRuleId': 'string',
'name': 'string',
'priority': 123
},
]
)
list
[REQUIRED]
The DNS Firewall rule IDs to be updated.
(dict) --
Information for updating a firewall rule in a batch operation.
action (string) --
The action to take when a DNS query matches the firewall rule.
blockOverrideDnsType (string) --
The DNS record type for the custom response when the action is BLOCK.
blockOverrideDomain (string) --
The custom domain name for the BLOCK response.
blockOverrideTtl (integer) --
The TTL value for the custom response when the action is BLOCK.
blockResponse (string) --
The type of block response to return when the action is BLOCK.
confidenceThreshold (string) --
The confidence threshold for advanced threat detection.
description (string) --
A description of the firewall rule.
dnsAdvancedProtection (string) --
Whether to enable advanced DNS threat protection for the firewall rule.
firewallRuleId (string) -- [REQUIRED]
The unique identifier of the firewall rule to update.
name (string) --
A name for the firewall rule.
priority (integer) --
The priority of the firewall rule.
dict
Response Syntax
{
'failures': [
{
'firewallRule': {
'action': 'ALLOW'|'ALERT'|'BLOCK',
'blockOverrideDnsType': 'CNAME',
'blockOverrideDomain': 'string',
'blockOverrideTtl': 123,
'blockResponse': 'NODATA'|'NXDOMAIN'|'OVERRIDE',
'clientToken': 'string',
'confidenceThreshold': 'LOW'|'MEDIUM'|'HIGH',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'dnsAdvancedProtection': 'DGA'|'DNS_TUNNELING',
'firewallDomainListId': 'string',
'id': 'string',
'name': 'string',
'priority': 123,
'dnsViewId': 'string',
'queryType': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
},
'code': 123,
'message': 'string'
},
],
'successes': [
{
'firewallRule': {
'action': 'ALLOW'|'ALERT'|'BLOCK',
'blockOverrideDnsType': 'CNAME',
'blockOverrideDomain': 'string',
'blockOverrideTtl': 123,
'blockResponse': 'NODATA'|'NXDOMAIN'|'OVERRIDE',
'clientToken': 'string',
'confidenceThreshold': 'LOW'|'MEDIUM'|'HIGH',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'dnsAdvancedProtection': 'DGA'|'DNS_TUNNELING',
'firewallDomainListId': 'string',
'id': 'string',
'name': 'string',
'priority': 123,
'dnsViewId': 'string',
'queryType': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
},
'code': 123,
'message': 'string'
},
]
}
Response Structure
(dict) --
failures (list) --
High level information about the DNS Firewall rules that failed to update.
(dict) --
The result of updating a firewall rule in a batch operation.
firewallRule (dict) --
The firewall rule that was updated in the batch operation.
action (string) --
The action configured for the updated firewall rule.
blockOverrideDnsType (string) --
The DNS record type configured for the updated firewall rule's custom response.
blockOverrideDomain (string) --
The custom domain name configured for the updated firewall rule's BLOCK response.
blockOverrideTtl (integer) --
The TTL value configured for the updated firewall rule's custom response.
blockResponse (string) --
The type of block response configured for the updated firewall rule.
clientToken (string) --
The unique string that identified the request and ensured idempotency.
confidenceThreshold (string) --
The confidence threshold configured for the updated firewall rule's advanced threat detection.
createdAt (datetime) --
The date and time when the firewall rule was originally created.
description (string) --
The description of the updated firewall rule.
dnsAdvancedProtection (string) --
Whether advanced DNS threat protection is enabled for the updated firewall rule.
firewallDomainListId (string) --
The ID of the firewall domain list associated with the updated firewall rule.
id (string) --
The unique identifier of the updated firewall rule.
name (string) --
The name of the updated firewall rule.
priority (integer) --
The priority of the updated firewall rule.
dnsViewId (string) --
The ID of the DNS view associated with the updated firewall rule.
queryType (string) --
The DNS query type that the updated firewall rule matches.
status (string) --
The current status of the updated firewall rule.
updatedAt (datetime) --
The date and time when the firewall rule was last updated.
code (integer) --
The response code for the update operation.
message (string) --
The response message for the update operation.
successes (list) --
High level information about the DNS Firewall rules that were successfully updated.
(dict) --
The result of updating a firewall rule in a batch operation.
firewallRule (dict) --
The firewall rule that was updated in the batch operation.
action (string) --
The action configured for the updated firewall rule.
blockOverrideDnsType (string) --
The DNS record type configured for the updated firewall rule's custom response.
blockOverrideDomain (string) --
The custom domain name configured for the updated firewall rule's BLOCK response.
blockOverrideTtl (integer) --
The TTL value configured for the updated firewall rule's custom response.
blockResponse (string) --
The type of block response configured for the updated firewall rule.
clientToken (string) --
The unique string that identified the request and ensured idempotency.
confidenceThreshold (string) --
The confidence threshold configured for the updated firewall rule's advanced threat detection.
createdAt (datetime) --
The date and time when the firewall rule was originally created.
description (string) --
The description of the updated firewall rule.
dnsAdvancedProtection (string) --
Whether advanced DNS threat protection is enabled for the updated firewall rule.
firewallDomainListId (string) --
The ID of the firewall domain list associated with the updated firewall rule.
id (string) --
The unique identifier of the updated firewall rule.
name (string) --
The name of the updated firewall rule.
priority (integer) --
The priority of the updated firewall rule.
dnsViewId (string) --
The ID of the DNS view associated with the updated firewall rule.
queryType (string) --
The DNS query type that the updated firewall rule matches.
status (string) --
The current status of the updated firewall rule.
updatedAt (datetime) --
The date and time when the firewall rule was last updated.
code (integer) --
The response code for the update operation.
message (string) --
The response message for the update operation.
Deletes an access token. This operation cannot be undone.
See also: AWS API Documentation
Request Syntax
client.delete_access_token(
accessTokenId='string'
)
string
[REQUIRED]
The unique identifier of the access token to delete.
dict
Response Syntax
{
'id': 'string',
'status': 'CREATING'|'OPERATIONAL'|'DELETING',
'deletedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
id (string) --
The unique identifier of the deleted access token.
status (string) --
The final status of the deleted access token.
deletedAt (datetime) --
The date and time when the access token was deleted.
Creates an access token for a DNS view. Access tokens provide token-based authentication for DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) connections to the Route 53 Global Resolver.
See also: AWS API Documentation
Request Syntax
client.create_access_token(
clientToken='string',
dnsViewId='string',
expiresAt=datetime(2015, 1, 1),
name='string',
tags={
'string': 'string'
}
)
string
A unique, case-sensitive identifier to ensure idempotency. This means that making the same request multiple times with the same clientToken has the same result every time.
This field is autopopulated if not provided.
string
[REQUIRED]
The ID of the DNS view to associate with this token.
datetime
The date and time when the token expires. Tokens can have a minimum expiration of 30 days and maximum of 365 days from creation.
string
A descriptive name for the access token.
dict
An array of user-defined keys and optional values. These tags can be used for categorization and organization.
(string) --
(string) --
dict
Response Syntax
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'createdAt': datetime(2015, 1, 1),
'dnsViewId': 'string',
'expiresAt': datetime(2015, 1, 1),
'name': 'string',
'status': 'CREATING'|'OPERATIONAL'|'DELETING',
'value': 'string'
}
Response Structure
(dict) --
id (string) --
The unique identifier for the access token.
arn (string) --
The Amazon Resource Name (ARN) of the access token.
clientToken (string) --
The unique string that identifies the request and ensures idempotency.
createdAt (datetime) --
The date and time when the access token was created.
dnsViewId (string) --
The ID of the DNS view associated with this access token.
expiresAt (datetime) --
The date and time when the access token expires.
name (string) --
The name of the access token.
status (string) --
The operational status of the access token.
value (string) --
The access token value. This token should be included in DoH and DoT requests for authentication. Keep this value secure as it provides access to your Route 53 Global Resolver.
Lists all DNS views for a Route 53 Global Resolver with pagination support.
See also: AWS API Documentation
Request Syntax
client.list_dns_views(
maxResults=123,
nextToken='string',
globalResolverId='string'
)
integer
The maximum number of results to retrieve in a single call.
string
A pagination token used for large sets of results that can't be returned in a single response.
string
[REQUIRED]
The Global Resolver ID.
dict
Response Syntax
{
'nextToken': 'string',
'dnsViews': [
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'dnssecValidation': 'ENABLED'|'DISABLED',
'ednsClientSubnet': 'ENABLED'|'DISABLED',
'firewallRulesFailOpen': 'ENABLED'|'DISABLED',
'name': 'string',
'description': 'string',
'globalResolverId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'ENABLING'|'DISABLING'|'DISABLED'|'DELETING'
},
]
}
Response Structure
(dict) --
nextToken (string) --
A pagination token used for large sets of results that can't be returned in a single response. Provide this token in the next call to get the results not returned in this call.
dnsViews (list) --
An array of information about the DNS views, such as whether DNSSEC is enabled, creation time, etc.
(dict) --
Summary information about a DNS view.
id (string) --
The unique identifier of the DNS view.
arn (string) --
The Amazon Resource Name (ARN) of the DNS view.
clientToken (string) --
The unique string that identifies the request and ensures idempotency.
dnssecValidation (string) --
Whether DNSSEC validation is enabled for the DNS view.
ednsClientSubnet (string) --
Whether EDNS Client Subnet injection is enabled for the DNS view.
firewallRulesFailOpen (string) --
Whether firewall rules fail open when they cannot be evaluated.
name (string) --
The name of the DNS view.
description (string) --
A description of the DNS view.
globalResolverId (string) --
The ID of the global resolver that the DNS view is associated with.
createdAt (datetime) --
The date and time when the DNS view was created.
updatedAt (datetime) --
The date and time when the DNS view was last updated.
status (string) --
The current status of the DNS view.
Deletes a Route 53 Global Resolver instance. This operation cannot be undone. All associated DNS views, access sources, tokens, and firewall rules are also deleted.
See also: AWS API Documentation
Request Syntax
client.delete_global_resolver(
globalResolverId='string'
)
string
[REQUIRED]
The unique identifier of the Route 53 Global Resolver to delete.
dict
Response Syntax
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'dnsName': 'string',
'observabilityRegion': 'string',
'name': 'string',
'description': 'string',
'regions': [
'string',
],
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'ipv4Addresses': [
'string',
]
}
Response Structure
(dict) --
id (string) --
The unique identifier of the deleted Route 53 Global Resolver.
arn (string) --
The Amazon Resource Name (ARN) of the deleted Route 53 Global Resolver.
clientToken (string) --
The unique string that identifies the request and ensures idempotency.
dnsName (string) --
The hostname that DNS clients used for TLS certificate validation when connecting to the deleted Route 53 Global Resolver.
observabilityRegion (string) --
The AWS Region where observability data for the deleted Route 53 Global Resolver was stored.
name (string) --
The name of the deleted Route 53 Global Resolver.
description (string) --
The description of the deleted Route 53 Global Resolver.
regions (list) --
The AWS Regions where the deleted Route 53 Global Resolver was deployed and operational.
(string) --
createdAt (datetime) --
The date and time when the Route 53 Global Resolver was originally created.
updatedAt (datetime) --
The date and time when the Route 53 Global Resolver was last updated before deletion.
status (string) --
The final status of the deleted Route 53 Global Resolver.
ipv4Addresses (list) --
The global anycast IPv4 addresses that were associated with the deleted Route 53 Global Resolver.
(string) --
Imports a list of domains from an Amazon S3 file into a firewall domain list. The file should contain one domain per line.
See also: AWS API Documentation
Request Syntax
client.import_firewall_domains(
domainFileUrl='string',
firewallDomainListId='string',
operation='string'
)
string
[REQUIRED]
The fully qualified URL of the file in Amazon S3 that contains the list of domains to import. The file should contain one domain per line.
string
[REQUIRED]
ID of the DNS Firewall domain list that you want to import the domain list to.
string
[REQUIRED]
This value is REPLACE, and it updates the domain list to match the list of domains in the imported file.
dict
Response Syntax
{
'id': 'string',
'name': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING'
}
Response Structure
(dict) --
id (string) --
ID of the DNS Firewall domain list that you imported the domain list to.
name (string) --
Name of the DNS Firewall domain list.
status (string) --
Operational status of the DNS Firewall domain list.
Updates the configuration of an access source.
See also: AWS API Documentation
Request Syntax
client.update_access_source(
accessSourceId='string',
cidr='string',
ipAddressType='IPV4'|'IPV6',
name='string',
protocol='DO53'|'DOH'|'DOT'
)
string
[REQUIRED]
The unique identifier of the access source to update.
string
The CIDR block for the access source.
string
The IP address type for the access source.
string
The name of the access source.
string
The protocol for the access source.
dict
Response Syntax
{
'arn': 'string',
'cidr': 'string',
'createdAt': datetime(2015, 1, 1),
'id': 'string',
'ipAddressType': 'IPV4'|'IPV6',
'name': 'string',
'dnsViewId': 'string',
'protocol': 'DO53'|'DOH'|'DOT',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
arn (string) --
The Amazon Resource Name (ARN) of the updated access source.
cidr (string) --
The CIDR block of the updated access source.
createdAt (datetime) --
The date and time when the access source was originally created.
id (string) --
The unique identifier of the updated access source.
ipAddressType (string) --
The IP address type of the updated access source.
name (string) --
The name of the updated access source.
dnsViewId (string) --
The ID of the DNS view associated with the updated access source.
protocol (string) --
The protocol of the updated access source.
status (string) --
The current status of the updated access source.
updatedAt (datetime) --
The date and time when the access source was last updated.
Lists all DNS firewall rules for a DNS view with pagination support.
See also: AWS API Documentation
Request Syntax
client.list_firewall_rules(
maxResults=123,
nextToken='string',
dnsViewId='string',
filters={
'string': [
'string',
]
}
)
integer
The maximum number of results to retrieve in a single call.
string
A pagination token used for large sets of results that can't be returned in a single response.
string
[REQUIRED]
ID of the DNS view.
dict
Values to filter the results.
(string) --
(list) --
(string) --
dict
Response Syntax
{
'nextToken': 'string',
'firewallRules': [
{
'action': 'ALLOW'|'ALERT'|'BLOCK',
'blockOverrideDnsType': 'CNAME',
'blockOverrideDomain': 'string',
'blockOverrideTtl': 123,
'blockResponse': 'NODATA'|'NXDOMAIN'|'OVERRIDE',
'confidenceThreshold': 'LOW'|'MEDIUM'|'HIGH',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'dnsAdvancedProtection': 'DGA'|'DNS_TUNNELING',
'firewallDomainListId': 'string',
'id': 'string',
'name': 'string',
'priority': 123,
'dnsViewId': 'string',
'queryType': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
nextToken (string) --
A pagination token used for large sets of results that can't be returned in a single response. Provide this token in the next call to get the results not returned in this call.
firewallRules (list) --
List of the firewall rules and information about them.
(dict) --
Summary information about a firewall rule.
action (string) --
The action configured for the firewall rule.
blockOverrideDnsType (string) --
The DNS record type configured for the firewall rule's custom response.
blockOverrideDomain (string) --
The custom domain name configured for the firewall rule's BLOCK response.
blockOverrideTtl (integer) --
The TTL value configured for the firewall rule's custom response.
blockResponse (string) --
The type of block response configured for the firewall rule.
confidenceThreshold (string) --
The confidence threshold configured for the firewall rule's advanced threat detection.
createdAt (datetime) --
The date and time when the firewall rule was created.
description (string) --
The description of the firewall rule.
dnsAdvancedProtection (string) --
Whether advanced DNS threat protection is enabled for the firewall rule.
firewallDomainListId (string) --
The ID of the firewall domain list associated with the firewall rule.
id (string) --
The unique identifier of the firewall rule.
name (string) --
The name of the firewall rule.
priority (integer) --
The priority of the firewall rule.
dnsViewId (string) --
The ID of the DNS view associated with the firewall rule.
queryType (string) --
The DNS query type that the firewall rule matches.
status (string) --
The current status of the firewall rule.
updatedAt (datetime) --
The date and time when the firewall rule was last updated.
Deletes an access source. This operation cannot be undone.
See also: AWS API Documentation
Request Syntax
client.delete_access_source(
accessSourceId='string'
)
string
[REQUIRED]
The unique identifier of the access source to delete.
dict
Response Syntax
{
'arn': 'string',
'cidr': 'string',
'createdAt': datetime(2015, 1, 1),
'id': 'string',
'ipAddressType': 'IPV4'|'IPV6',
'name': 'string',
'dnsViewId': 'string',
'protocol': 'DO53'|'DOH'|'DOT',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
arn (string) --
The Amazon Resource Name (ARN) of the deleted access source.
cidr (string) --
The IP address or CIDR range of the deleted access source.
createdAt (datetime) --
The date and time when the access source was originally created.
id (string) --
The unique identifier of the deleted access source.
ipAddressType (string) --
The IP address type of the deleted access source (IPv4 or IPv6).
name (string) --
The name of the deleted access source.
dnsViewId (string) --
The ID of the DNS view that was associated with the deleted access source.
protocol (string) --
The DNS protocol that was permitted for the deleted access source.
status (string) --
The final status of the deleted access source.
updatedAt (datetime) --
The date and time when the access source was last updated before deletion.
Creates a DNS view within a Route 53 Global Resolver. A DNS view models end users, user groups, networks, and devices, and serves as a parent resource that holds configurations controlling access, authorization, DNS firewall rules, and forwarding rules.
See also: AWS API Documentation
Request Syntax
client.create_dns_view(
globalResolverId='string',
clientToken='string',
name='string',
dnssecValidation='ENABLED'|'DISABLED',
ednsClientSubnet='ENABLED'|'DISABLED',
firewallRulesFailOpen='ENABLED'|'DISABLED',
description='string',
tags={
'string': 'string'
}
)
string
[REQUIRED]
The ID of the Route 53 Global Resolver to associate with this DNS view.
string
A unique string that identifies the request and ensures idempotency.
This field is autopopulated if not provided.
string
[REQUIRED]
A descriptive name for the DNS view.
string
Whether to enable DNSSEC validation for DNS queries in this DNS view. When enabled, the resolver verifies the authenticity and integrity of DNS responses from public name servers for DNSSEC-signed domains.
string
Whether to enable EDNS Client Subnet injection for DNS queries in this DNS view. When enabled, client subnet information is forwarded to provide more accurate geographic-based DNS responses.
string
Determines the behavior when Route 53 Global Resolver cannot apply DNS firewall rules due to service impairment. When enabled, DNS queries are allowed through; when disabled, queries are blocked.
string
An optional description for the DNS view.
dict
Tags to associate with the DNS view.
(string) --
(string) --
dict
Response Syntax
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'dnssecValidation': 'ENABLED'|'DISABLED',
'ednsClientSubnet': 'ENABLED'|'DISABLED',
'firewallRulesFailOpen': 'ENABLED'|'DISABLED',
'name': 'string',
'description': 'string',
'globalResolverId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'ENABLING'|'DISABLING'|'DISABLED'|'DELETING'
}
Response Structure
(dict) --
id (string) --
The unique identifier for the DNS view.
arn (string) --
The Amazon Resource Name (ARN) of the DNS view.
clientToken (string) --
The unique string that identifies the request and ensures idempotency.
dnssecValidation (string) --
Whether DNSSEC validation is enabled for DNS queries in this DNS view.
ednsClientSubnet (string) --
Whether EDNS Client Subnet injection is enabled for DNS queries in this DNS view.
firewallRulesFailOpen (string) --
The behavior when Route 53 Global Resolver cannot apply DNS firewall rules due to service impairment.
name (string) --
The descriptive name of the DNS view.
description (string) --
The description of the DNS view.
globalResolverId (string) --
The ID of the Route 53 Global Resolver instance the DNS view is created for.
createdAt (datetime) --
The date and time when the DNS view was created.
updatedAt (datetime) --
The date and time when the DNS view was last updated.
status (string) --
The operational status of the DNS view.
Creates a firewall domain list. Domain lists are reusable sets of domain specifications that you use in DNS firewall rules to allow, block, or alert on DNS queries to specific domains.
See also: AWS API Documentation
Request Syntax
client.create_firewall_domain_list(
clientToken='string',
globalResolverId='string',
description='string',
name='string',
tags={
'string': 'string'
}
)
string
A unique, case-sensitive identifier to ensure idempotency. This means that making the same request multiple times with the same clientToken has the same result every time.
This field is autopopulated if not provided.
string
[REQUIRED]
The ID of the Route 53 Global Resolver that the domain list will be associated with.
string
An optional description for the firewall domain list.
string
[REQUIRED]
A descriptive name for the firewall domain list.
dict
An array of user-defined keys and optional values. These tags can be used for categorization and organization.
(string) --
(string) --
dict
Response Syntax
{
'arn': 'string',
'globalResolverId': 'string',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'domainCount': 123,
'id': 'string',
'name': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
arn (string) --
An Amazon Resource Name (ARN) for the domain list.
globalResolverId (string) --
The ID of the Route 53 Global Resolver that the domain list is associated with.
createdAt (datetime) --
The time and date the domain list was created on.
description (string) --
Description for the domain list.
domainCount (integer) --
Number of domains in the domain list.
id (string) --
ID of the domain list.
name (string) --
Name of the domain list.
status (string) --
Creation status of the domain list.
updatedAt (datetime) --
The time and date the domain list was updated.
Returns a paginated list of the AWS Managed DNS Lists and the categories for DNS Firewall. The categories are either THREAT or CONTENT.
See also: AWS API Documentation
Request Syntax
client.list_managed_firewall_domain_lists(
maxResults=123,
nextToken='string',
managedFirewallDomainListType='string'
)
integer
The maximum number of results to retrieve in a single call.
string
A pagination token used for large sets of results that can't be returned in a single response.
string
[REQUIRED]
The category of the Manage DNS list either THREAT or CONTENT.
dict
Response Syntax
{
'nextToken': 'string',
'managedFirewallDomainLists': [
{
'description': 'string',
'id': 'string',
'name': 'string',
'managedListType': 'string'
},
]
}
Response Structure
(dict) --
nextToken (string) --
A pagination token used for large sets of results that can't be returned in a single response. Provide this token in the next call to get the results not returned in this call.
managedFirewallDomainLists (list) --
List of the Managed Domain Lists.
(dict) --
Summary information about a managed firewall domain list.
description (string) --
A description of the managed firewall domain list.
id (string) --
The unique identifier of the managed firewall domain list.
name (string) --
The name of the managed firewall domain list.
managedListType (string) --
The type of the managed firewall domain list.
Lists all Route 53 Global Resolver instances in your account with pagination support.
See also: AWS API Documentation
Request Syntax
client.list_global_resolvers(
maxResults=123,
nextToken='string'
)
integer
The maximum number of Route 53 Global Resolver instances to return in the response. Valid range is 1-100.
string
The token for the next page of results. This value is returned in the response if there are more results to retrieve.
dict
Response Syntax
{
'nextToken': 'string',
'globalResolvers': [
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'dnsName': 'string',
'observabilityRegion': 'string',
'name': 'string',
'description': 'string',
'regions': [
'string',
],
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'ipv4Addresses': [
'string',
]
},
]
}
Response Structure
(dict) --
nextToken (string) --
A pagination token used for large sets of results that can't be returned in a single response. Provide this token in the next call to get the results not returned in this call.
globalResolvers (list) --
Paginated list of Global Resolvers.
(dict) --
Summary information about a global resolver.
id (string) --
The unique identifier of the global resolver.
arn (string) --
The Amazon Resource Name (ARN) of the global resolver.
clientToken (string) --
The unique string that identifies the request and ensures idempotency.
dnsName (string) --
The DNS name of the global resolver.
observabilityRegion (string) --
The AWS Region where observability data is collected for the global resolver.
name (string) --
The name of the global resolver.
description (string) --
A description of the global resolver.
regions (list) --
The AWS Regions where the global resolver is deployed.
(string) --
createdAt (datetime) --
The date and time when the global resolver was created.
updatedAt (datetime) --
The date and time when the global resolver was last updated.
status (string) --
The current status of the global resolver.
ipv4Addresses (list) --
The IPv4 addresses assigned to the global resolver.
(string) --
Deletes multiple DNS firewall rules in a single operation. This is more efficient than deleting rules individually.
See also: AWS API Documentation
Request Syntax
client.batch_delete_firewall_rule(
firewallRules=[
{
'firewallRuleId': 'string'
},
]
)
list
[REQUIRED]
An array of the DNS Firewall IDs to be deleted.
(dict) --
Information about a DNS Firewall rule to delete in a batch operation.
firewallRuleId (string) -- [REQUIRED]
The ID of the DNS Firewall rule to delete.
dict
Response Syntax
{
'failures': [
{
'firewallRule': {
'clientToken': 'string',
'id': 'string',
'name': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING'
},
'code': 123,
'message': 'string'
},
],
'successes': [
{
'firewallRule': {
'clientToken': 'string',
'id': 'string',
'name': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING'
},
'code': 123,
'message': 'string'
},
]
}
Response Structure
(dict) --
failures (list) --
High level information about the DNS Firewall rules that failed to delete.
(dict) --
The result of deleting a firewall rule in a batch operation.
firewallRule (dict) --
The firewall rule that was deleted in the batch operation.
clientToken (string) --
The unique string that identified the request and ensured idempotency.
id (string) --
The unique identifier of the deleted firewall rule.
name (string) --
The name of the deleted firewall rule.
status (string) --
The final status of the deleted firewall rule.
code (integer) --
The response code for the delete operation.
message (string) --
The response message for the delete operation.
successes (list) --
High level information about the DNS Firewall rules that were deleted successfully.
(dict) --
The result of deleting a firewall rule in a batch operation.
firewallRule (dict) --
The firewall rule that was deleted in the batch operation.
clientToken (string) --
The unique string that identified the request and ensured idempotency.
id (string) --
The unique identifier of the deleted firewall rule.
name (string) --
The name of the deleted firewall rule.
status (string) --
The final status of the deleted firewall rule.
code (integer) --
The response code for the delete operation.
message (string) --
The response message for the delete operation.
Retrieves information about an AWS-managed firewall domain list. Managed domain lists contain domains associated with malicious activity, content categories, or specific threats.
See also: AWS API Documentation
Request Syntax
client.get_managed_firewall_domain_list(
managedFirewallDomainListId='string'
)
string
[REQUIRED]
ID of the Managed Domain List.
dict
Response Syntax
{
'description': 'string',
'id': 'string',
'name': 'string',
'managedListType': 'string'
}
Response Structure
(dict) --
description (string) --
Description of the Managed Domain List.
id (string) --
ID of the Managed Domain List.
name (string) --
Name of the Managed Domain List.
managedListType (string) --
Type of the managed category. This is either THREAT or CONTENT.
Retrieves information about a Route 53 Global Resolver instance.
See also: AWS API Documentation
Request Syntax
client.get_global_resolver(
globalResolverId='string'
)
string
[REQUIRED]
The ID of the Route 53 Global Resolver to retrieve information about.
dict
Response Syntax
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'dnsName': 'string',
'observabilityRegion': 'string',
'name': 'string',
'description': 'string',
'regions': [
'string',
],
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'ipv4Addresses': [
'string',
]
}
Response Structure
(dict) --
id (string) --
The ID of the Global Resolver.
arn (string) --
The Amazon Resource Name (ARN) of the Global Resolver.
clientToken (string) --
A unique, case-sensitive identifier to ensure idempotency. This means that making the same request multiple times with the same clientToken has the same result every time.
dnsName (string) --
The hostname used by the customers' DNS clients for certification validation.
observabilityRegion (string) --
The AWS Regions in which the users' Global Resolver query resolution logs will be propagated.
name (string) --
The name of the Global Resolver.
description (string) --
The description of the Global Resolver.
regions (list) --
The AWS Regions in which the Global Resolver operate.
(string) --
createdAt (datetime) --
The date and time the Global Resolver was created.
updatedAt (datetime) --
The date and time the Global Resolver was updated.
status (string) --
The operational status of the Global Resolver.
ipv4Addresses (list) --
List of anycast IPv4 addresses associated with the Global Resolver instance.
(string) --
Lists all access tokens for a DNS view with pagination support.
See also: AWS API Documentation
Request Syntax
client.list_access_tokens(
maxResults=123,
nextToken='string',
dnsViewId='string',
filters={
'string': [
'string',
]
}
)
integer
The maximum number of results to retrieve in a single call.
string
A pagination token used for large sets of results that can't be returned in a single response.
string
[REQUIRED]
The ID of the DNS view to list the tokens for.
dict
Filtering parameters.
(string) --
(list) --
(string) --
dict
Response Syntax
{
'nextToken': 'string',
'accessTokens': [
{
'id': 'string',
'arn': 'string',
'createdAt': datetime(2015, 1, 1),
'dnsViewId': 'string',
'expiresAt': datetime(2015, 1, 1),
'globalResolverId': 'string',
'name': 'string',
'status': 'CREATING'|'OPERATIONAL'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
nextToken (string) --
A pagination token used for large sets of results that can't be returned in a single response. Provide this token in the next call to get the results not returned in this call.
accessTokens (list) --
List of the tokens.
(dict) --
Summary information about a token.
id (string) --
The unique identifier of the token.
arn (string) --
The Amazon Resource Name (ARN) of the token.
createdAt (datetime) --
The date and time when the token was created.
dnsViewId (string) --
The ID of the DNS view associated with the token.
expiresAt (datetime) --
The date and time when the token expires.
globalResolverId (string) --
The ID of the global resolver associated with the token.
name (string) --
The name of the token.
status (string) --
The current status of the token.
updatedAt (datetime) --
The date and time when the token was last updated.
Adds or updates tags for a Route 53 Global Resolver resource. Tags are key-value pairs that help you organize and identify your resources.
See also: AWS API Documentation
Request Syntax
client.tag_resource(
resourceArn='string',
tags={
'string': 'string'
}
)
string
[REQUIRED]
Amazon Resource Name (ARN) of the resource to be tagged.
dict
[REQUIRED]
An array of user-defined keys and optional values. These tags can be used for categorization and organization.
(string) --
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Removes tags from a Route 53 Global Resolver resource.
See also: AWS API Documentation
Request Syntax
client.untag_resource(
resourceArn='string',
tagKeys=[
'string',
]
)
string
[REQUIRED]
Amazon Resource Name (ARN) of the resource.
list
[REQUIRED]
The tag keys associated with the resource.
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Updates the configuration of an access token.
See also: AWS API Documentation
Request Syntax
client.update_access_token(
accessTokenId='string',
name='string'
)
string
[REQUIRED]
The ID of the token.
string
[REQUIRED]
The new name of the token.
dict
Response Syntax
{
'id': 'string',
'name': 'string'
}
Response Structure
(dict) --
id (string) --
The ID of the token.
name (string) --
The name of the token.
Retrieves information about a DNS view.
See also: AWS API Documentation
Request Syntax
client.get_dns_view(
dnsViewId='string'
)
string
[REQUIRED]
The ID of the DNS view to retrieve information about.
dict
Response Syntax
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'dnssecValidation': 'ENABLED'|'DISABLED',
'ednsClientSubnet': 'ENABLED'|'DISABLED',
'firewallRulesFailOpen': 'ENABLED'|'DISABLED',
'name': 'string',
'description': 'string',
'globalResolverId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'ENABLING'|'DISABLING'|'DISABLED'|'DELETING'
}
Response Structure
(dict) --
id (string) --
ID of the DNS view.
arn (string) --
Amazon Resource Name (ARN) of the DNS view.
clientToken (string) --
A unique, case-sensitive identifier to ensure idempotency. This means that making the same request multiple times with the same clientToken has the same result every time.
dnssecValidation (string) --
Specifies whether DNSSEC is enabled or disabled for the DNS view.
ednsClientSubnet (string) --
Specifies whether edns0 client subnet is enabled.
firewallRulesFailOpen (string) --
Specifies the DNS Firewall failure mode configuration. When enabled, the DNS Firewall allows DNS queries to proceed if it's unable to properly evaluate them. When disabled, the DNS Firewall blocks DNS queries it's unable to evaluate.
name (string) --
Name of the DNS view.
description (string) --
Description of the DNS view.
globalResolverId (string) --
ID of the Global Resolver the DNS view is associated to.
createdAt (datetime) --
The time and date the DNS view was creates on.
updatedAt (datetime) --
The time and date the DNS view was updated on.
status (string) --
Operational status of the DNS view.
Lists all access sources with pagination support.
See also: AWS API Documentation
Request Syntax
client.list_access_sources(
maxResults=123,
nextToken='string',
filters={
'string': [
'string',
]
}
)
integer
The maximum number of results to retrieve in a single call.
string
A pagination token used for large sets of results that can't be returned in a single response.
dict
Values to filter the results.
(string) --
(list) --
(string) --
dict
Response Syntax
{
'nextToken': 'string',
'accessSources': [
{
'arn': 'string',
'cidr': 'string',
'createdAt': datetime(2015, 1, 1),
'id': 'string',
'ipAddressType': 'IPV4'|'IPV6',
'name': 'string',
'dnsViewId': 'string',
'protocol': 'DO53'|'DOH'|'DOT',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
nextToken (string) --
A pagination token used for large sets of results that can't be returned in a single response. Provide this token in the next call to get the results not returned in this call.
accessSources (list) --
An array containing information about the access sources, such as the ID, CIDR etc.
(dict) --
Summary information about an access source.
arn (string) --
The Amazon Resource Name (ARN) of the access source.
cidr (string) --
The CIDR block that defines the IP address range for the access source.
createdAt (datetime) --
The date and time when the access source was created.
id (string) --
The unique identifier of the access source.
ipAddressType (string) --
The IP address type of the access source.
name (string) --
The name of the access source.
dnsViewId (string) --
The ID of the DNS view that the access source is associated with.
protocol (string) --
The protocol used by the access source.
status (string) --
The current status of the access source.
updatedAt (datetime) --
The date and time when the access source was last updated.
Lists all firewall domain lists for a Route 53 Global Resolver with pagination support.
See also: AWS API Documentation
Request Syntax
client.list_firewall_domain_lists(
maxResults=123,
nextToken='string',
globalResolverId='string'
)
integer
The maximum number of results to retrieve in a single call.
string
A pagination token used for large sets of results that can't be returned in a single response.
string
The ID of the Global Resolver that contains the DNS view the domain lists are associated to.
dict
Response Syntax
{
'nextToken': 'string',
'firewallDomainLists': [
{
'arn': 'string',
'globalResolverId': 'string',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'id': 'string',
'name': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
nextToken (string) --
A pagination token used for large sets of results that can't be returned in a single response. Provide this token in the next call to get the results not returned in this call.
firewallDomainLists (list) --
List of the DNS Firewall domain lists.
(dict) --
Summary information about a firewall domain list.
arn (string) --
The Amazon Resource Name (ARN) of the firewall domain list.
globalResolverId (string) --
The ID of the global resolver that the firewall domain list is associated with.
createdAt (datetime) --
The date and time when the firewall domain list was created.
description (string) --
A description of the firewall domain list.
id (string) --
The unique identifier of the firewall domain list.
name (string) --
The name of the firewall domain list.
status (string) --
The current status of the firewall domain list.
updatedAt (datetime) --
The date and time when the firewall domain list was last updated.
Lists all the domains in DNS Firewall domain list you have created.
See also: AWS API Documentation
Request Syntax
client.list_firewall_domains(
maxResults=123,
nextToken='string',
firewallDomainListId='string'
)
integer
The maximum number of results to retrieve in a single call.
string
A pagination token used for large sets of results that can't be returned in a single response.
string
[REQUIRED]
ID of the DNS Firewall domain list.
dict
Response Syntax
{
'nextToken': 'string',
'domains': [
'string',
]
}
Response Structure
(dict) --
nextToken (string) --
A pagination token used for large sets of results that can't be returned in a single response. Provide this token in the next call to get the results not returned in this call.
domains (list) --
List of domains in the specified domain list.
(string) --
Retrieves information about a hosted zone association.
See also: AWS API Documentation
Request Syntax
client.get_hosted_zone_association(
hostedZoneAssociationId='string'
)
string
[REQUIRED]
ID of the private hosted zone association.
dict
Response Syntax
{
'id': 'string',
'resourceArn': 'string',
'hostedZoneId': 'string',
'hostedZoneName': 'string',
'name': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'DELETING'
}
Response Structure
(dict) --
id (string) --
ID of the private hosted zone association.
resourceArn (string) --
Amazon Resource Name (ARN) of the DNS view the private hosted zone is associated to.
hostedZoneId (string) --
ID of the hosted zone associated to the DNS view.
hostedZoneName (string) --
Name of the domain associated with the private hosted zone.
name (string) --
Name of the private hosted zone association.
createdAt (datetime) --
The time and date the private hosted zone association was created.
updatedAt (datetime) --
The time and date the private hosted zone association was updated.
status (string) --
The operational status of the private hosted zone association.
Deletes a DNS view. This operation cannot be undone.
See also: AWS API Documentation
Request Syntax
client.delete_dns_view(
dnsViewId='string'
)
string
[REQUIRED]
The unique identifier of the DNS view to delete.
dict
Response Syntax
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'dnssecValidation': 'ENABLED'|'DISABLED',
'ednsClientSubnet': 'ENABLED'|'DISABLED',
'firewallRulesFailOpen': 'ENABLED'|'DISABLED',
'name': 'string',
'description': 'string',
'globalResolverId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'ENABLING'|'DISABLING'|'DISABLED'|'DELETING'
}
Response Structure
(dict) --
id (string) --
The unique identifier of the deleted DNS view.
arn (string) --
The Amazon Resource Name (ARN) of the deleted DNS view.
clientToken (string) --
The unique string that identifies the request and ensures idempotency.
dnssecValidation (string) --
Whether DNSSEC validation was enabled for the deleted DNS view.
ednsClientSubnet (string) --
Whether EDNS Client Subnet injection was enabled for the deleted DNS view.
firewallRulesFailOpen (string) --
The firewall rules fail-open behavior that was configured for the deleted DNS view.
name (string) --
The name of the deleted DNS view.
description (string) --
The description of the deleted DNS view.
globalResolverId (string) --
The ID of the Route 53 Global Resolver that the deleted DNS view was associated with.
createdAt (datetime) --
The date and time when the DNS view was originally created.
updatedAt (datetime) --
The date and time when the DNS view was last updated before deletion.
status (string) --
The final status of the deleted DNS view.
Creates an access source for a DNS view. Access sources define IP addresses or CIDR ranges that are allowed to send DNS queries to the Route 53 Global Resolver, along with the permitted DNS protocols.
See also: AWS API Documentation
Request Syntax
client.create_access_source(
cidr='string',
clientToken='string',
ipAddressType='IPV4'|'IPV6',
name='string',
dnsViewId='string',
protocol='DO53'|'DOH'|'DOT',
tags={
'string': 'string'
}
)
string
[REQUIRED]
The IP address or CIDR range that is allowed to send DNS queries to the Route 53 Global Resolver.
string
A unique string that identifies the request and ensures idempotency.
This field is autopopulated if not provided.
string
The IP address type for this access source. Valid values are IPv4 and IPv6 (if the Route 53 Global Resolver supports dual-stack).
string
A descriptive name for the access source.
string
[REQUIRED]
The ID of the DNS view to associate with this access source.
string
[REQUIRED]
The DNS protocol that is permitted for this access source. Valid values are Do53 (DNS over port 53), DoT (DNS over TLS), and DoH (DNS over HTTPS).
dict
Tags to associate with the access source.
(string) --
(string) --
dict
Response Syntax
{
'arn': 'string',
'cidr': 'string',
'createdAt': datetime(2015, 1, 1),
'id': 'string',
'ipAddressType': 'IPV4'|'IPV6',
'name': 'string',
'dnsViewId': 'string',
'protocol': 'DO53'|'DOH'|'DOT',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
arn (string) --
The Amazon Resource Name (ARN) of the access source.
cidr (string) --
The IP address or CIDR range that is allowed to send DNS queries to the Route 53 Global Resolver.
createdAt (datetime) --
The date and time when the access source was created.
id (string) --
The unique identifier for the access source.
ipAddressType (string) --
The IP address type for this access source (IPv4 or IPv6).
name (string) --
The descriptive name of the access source.
dnsViewId (string) --
The ID of the DNS view associated with this access source.
protocol (string) --
The DNS protocol that is permitted for this access source (Do53, DoT, or DoH).
status (string) --
The operational status of the access source.
updatedAt (datetime) --
The date and time when the access source was last updated.
Retrieves information about a DNS firewall rule.
See also: AWS API Documentation
Request Syntax
client.get_firewall_rule(
firewallRuleId='string'
)
string
[REQUIRED]
ID of the DNS Firewall rule.
dict
Response Syntax
{
'action': 'ALLOW'|'ALERT'|'BLOCK',
'blockOverrideDnsType': 'CNAME',
'blockOverrideDomain': 'string',
'blockOverrideTtl': 123,
'blockResponse': 'NODATA'|'NXDOMAIN'|'OVERRIDE',
'confidenceThreshold': 'LOW'|'MEDIUM'|'HIGH',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'dnsAdvancedProtection': 'DGA'|'DNS_TUNNELING',
'firewallDomainListId': 'string',
'id': 'string',
'name': 'string',
'priority': 123,
'dnsViewId': 'string',
'queryType': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
action (string) --
The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advanced rule.
blockOverrideDnsType (string) --
The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
blockOverrideDomain (string) --
The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
blockOverrideTtl (integer) --
The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
blockResponse (string) --
The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK.
confidenceThreshold (string) --
The confidence threshold for DNS Firewall Advanced. You must provide this value when you create a DNS Firewall Advanced rule.
createdAt (datetime) --
The time and date the DNS Firewall rule was created.
description (string) --
The description of the DNS Firewall rule.
dnsAdvancedProtection (string) --
The type of the DNS Firewall Advanced rule. Valid values are DGA and DNS_TUNNELING.
firewallDomainListId (string) --
The ID of a DNS Firewall domain list.
id (string) --
ID of the DNS Firewall rule.
name (string) --
The name of the DNS Firewall rule.
priority (integer) --
The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
dnsViewId (string) --
The DNS view ID the DNS Firewall is associated with.
queryType (string) --
The DNS query type you want the rule to evaluate.
status (string) --
The operational status of the DNS Firewall rule.
updatedAt (datetime) --
The date and time the DNS Firewall rule was updated.
Retrieves information about an access token.
See also: AWS API Documentation
Request Syntax
client.get_access_token(
accessTokenId='string'
)
string
[REQUIRED]
ID of the token.
dict
Response Syntax
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'createdAt': datetime(2015, 1, 1),
'dnsViewId': 'string',
'expiresAt': datetime(2015, 1, 1),
'globalResolverId': 'string',
'name': 'string',
'status': 'CREATING'|'OPERATIONAL'|'DELETING',
'updatedAt': datetime(2015, 1, 1),
'value': 'string'
}
Response Structure
(dict) --
id (string) --
ID of the token.
arn (string) --
The Amazon Resource Name (ARN) of the token.
clientToken (string) --
A unique, case-sensitive identifier to ensure idempotency. This means that making the same request multiple times with the same clientToken has the same result every time.
createdAt (datetime) --
The time and date the token was created.
dnsViewId (string) --
ID of the DNS view the token is associated to.
expiresAt (datetime) --
The token's expiration time and date.
globalResolverId (string) --
ID of the Global Resolver.
name (string) --
Name of the token.
status (string) --
The operational status of the token.
updatedAt (datetime) --
The time and date the token was created.
value (string) --
The value of the token.
Disables a DNS view, preventing it from serving DNS queries.
See also: AWS API Documentation
Request Syntax
client.disable_dns_view(
dnsViewId='string'
)
string
[REQUIRED]
The unique identifier of the DNS view to disable.
dict
Response Syntax
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'dnssecValidation': 'ENABLED'|'DISABLED',
'ednsClientSubnet': 'ENABLED'|'DISABLED',
'firewallRulesFailOpen': 'ENABLED'|'DISABLED',
'name': 'string',
'description': 'string',
'globalResolverId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'ENABLING'|'DISABLING'|'DISABLED'|'DELETING'
}
Response Structure
(dict) --
id (string) --
The unique identifier of the disabled DNS view.
arn (string) --
The Amazon Resource Name (ARN) of the disabled DNS view.
clientToken (string) --
The unique string that identifies the request and ensures idempotency.
dnssecValidation (string) --
Whether DNSSEC validation is enabled for the disabled DNS view.
ednsClientSubnet (string) --
Whether EDNS Client Subnet injection is enabled for the disabled DNS view.
firewallRulesFailOpen (string) --
The firewall rules fail-open behavior configured for the disabled DNS view.
name (string) --
The name of the disabled DNS view.
description (string) --
The description of the disabled DNS view.
globalResolverId (string) --
The ID of the Route 53 Global Resolver that the disabled DNS view is associated with.
createdAt (datetime) --
The date and time when the DNS view was originally created.
updatedAt (datetime) --
The date and time when the DNS view was last updated.
status (string) --
The current status of the disabled DNS view.
Creates a new Route 53 Global Resolver instance. A Route 53 Global Resolver is a global, internet-accessible DNS resolver that provides secure DNS resolution for both public and private domains through global anycast IP addresses.
See also: AWS API Documentation
Request Syntax
client.create_global_resolver(
clientToken='string',
description='string',
name='string',
observabilityRegion='string',
regions=[
'string',
],
tags={
'string': 'string'
}
)
string
A unique string that identifies the request and ensures idempotency. If you make multiple requests with the same client token, only one Route 53 Global Resolver is created.
This field is autopopulated if not provided.
string
An optional description for the Route 53 Global Resolver instance. Maximum length of 1024 characters.
string
[REQUIRED]
A descriptive name for the Route 53 Global Resolver instance. Maximum length of 64 characters.
string
The AWS region where query resolution logs and metrics will be aggregated and delivered. If not specified, logging is not enabled.
list
[REQUIRED]
List of AWS regions where the Route 53 Global Resolver will operate. The resolver will be distributed across these regions to provide global availability and low-latency DNS resolution.
(string) --
dict
Tags to associate with the Route 53 Global Resolver. Tags are key-value pairs that help you organize and identify your resources.
(string) --
(string) --
dict
Response Syntax
{
'id': 'string',
'arn': 'string',
'clientToken': 'string',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'dnsName': 'string',
'ipv4Addresses': [
'string',
],
'name': 'string',
'observabilityRegion': 'string',
'regions': [
'string',
],
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
id (string) --
The unique identifier for the Route 53 Global Resolver.
arn (string) --
The Amazon Resource Name (ARN) of the Route 53 Global Resolver.
clientToken (string) --
The unique string that identifies the request and ensures idempotency.
createdAt (datetime) --
The date and time when the Route 53 Global Resolver was created.
description (string) --
The description of the Route 53 Global Resolver.
dnsName (string) --
The hostname that DNS clients should use for TLS certificate validation when connecting to the Route 53 Global Resolver. This value resolves to the global anycast IP addresses for the resolver.
ipv4Addresses (list) --
The global anycast IPv4 addresses associated with the Route 53 Global Resolver. DNS clients can send queries to these addresses from anywhere on the internet.
(string) --
name (string) --
The name of the Route 53 Global Resolver.
observabilityRegion (string) --
The AWS Region where observability data for the Route 53 Global Resolver is stored.
regions (list) --
The AWS Regions where the Route 53 Global Resolver is deployed and operational.
(string) --
status (string) --
The current status of the Route 53 Global Resolver. Possible values are CREATING (being provisioned), UPDATING (being modified), OPERATIONAL (ready to serve queries), or DELETING (being removed).
updatedAt (datetime) --
The date and time when the Route 53 Global Resolver was last updated.
Disassociates a Route 53 private hosted zone from a Route 53 Global Resolver resource.
See also: AWS API Documentation
Request Syntax
client.disassociate_hosted_zone(
hostedZoneId='string',
resourceArn='string'
)
string
[REQUIRED]
The ID of the Route 53 private hosted zone to disassociate.
string
[REQUIRED]
The Amazon Resource Name (ARN) of the Route 53 Global Resolver resource to disassociate the hosted zone from.
dict
Response Syntax
{
'id': 'string',
'resourceArn': 'string',
'hostedZoneId': 'string',
'hostedZoneName': 'string',
'name': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'DELETING'
}
Response Structure
(dict) --
id (string) --
The unique identifier of the disassociation.
resourceArn (string) --
The Amazon Resource Name (ARN) of the Route 53 Global Resolver resource that the hosted zone was disassociated from.
hostedZoneId (string) --
The ID of the Route 53 private hosted zone that was disassociated.
hostedZoneName (string) --
The name of the Route 53 private hosted zone that was disassociated.
name (string) --
The name of the association that was removed.
createdAt (datetime) --
The date and time when the association was originally created.
updatedAt (datetime) --
The date and time when the association was last updated before disassociation.
status (string) --
The final status of the disassociation.
Lists all hosted zone associations for a Route 53 Global Resolver resource with pagination support.
See also: AWS API Documentation
Request Syntax
client.list_hosted_zone_associations(
maxResults=123,
nextToken='string',
resourceArn='string'
)
integer
The maximum number of results to retrieve in a single call.
string
A pagination token used for large sets of results that can't be returned in a single response.
string
[REQUIRED]
Amazon Resource Name (ARN) of the DNS view.
dict
Response Syntax
{
'nextToken': 'string',
'hostedZoneAssociations': [
{
'id': 'string',
'resourceArn': 'string',
'hostedZoneId': 'string',
'hostedZoneName': 'string',
'name': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'DELETING'
},
]
}
Response Structure
(dict) --
nextToken (string) --
A pagination token used for large sets of results that can't be returned in a single response. Provide this token in the next call to get the results not returned in this call.
hostedZoneAssociations (list) --
List of the private hosted zone associations.
(dict) --
Summary information about a hosted zone association.
id (string) --
The unique identifier of the hosted zone association.
resourceArn (string) --
The Amazon Resource Name (ARN) of the resource associated with the hosted zone.
hostedZoneId (string) --
The ID of the hosted zone.
hostedZoneName (string) --
The name of the hosted zone.
name (string) --
The name of the hosted zone association.
createdAt (datetime) --
The date and time when the hosted zone association was created.
updatedAt (datetime) --
The date and time when the hosted zone association was last updated.
status (string) --
The current status of the hosted zone association.
Updates the configuration of a DNS firewall rule.
See also: AWS API Documentation
Request Syntax
client.update_firewall_rule(
action='ALLOW'|'ALERT'|'BLOCK',
blockOverrideDnsType='CNAME',
blockOverrideDomain='string',
blockOverrideTtl=123,
blockResponse='NODATA'|'NXDOMAIN'|'OVERRIDE',
clientToken='string',
confidenceThreshold='LOW'|'MEDIUM'|'HIGH',
description='string',
dnsAdvancedProtection='DGA'|'DNS_TUNNELING',
firewallRuleId='string',
name='string',
priority=123
)
string
The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advanced rule.
string
The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
string
The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
integer
The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
string
The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK.
string
[REQUIRED]
A unique, case-sensitive identifier to ensure idempotency. This means that making the same request multiple times with the same clientToken has the same result every time.
This field is autopopulated if not provided.
string
The confidence threshold for DNS Firewall Advanced. You must provide this value when you create a DNS Firewall Advanced rule.
string
The description for the Firewall rule.
string
The type of the DNS Firewall Advanced rule. Valid values are DGA and DNS_TUNNELING.
string
[REQUIRED]
The ID of the DNS Firewall rule.
string
The name of the DNS Firewall rule.
integer
The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
dict
Response Syntax
{
'action': 'ALLOW'|'ALERT'|'BLOCK',
'blockOverrideDnsType': 'CNAME',
'blockOverrideDomain': 'string',
'blockOverrideTtl': 123,
'blockResponse': 'NODATA'|'NXDOMAIN'|'OVERRIDE',
'confidenceThreshold': 'LOW'|'MEDIUM'|'HIGH',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'dnsAdvancedProtection': 'DGA'|'DNS_TUNNELING',
'firewallDomainListId': 'string',
'id': 'string',
'name': 'string',
'priority': 123,
'dnsViewId': 'string',
'queryType': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
action (string) --
The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advanced rule.
blockOverrideDnsType (string) --
The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
blockOverrideDomain (string) --
The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
blockOverrideTtl (integer) --
The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
blockResponse (string) --
The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK.
confidenceThreshold (string) --
The confidence threshold for DNS Firewall Advanced. You must provide this value when you create a DNS Firewall Advanced rule.
createdAt (datetime) --
The time and date the Firewall rule was created.
description (string) --
The description of the Firewall rule.
dnsAdvancedProtection (string) --
The type of the DNS Firewall Advanced rule. Valid values are DGA and DNS_TUNNELING.
firewallDomainListId (string) --
The ID of the domain list associated with the Firewall rule.
id (string) --
The ID of the Firewall rule.
name (string) --
The name of the Firewall rule.
priority (integer) --
The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
dnsViewId (string) --
The ID of the DNS view the Firewall rule is associated with.
queryType (string) --
The DNS query type you want the rule to evaluate.
status (string) --
The operational status of the firewall rule.
updatedAt (datetime) --
The time and date the rule was updated.
Associates a Route 53 private hosted zone with a Route 53 Global Resolver resource. This allows the resolver to resolve DNS queries for the private hosted zone from anywhere globally.
See also: AWS API Documentation
Request Syntax
client.associate_hosted_zone(
hostedZoneId='string',
resourceArn='string',
name='string'
)
string
[REQUIRED]
The ID of the Route 53 private hosted zone to associate with the Route 53 Global Resolver resource.
string
[REQUIRED]
An Amazon Resource Name (ARN) of the Route 53 Global Resolver the private hosted zone will be associated to.
string
[REQUIRED]
Name for the private hosted zone association.
dict
Response Syntax
{
'id': 'string',
'resourceArn': 'string',
'hostedZoneId': 'string',
'hostedZoneName': 'string',
'name': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'DELETING'
}
Response Structure
(dict) --
id (string) --
ID of the association.
resourceArn (string) --
An Amazon Resource Name (ARN) of the Route 53 Global Resolver the private hosted zone is associated to.
hostedZoneId (string) --
ID of the private hosted zone.
hostedZoneName (string) --
Name of the hosted zone (also the domain associated with the hosted zone).
name (string) --
Name for the private hosted zone association.
createdAt (datetime) --
The date and time the private hosted zone association was created.
updatedAt (datetime) --
The date and time the private hosted zone association was modified.
status (string) --
Aggregate status for all the AWS Regions in which the Route 53 Global Resolver exists.
Creates multiple DNS firewall rules in a single operation. This is more efficient than creating rules individually when you need to set up multiple rules at once.
See also: AWS API Documentation
Request Syntax
client.batch_create_firewall_rule(
firewallRules=[
{
'action': 'ALLOW'|'ALERT'|'BLOCK',
'blockOverrideDnsType': 'CNAME',
'blockOverrideDomain': 'string',
'blockOverrideTtl': 123,
'blockResponse': 'NODATA'|'NXDOMAIN'|'OVERRIDE',
'clientToken': 'string',
'confidenceThreshold': 'LOW'|'MEDIUM'|'HIGH',
'description': 'string',
'dnsAdvancedProtection': 'DGA'|'DNS_TUNNELING',
'firewallDomainListId': 'string',
'name': 'string',
'priority': 123,
'dnsViewId': 'string',
'qType': 'string'
},
]
)
list
[REQUIRED]
The BatchCreateFirewallRuleInputItem objects contain the information for each Firewall rule.
(dict) --
Information about a DNS Firewall rule to create in a batch operation.
action (string) -- [REQUIRED]
The action to take when a DNS query matches the firewall rule.
blockOverrideDnsType (string) --
The DNS record type for the custom response when the action is BLOCK.
blockOverrideDomain (string) --
The custom domain name for the BLOCK response.
blockOverrideTtl (integer) --
The TTL value for the custom response when the action is BLOCK.
blockResponse (string) --
The type of block response to return when the action is BLOCK.
clientToken (string) -- [REQUIRED]
A unique string that identifies the request and ensures idempotency.
confidenceThreshold (string) --
The confidence threshold for advanced threat detection.
description (string) --
A description of the firewall rule.
dnsAdvancedProtection (string) --
Whether to enable advanced DNS threat protection for the firewall rule.
firewallDomainListId (string) --
The ID of the firewall domain list to associate with the rule.
name (string) -- [REQUIRED]
A name for the firewall rule.
priority (integer) --
The priority of the firewall rule.
dnsViewId (string) -- [REQUIRED]
The ID of the DNS view to associate the firewall rule with.
qType (string) --
The DNS query type that the firewall rule should match.
dict
Response Syntax
{
'failures': [
{
'firewallRule': {
'action': 'ALLOW'|'ALERT'|'BLOCK',
'blockOverrideDnsType': 'CNAME',
'blockOverrideDomain': 'string',
'blockOverrideTtl': 123,
'blockResponse': 'NODATA'|'NXDOMAIN'|'OVERRIDE',
'clientToken': 'string',
'confidenceThreshold': 'LOW'|'MEDIUM'|'HIGH',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'dnsAdvancedProtection': 'DGA'|'DNS_TUNNELING',
'firewallDomainListId': 'string',
'id': 'string',
'managedDomainListName': 'string',
'name': 'string',
'priority': 123,
'dnsViewId': 'string',
'queryType': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
},
'code': 123,
'message': 'string'
},
],
'successes': [
{
'firewallRule': {
'action': 'ALLOW'|'ALERT'|'BLOCK',
'blockOverrideDnsType': 'CNAME',
'blockOverrideDomain': 'string',
'blockOverrideTtl': 123,
'blockResponse': 'NODATA'|'NXDOMAIN'|'OVERRIDE',
'clientToken': 'string',
'confidenceThreshold': 'LOW'|'MEDIUM'|'HIGH',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'dnsAdvancedProtection': 'DGA'|'DNS_TUNNELING',
'firewallDomainListId': 'string',
'id': 'string',
'managedDomainListName': 'string',
'name': 'string',
'priority': 123,
'dnsViewId': 'string',
'queryType': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
},
'code': 123,
'message': 'string'
},
]
}
Response Structure
(dict) --
failures (list) --
High level information about the DNS Firewall rules that failed to create.
(dict) --
Information about the result of creating a DNS Firewall rule in a batch operation.
firewallRule (dict) --
The firewall rule that was created in the batch operation.
action (string) --
The action configured for the created firewall rule.
blockOverrideDnsType (string) --
The DNS record type configured for the created firewall rule's custom response.
blockOverrideDomain (string) --
The custom domain name configured for the created firewall rule's BLOCK response.
blockOverrideTtl (integer) --
The TTL value configured for the created firewall rule's custom response.
blockResponse (string) --
The type of block response configured for the created firewall rule.
clientToken (string) --
The unique string that identified the request and ensured idempotency.
confidenceThreshold (string) --
The confidence threshold configured for the created firewall rule's advanced threat detection.
createdAt (datetime) --
The date and time when the firewall rule was created.
description (string) --
The description of the created firewall rule.
dnsAdvancedProtection (string) --
Whether advanced DNS threat protection is enabled for the created firewall rule.
firewallDomainListId (string) --
The ID of the firewall domain list associated with the created firewall rule.
id (string) --
The unique identifier of the created firewall rule.
managedDomainListName (string) --
The name of the managed domain list associated with the created firewall rule.
name (string) --
The name of the created firewall rule.
priority (integer) --
The priority of the created firewall rule.
dnsViewId (string) --
The ID of the DNS view associated with the created firewall rule.
queryType (string) --
The DNS query type that the created firewall rule matches.
status (string) --
The current status of the created firewall rule.
updatedAt (datetime) --
The date and time when the firewall rule was last updated.
code (integer) --
The HTTP response code for the batch operation result.
message (string) --
A message describing the result of the batch operation, including error details if applicable.
successes (list) --
High level information about the DNS Firewall rules that were created.
(dict) --
Information about the result of creating a DNS Firewall rule in a batch operation.
firewallRule (dict) --
The firewall rule that was created in the batch operation.
action (string) --
The action configured for the created firewall rule.
blockOverrideDnsType (string) --
The DNS record type configured for the created firewall rule's custom response.
blockOverrideDomain (string) --
The custom domain name configured for the created firewall rule's BLOCK response.
blockOverrideTtl (integer) --
The TTL value configured for the created firewall rule's custom response.
blockResponse (string) --
The type of block response configured for the created firewall rule.
clientToken (string) --
The unique string that identified the request and ensured idempotency.
confidenceThreshold (string) --
The confidence threshold configured for the created firewall rule's advanced threat detection.
createdAt (datetime) --
The date and time when the firewall rule was created.
description (string) --
The description of the created firewall rule.
dnsAdvancedProtection (string) --
Whether advanced DNS threat protection is enabled for the created firewall rule.
firewallDomainListId (string) --
The ID of the firewall domain list associated with the created firewall rule.
id (string) --
The unique identifier of the created firewall rule.
managedDomainListName (string) --
The name of the managed domain list associated with the created firewall rule.
name (string) --
The name of the created firewall rule.
priority (integer) --
The priority of the created firewall rule.
dnsViewId (string) --
The ID of the DNS view associated with the created firewall rule.
queryType (string) --
The DNS query type that the created firewall rule matches.
status (string) --
The current status of the created firewall rule.
updatedAt (datetime) --
The date and time when the firewall rule was last updated.
code (integer) --
The HTTP response code for the batch operation result.
message (string) --
A message describing the result of the batch operation, including error details if applicable.
Updates a DNS Firewall domain list from an array of specified domains.
See also: AWS API Documentation
Request Syntax
client.update_firewall_domains(
domains=[
'string',
],
firewallDomainListId='string',
operation='string'
)
list
[REQUIRED]
A list of the domains. You can add up to 1000 domains per request.
(string) --
string
[REQUIRED]
The ID of the DNS Firewall domain list to which you want to add the domains.
string
[REQUIRED]
The operation for updating the domain list. The allowed values are ADD, REMOVE, and REPLACE.
dict
Response Syntax
{
'id': 'string',
'name': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING'
}
Response Structure
(dict) --
id (string) --
The ID of the DNS Firewall domain list.
name (string) --
The name of the domain list.
status (string) --
The operational status of the domain list.
Updates the configuration of a hosted zone association.
See also: AWS API Documentation
Request Syntax
client.update_hosted_zone_association(
hostedZoneAssociationId='string',
name='string'
)
string
[REQUIRED]
The ID of the private hosted zone association.
string
The name you want to update the hosted zone association to.
dict
Response Syntax
{
'id': 'string',
'resourceArn': 'string',
'hostedZoneId': 'string',
'hostedZoneName': 'string',
'name': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'OPERATIONAL'|'DELETING'
}
Response Structure
(dict) --
id (string) --
The ID of the private hosted zone association.
resourceArn (string) --
The Amazon Resource Name (ARN) of the private hosted zone association.
hostedZoneId (string) --
The ID of the private hosted zone.
hostedZoneName (string) --
The name of the domain associated with the private hosted zone.
name (string) --
The name of the private hosted zone association.
createdAt (datetime) --
The time and date the private hosted zone association was created.
updatedAt (datetime) --
The time and date the private hosted zone association was updated.
status (string) --
The operational status of the private hosted zone association.
Deletes a DNS firewall rule. This operation cannot be undone.
See also: AWS API Documentation
Request Syntax
client.delete_firewall_rule(
firewallRuleId='string'
)
string
[REQUIRED]
The unique identifier of the firewall rule to delete.
dict
Response Syntax
{
'action': 'ALLOW'|'ALERT'|'BLOCK',
'blockOverrideDnsType': 'CNAME',
'blockOverrideDomain': 'string',
'blockOverrideTtl': 123,
'blockResponse': 'NODATA'|'NXDOMAIN'|'OVERRIDE',
'confidenceThreshold': 'LOW'|'MEDIUM'|'HIGH',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'dnsAdvancedProtection': 'DGA'|'DNS_TUNNELING',
'firewallDomainListId': 'string',
'id': 'string',
'name': 'string',
'priority': 123,
'dnsViewId': 'string',
'queryType': 'string',
'status': 'CREATING'|'OPERATIONAL'|'UPDATING'|'DELETING',
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
action (string) --
The action that was configured for the deleted firewall rule.
blockOverrideDnsType (string) --
The DNS record type that was configured for the deleted firewall rule's custom response.
blockOverrideDomain (string) --
The custom domain that was configured for the deleted firewall rule's BLOCK response.
blockOverrideTtl (integer) --
The TTL value that was configured for the deleted firewall rule's custom response.
blockResponse (string) --
The block response type that was configured for the deleted firewall rule.
confidenceThreshold (string) --
The confidence threshold that was configured for the deleted firewall rule's advanced threat detection.
createdAt (datetime) --
The date and time when the firewall rule was originally created.
description (string) --
The description of the deleted firewall rule.
dnsAdvancedProtection (string) --
Whether advanced DNS threat protection was enabled for the deleted firewall rule.
firewallDomainListId (string) --
The ID of the firewall domain list that was associated with the deleted firewall rule.
id (string) --
The unique identifier of the deleted firewall rule.
name (string) --
The name of the deleted firewall rule.
priority (integer) --
The priority that was configured for the deleted firewall rule.
dnsViewId (string) --
The ID of the DNS view that was associated with the deleted firewall rule.
queryType (string) --
The DNS query type that the deleted firewall rule was configured to match.
status (string) --
The final status of the deleted firewall rule.
updatedAt (datetime) --
The date and time when the firewall rule was last updated before deletion.