Route53ResolverClient
When you create a VPC using Amazon VPC, you automatically get DNS resolution within the VPC from Route 53 Resolver. By default, Resolver answers DNS queries for VPC domain names such as domain names for EC2 instances or Elastic Load Balancing load balancers. Resolver performs recursive lookups against public name servers for all other domain names.
You can also configure DNS resolution between your VPC and your network over a Direct Connect or VPN connection:
Forward DNS queries from resolvers on your network to Route 53 Resolver
DNS resolvers on your network can forward DNS queries to Resolver in a specified VPC. This allows your DNS resolvers to easily resolve domain names for Amazon Web Services resources such as EC2 instances or records in a Route 53 private hosted zone. For more information, see How DNS Resolvers on Your Network Forward DNS Queries to Route 53 Resolver in the Amazon Route 53 Developer Guide.
Conditionally forward queries from a VPC to resolvers on your network
You can configure Resolver to forward queries that it receives from EC2 instances in your VPCs to DNS resolvers on your network. To forward selected queries, you create Resolver rules that specify the domain names for the DNS queries that you want to forward (such as example.com), and the IP addresses of the DNS resolvers on your network that you want to forward the queries to. If a query matches multiple rules (example.com, acme.example.com), Resolver chooses the rule with the most specific match (acme.example.com) and forwards the query to the IP addresses that you specified in that rule. For more information, see How Route 53 Resolver Forwards DNS Queries from Your VPCs to Your Network in the Amazon Route 53 Developer Guide.
Like Amazon VPC, Resolver is Regional. In each Region where you have VPCs, you can choose whether to forward queries from your VPCs to your network (outbound queries), from your network to your VPCs (inbound queries), or both.
Functions
Associates a FirewallRuleGroup with a VPC, to provide DNS filtering for the VPC.
Adds IP addresses to an inbound or an outbound Resolver endpoint. If you want to add more than one IP address, submit one AssociateResolverEndpointIpAddress request for each IP address.
Associates an Amazon VPC with a specified query logging configuration. Route 53 Resolver logs DNS queries that originate in all of the Amazon VPCs that are associated with a specified query logging configuration. To associate more than one VPC with a configuration, submit one AssociateResolverQueryLogConfig request for each VPC.
Associates a Resolver rule with a VPC. When you associate a rule with a VPC, Resolver forwards all DNS queries for the domain name that is specified in the rule and that originate in the VPC. The queries are forwarded to the IP addresses for the DNS resolvers that are specified in the rule. For more information about rules, see CreateResolverRule.
Creates an empty firewall domain list for use in DNS Firewall rules. You can populate the domains for the new list with a file, using ImportFirewallDomains, or with domain strings, using UpdateFirewallDomains.
Creates a single DNS Firewall rule in the specified rule group, using the specified domain list.
Creates an empty DNS Firewall rule group for filtering DNS network traffic in a VPC. You can add rules to the new rule group by calling CreateFirewallRule.
Creates a Route 53 Resolver on an Outpost.
Creates a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound:
Creates a Resolver query logging configuration, which defines where you want Resolver to save DNS query logs that originate in your VPCs. Resolver can log queries only for VPCs that are in the same Region as the query logging configuration.
For DNS queries that originate in your VPCs, specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network.
Deletes the specified domain list.
Deletes the specified firewall rule.
Deletes the specified firewall rule group.
Deletes a Resolver on the Outpost.
Deletes a Resolver endpoint. The effect of deleting a Resolver endpoint depends on whether it's an inbound or an outbound Resolver endpoint:
Deletes a query logging configuration. When you delete a configuration, Resolver stops logging DNS queries for all of the Amazon VPCs that are associated with the configuration. This also applies if the query logging configuration is shared with other Amazon Web Services accounts, and the other accounts have associated VPCs with the shared configuration.
Deletes a Resolver rule. Before you can delete a Resolver rule, you must disassociate it from all the VPCs that you associated the Resolver rule with. For more information, see DisassociateResolverRule.
Disassociates a FirewallRuleGroup from a VPC, to remove DNS filtering from the VPC.
Removes IP addresses from an inbound or an outbound Resolver endpoint. If you want to remove more than one IP address, submit one DisassociateResolverEndpointIpAddress request for each IP address.
Disassociates a VPC from a query logging configuration.
Removes the association between a specified Resolver rule and a specified VPC.
Retrieves the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC).
Retrieves the specified firewall domain list.
Retrieves the specified firewall rule group.
Retrieves a firewall rule group association, which enables DNS filtering for a VPC with one rule group. A VPC can have more than one firewall rule group association, and a rule group can be associated with more than one VPC.
Returns the Identity and Access Management (Amazon Web Services IAM) policy for sharing the specified rule group. You can use the policy to share the rule group using Resource Access Manager (RAM).
Gets information about a specified Resolver on the Outpost, such as its instance count and type, name, and the current status of the Resolver.
Retrieves the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud.
Gets DNSSEC validation information for a specified resource.
Gets information about a specified Resolver endpoint, such as whether it's an inbound or an outbound Resolver endpoint, and the current status of the endpoint.
Gets information about a specified Resolver query logging configuration, such as the number of VPCs that the configuration is logging queries for and the location that logs are sent to.
Gets information about a specified association between a Resolver query logging configuration and an Amazon VPC. When you associate a VPC with a query logging configuration, Resolver logs DNS queries that originate in that VPC.
Gets information about a query logging policy. A query logging policy specifies the Resolver query logging operations and resources that you want to allow another Amazon Web Services account to be able to use.
Gets information about a specified Resolver rule, such as the domain name that the rule forwards DNS queries for and the ID of the outbound Resolver endpoint that the rule is associated with.
Gets information about an association between a specified Resolver rule and a VPC. You associate a Resolver rule and a VPC using AssociateResolverRule.
Gets information about the Resolver rule policy for a specified rule. A Resolver rule policy includes the rule that you want to share with another account, the account that you want to share the rule with, and the Resolver operations that you want to allow the account to use.
Imports domain names from a file into a domain list, for use in a DNS firewall rule group.
Retrieves the firewall configurations that you have defined. DNS Firewall uses the configurations to manage firewall behavior for your VPCs.
Retrieves the firewall domain lists that you have defined. For each firewall domain list, you can retrieve the domains that are defined for a list by calling ListFirewallDomains.
Retrieves the domains that you have defined for the specified firewall domain list.
Retrieves the firewall rule group associations that you have defined. Each association enables DNS filtering for a VPC with one rule group.
Retrieves the minimal high-level information for the rule groups that you have defined.
Retrieves the firewall rules that you have defined for the specified firewall rule group. DNS Firewall uses the rules in a rule group to filter DNS network traffic for a VPC.
Lists all the Resolvers on Outposts that were created using the current Amazon Web Services account.
Retrieves the Resolver configurations that you have defined. Route 53 Resolver uses the configurations to manage DNS resolution behavior for your VPCs.
Lists the configurations for DNSSEC validation that are associated with the current Amazon Web Services account.
Gets the IP addresses for a specified Resolver endpoint.
Lists all the Resolver endpoints that were created using the current Amazon Web Services account.
Lists information about associations between Amazon VPCs and query logging configurations.
Lists information about the specified query logging configurations. Each configuration defines where you want Resolver to save DNS query logs and specifies the VPCs that you want to log queries for.
Lists the associations that were created between Resolver rules and VPCs using the current Amazon Web Services account.
Lists the Resolver rules that were created using the current Amazon Web Services account.
Lists the tags that you associated with the specified resource.
Attaches an Identity and Access Management (Amazon Web Services IAM) policy for sharing the rule group. You can use the policy to share the rule group using Resource Access Manager (RAM).
Specifies an Amazon Web Services account that you want to share a query logging configuration with, the query logging configuration that you want to share, and the operations that you want the account to be able to perform on the configuration.
Specifies an Amazon Web Services rule that you want to share with another account, the account that you want to share the rule with, and the operations that you want the account to be able to perform on the rule.
Adds one or more tags to a specified resource.
Removes one or more tags from a specified resource.
Updates the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC).
Updates the firewall domain list from an array of domain specifications.
Updates the specified firewall rule.
Changes the association of a FirewallRuleGroup with a VPC. The association enables DNS filtering for the VPC.
You can use UpdateOutpostResolver to update the instance count, type, or name of a Resolver on an Outpost.
Updates the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud.
Updates an existing DNSSEC validation configuration. If there is no existing DNSSEC validation configuration, one is created.
Updates the name, or endpoint type for an inbound or an outbound Resolver endpoint. You can only update between IPV4 and DUALSTACK, IPV6 endpoint type can't be updated to other type.
Updates settings for a specified Resolver rule. ResolverRuleId is required, and all other parameters are optional. If you don't specify a parameter, it retains its current value.
Inherited functions
Associates a FirewallRuleGroup with a VPC, to provide DNS filtering for the VPC.
Adds IP addresses to an inbound or an outbound Resolver endpoint. If you want to add more than one IP address, submit one AssociateResolverEndpointIpAddress request for each IP address.
Associates an Amazon VPC with a specified query logging configuration. Route 53 Resolver logs DNS queries that originate in all of the Amazon VPCs that are associated with a specified query logging configuration. To associate more than one VPC with a configuration, submit one AssociateResolverQueryLogConfig request for each VPC.
Associates a Resolver rule with a VPC. When you associate a rule with a VPC, Resolver forwards all DNS queries for the domain name that is specified in the rule and that originate in the VPC. The queries are forwarded to the IP addresses for the DNS resolvers that are specified in the rule. For more information about rules, see CreateResolverRule.
Creates an empty firewall domain list for use in DNS Firewall rules. You can populate the domains for the new list with a file, using ImportFirewallDomains, or with domain strings, using UpdateFirewallDomains.
Creates a single DNS Firewall rule in the specified rule group, using the specified domain list.
Creates an empty DNS Firewall rule group for filtering DNS network traffic in a VPC. You can add rules to the new rule group by calling CreateFirewallRule.
Creates a Route 53 Resolver on an Outpost.
Creates a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound:
Creates a Resolver query logging configuration, which defines where you want Resolver to save DNS query logs that originate in your VPCs. Resolver can log queries only for VPCs that are in the same Region as the query logging configuration.
For DNS queries that originate in your VPCs, specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network.
Deletes the specified domain list.
Deletes the specified firewall rule.
Deletes the specified firewall rule group.
Deletes a Resolver on the Outpost.
Deletes a Resolver endpoint. The effect of deleting a Resolver endpoint depends on whether it's an inbound or an outbound Resolver endpoint:
Deletes a query logging configuration. When you delete a configuration, Resolver stops logging DNS queries for all of the Amazon VPCs that are associated with the configuration. This also applies if the query logging configuration is shared with other Amazon Web Services accounts, and the other accounts have associated VPCs with the shared configuration.
Deletes a Resolver rule. Before you can delete a Resolver rule, you must disassociate it from all the VPCs that you associated the Resolver rule with. For more information, see DisassociateResolverRule.
Disassociates a FirewallRuleGroup from a VPC, to remove DNS filtering from the VPC.
Removes IP addresses from an inbound or an outbound Resolver endpoint. If you want to remove more than one IP address, submit one DisassociateResolverEndpointIpAddress request for each IP address.
Disassociates a VPC from a query logging configuration.
Removes the association between a specified Resolver rule and a specified VPC.
Retrieves the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC).
Retrieves the specified firewall domain list.
Retrieves the specified firewall rule group.
Retrieves a firewall rule group association, which enables DNS filtering for a VPC with one rule group. A VPC can have more than one firewall rule group association, and a rule group can be associated with more than one VPC.
Returns the Identity and Access Management (Amazon Web Services IAM) policy for sharing the specified rule group. You can use the policy to share the rule group using Resource Access Manager (RAM).
Gets information about a specified Resolver on the Outpost, such as its instance count and type, name, and the current status of the Resolver.
Retrieves the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud.
Gets DNSSEC validation information for a specified resource.
Gets information about a specified Resolver endpoint, such as whether it's an inbound or an outbound Resolver endpoint, and the current status of the endpoint.
Gets information about a specified Resolver query logging configuration, such as the number of VPCs that the configuration is logging queries for and the location that logs are sent to.
Gets information about a specified association between a Resolver query logging configuration and an Amazon VPC. When you associate a VPC with a query logging configuration, Resolver logs DNS queries that originate in that VPC.
Gets information about a query logging policy. A query logging policy specifies the Resolver query logging operations and resources that you want to allow another Amazon Web Services account to be able to use.
Gets information about a specified Resolver rule, such as the domain name that the rule forwards DNS queries for and the ID of the outbound Resolver endpoint that the rule is associated with.
Gets information about an association between a specified Resolver rule and a VPC. You associate a Resolver rule and a VPC using AssociateResolverRule.
Gets information about the Resolver rule policy for a specified rule. A Resolver rule policy includes the rule that you want to share with another account, the account that you want to share the rule with, and the Resolver operations that you want to allow the account to use.
Imports domain names from a file into a domain list, for use in a DNS firewall rule group.
Retrieves the firewall configurations that you have defined. DNS Firewall uses the configurations to manage firewall behavior for your VPCs.
Paginate over ListFirewallConfigsResponse results.
Retrieves the firewall domain lists that you have defined. For each firewall domain list, you can retrieve the domains that are defined for a list by calling ListFirewallDomains.
Paginate over ListFirewallDomainListsResponse results.
Retrieves the domains that you have defined for the specified firewall domain list.
Paginate over ListFirewallDomainsResponse results.
Retrieves the firewall rule group associations that you have defined. Each association enables DNS filtering for a VPC with one rule group.
Paginate over ListFirewallRuleGroupAssociationsResponse results.
Retrieves the minimal high-level information for the rule groups that you have defined.
Paginate over ListFirewallRuleGroupsResponse results.
Retrieves the firewall rules that you have defined for the specified firewall rule group. DNS Firewall uses the rules in a rule group to filter DNS network traffic for a VPC.
Paginate over ListFirewallRulesResponse results.
Lists all the Resolvers on Outposts that were created using the current Amazon Web Services account.
Paginate over ListOutpostResolversResponse results.
Retrieves the Resolver configurations that you have defined. Route 53 Resolver uses the configurations to manage DNS resolution behavior for your VPCs.
Paginate over ListResolverConfigsResponse results.
Lists the configurations for DNSSEC validation that are associated with the current Amazon Web Services account.
Paginate over ListResolverDnssecConfigsResponse results.
Gets the IP addresses for a specified Resolver endpoint.
Paginate over ListResolverEndpointIpAddressesResponse results.
Lists all the Resolver endpoints that were created using the current Amazon Web Services account.
Paginate over ListResolverEndpointsResponse results.
Lists information about associations between Amazon VPCs and query logging configurations.
Paginate over ListResolverQueryLogConfigAssociationsResponse results.
Lists information about the specified query logging configurations. Each configuration defines where you want Resolver to save DNS query logs and specifies the VPCs that you want to log queries for.
Paginate over ListResolverQueryLogConfigsResponse results.
Lists the associations that were created between Resolver rules and VPCs using the current Amazon Web Services account.
Paginate over ListResolverRuleAssociationsResponse results.
Lists the Resolver rules that were created using the current Amazon Web Services account.
Paginate over ListResolverRulesResponse results.
Lists the tags that you associated with the specified resource.
Paginate over ListTagsForResourceResponse results.
Attaches an Identity and Access Management (Amazon Web Services IAM) policy for sharing the rule group. You can use the policy to share the rule group using Resource Access Manager (RAM).
Specifies an Amazon Web Services account that you want to share a query logging configuration with, the query logging configuration that you want to share, and the operations that you want the account to be able to perform on the configuration.
Specifies an Amazon Web Services rule that you want to share with another account, the account that you want to share the rule with, and the operations that you want the account to be able to perform on the rule.
Adds one or more tags to a specified resource.
Removes one or more tags from a specified resource.
Updates the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC).
Updates the firewall domain list from an array of domain specifications.
Updates the specified firewall rule.
Changes the association of a FirewallRuleGroup with a VPC. The association enables DNS filtering for the VPC.
You can use UpdateOutpostResolver to update the instance count, type, or name of a Resolver on an Outpost.
Updates the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud.
Updates an existing DNSSEC validation configuration. If there is no existing DNSSEC validation configuration, one is created.
Updates the name, or endpoint type for an inbound or an outbound Resolver endpoint. You can only update between IPV4 and DUALSTACK, IPV6 endpoint type can't be updated to other type.
Updates settings for a specified Resolver rule. ResolverRuleId is required, and all other parameters are optional. If you don't specify a parameter, it retains its current value.
Create a copy of the client with one or more configuration values overridden. This method allows the caller to perform scoped config overrides for one or more client operations.