Client

route53resolver

R Documentation

Amazon Route 53 Resolver¶

Description¶

When you create a VPC using Amazon VPC, you automatically get DNS resolution within the VPC from Route 53 Resolver. By default, Resolver answers DNS queries for VPC domain names such as domain names for EC2 instances or Elastic Load Balancing load balancers. Resolver performs recursive lookups against public name servers for all other domain names.

You can also configure DNS resolution between your VPC and your network over a Direct Connect or VPN connection:

Forward DNS queries from resolvers on your network to Route 53 Resolver

DNS resolvers on your network can forward DNS queries to Resolver in a specified VPC. This allows your DNS resolvers to easily resolve domain names for Amazon Web Services resources such as EC2 instances or records in a Route 53 private hosted zone. For more information, see How DNS Resolvers on Your Network Forward DNS Queries to Route 53 Resolver in the Amazon Route 53 Developer Guide.

Conditionally forward queries from a VPC to resolvers on your network

You can configure Resolver to forward queries that it receives from EC2 instances in your VPCs to DNS resolvers on your network. To forward selected queries, you create Resolver rules that specify the domain names for the DNS queries that you want to forward (such as example.com), and the IP addresses of the DNS resolvers on your network that you want to forward the queries to. If a query matches multiple rules (example.com, acme.example.com), Resolver chooses the rule with the most specific match (acme.example.com) and forwards the query to the IP addresses that you specified in that rule. For more information, see How Route 53 Resolver Forwards DNS Queries from Your VPCs to Your Network in the Amazon Route 53 Developer Guide.

Like Amazon VPC, Resolver is Regional. In each Region where you have VPCs, you can choose whether to forward queries from your VPCs to your network (outbound queries), from your network to your VPCs (inbound queries), or both.

Usage¶

route53resolver(
  config = list(),
  credentials = list(),
  endpoint = NULL,
  region = NULL
)

Arguments¶

config

Optional configuration of credentials, endpoint, and/or region.

credentials:
- creds:
  - access_key_id: AWS access key ID
  - secret_access_key: AWS secret access key
  - session_token: AWS temporary session token
- profile: The name of a profile to use. If not given, then the default profile is used.
- anonymous: Set anonymous credentials.
endpoint: The complete URL to use for the constructed client.
region: The AWS Region used in instantiating the client.
close_connection: Immediately close all HTTP connections.
timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.
s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. ⁠http://s3.amazonaws.com/BUCKET/KEY⁠.
sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html

credentials

Optional credentials shorthand for the config parameter

creds:
- access_key_id: AWS access key ID
- secret_access_key: AWS secret access key
- session_token: AWS temporary session token
profile: The name of a profile to use. If not given, then the default profile is used.
anonymous: Set anonymous credentials.

endpoint

Optional shorthand for complete URL to use for the constructed client.

region

Optional shorthand for AWS Region used in instantiating the client.

Value¶

A client for the service. You can call the service's operations using syntax like svc$operation(...), where svc is the name you've assigned to the client. The available operations are listed in the Operations section.

Service syntax¶

svc <- route53resolver(
  config = list(
    credentials = list(
      creds = list(
        access_key_id = "string",
        secret_access_key = "string",
        session_token = "string"
      ),
      profile = "string",
      anonymous = "logical"
    ),
    endpoint = "string",
    region = "string",
    close_connection = "logical",
    timeout = "numeric",
    s3_force_path_style = "logical",
    sts_regional_endpoint = "string"
  ),
  credentials = list(
    creds = list(
      access_key_id = "string",
      secret_access_key = "string",
      session_token = "string"
    ),
    profile = "string",
    anonymous = "logical"
  ),
  endpoint = "string",
  region = "string"
)

Operations¶

associate_firewall_rule_group: Associates a FirewallRuleGroup with a VPC, to provide DNS filtering for the VPC; Adds IP addresses to an inbound or an outbound Resolver endpoint
associate_resolver_query_log_config: Associates an Amazon VPC with a specified query logging configuration
associate_resolver_rule: Associates a Resolver rule with a VPC
create_firewall_domain_list: Creates an empty firewall domain list for use in DNS Firewall rules
create_firewall_rule: Creates a single DNS Firewall rule in the specified rule group, using the specified domain list
create_firewall_rule_group: Creates an empty DNS Firewall rule group for filtering DNS network traffic in a VPC
create_outpost_resolver: Creates a Route 53 Resolver on an Outpost
create_resolver_endpoint: Creates a Resolver endpoint
create_resolver_query_log_config: Creates a Resolver query logging configuration, which defines where you want Resolver to save DNS query logs that originate in your VPCs
create_resolver_rule: For DNS queries that originate in your VPCs, specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network
delete_firewall_domain_list: Deletes the specified domain list
delete_firewall_rule: Deletes the specified firewall rule
delete_firewall_rule_group: Deletes the specified firewall rule group
delete_outpost_resolver: Deletes a Resolver on the Outpost
delete_resolver_endpoint: Deletes a Resolver endpoint
delete_resolver_query_log_config: Deletes a query logging configuration
delete_resolver_rule: Deletes a Resolver rule
disassociate_firewall_rule_group: Disassociates a FirewallRuleGroup from a VPC, to remove DNS filtering from the VPC; Removes IP addresses from an inbound or an outbound Resolver endpoint; Disassociates a VPC from a query logging configuration
disassociate_resolver_rule: Removes the association between a specified Resolver rule and a specified VPC
get_firewall_config: Retrieves the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC)
get_firewall_domain_list: Retrieves the specified firewall domain list
get_firewall_rule_group: Retrieves the specified firewall rule group
get_firewall_rule_group_association: Retrieves a firewall rule group association, which enables DNS filtering for a VPC with one rule group
get_firewall_rule_group_policy: Returns the Identity and Access Management (Amazon Web Services IAM) policy for sharing the specified rule group
get_outpost_resolver: Gets information about a specified Resolver on the Outpost, such as its instance count and type, name, and the current status of the Resolver
get_resolver_config: Retrieves the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud
get_resolver_dnssec_config: Gets DNSSEC validation information for a specified resource
get_resolver_endpoint: Gets information about a specified Resolver endpoint, such as whether it's an inbound or an outbound Resolver endpoint, and the current status of the endpoint
get_resolver_query_log_config: Gets information about a specified Resolver query logging configuration, such as the number of VPCs that the configuration is logging queries for and the location that logs are sent to; Gets information about a specified association between a Resolver query logging configuration and an Amazon VPC
get_resolver_query_log_config_policy: Gets information about a query logging policy
get_resolver_rule: Gets information about a specified Resolver rule, such as the domain name that the rule forwards DNS queries for and the ID of the outbound Resolver endpoint that the rule is associated with
get_resolver_rule_association: Gets information about an association between a specified Resolver rule and a VPC
get_resolver_rule_policy: Gets information about the Resolver rule policy for a specified rule
import_firewall_domains: Imports domain names from a file into a domain list, for use in a DNS firewall rule group
list_firewall_configs: Retrieves the firewall configurations that you have defined
list_firewall_domain_lists: Retrieves the firewall domain lists that you have defined
list_firewall_domains: Retrieves the domains that you have defined for the specified firewall domain list
list_firewall_rule_group_associations: Retrieves the firewall rule group associations that you have defined
list_firewall_rule_groups: Retrieves the minimal high-level information for the rule groups that you have defined
list_firewall_rules: Retrieves the firewall rules that you have defined for the specified firewall rule group
list_outpost_resolvers: Lists all the Resolvers on Outposts that were created using the current Amazon Web Services account
list_resolver_configs: Retrieves the Resolver configurations that you have defined
list_resolver_dnssec_configs: Lists the configurations for DNSSEC validation that are associated with the current Amazon Web Services account
list_resolver_endpoint_ip_addresses: Gets the IP addresses for a specified Resolver endpoint
list_resolver_endpoints: Lists all the Resolver endpoints that were created using the current Amazon Web Services account; Lists information about associations between Amazon VPCs and query logging configurations
list_resolver_query_log_configs: Lists information about the specified query logging configurations
list_resolver_rule_associations: Lists the associations that were created between Resolver rules and VPCs using the current Amazon Web Services account
list_resolver_rules: Lists the Resolver rules that were created using the current Amazon Web Services account
list_tags_for_resource: Lists the tags that you associated with the specified resource
put_firewall_rule_group_policy: Attaches an Identity and Access Management (Amazon Web Services IAM) policy for sharing the rule group
put_resolver_query_log_config_policy: Specifies an Amazon Web Services account that you want to share a query logging configuration with, the query logging configuration that you want to share, and the operations that you want the account to be able to perform on the configuration
put_resolver_rule_policy: Specifies an Amazon Web Services rule that you want to share with another account, the account that you want to share the rule with, and the operations that you want the account to be able to perform on the rule
tag_resource: Adds one or more tags to a specified resource
untag_resource: Removes one or more tags from a specified resource
update_firewall_config: Updates the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC)
update_firewall_domains: Updates the firewall domain list from an array of domain specifications
update_firewall_rule: Updates the specified firewall rule; Changes the association of a FirewallRuleGroup with a VPC
update_outpost_resolver: You can use UpdateOutpostResolver to update the instance count, type, or name of a Resolver on an Outpost
update_resolver_config: Updates the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud
update_resolver_dnssec_config: Updates an existing DNSSEC validation configuration
update_resolver_endpoint: Updates the name, or endpoint type for an inbound or an outbound Resolver endpoint
update_resolver_rule: Updates settings for a specified Resolver rule

Examples¶

## Not run: 
svc <- route53resolver()
svc$associate_firewall_rule_group(
  Foo = 123
)

## End(Not run)