When you create a VPC using Amazon VPC, you automatically get DNS resolution within the VPC from Route 53 Resolver. By default, Resolver answers DNS queries for VPC domain names such as domain names for EC2 instances or Elastic Load Balancing load balancers. Resolver performs recursive lookups against public name servers for all other domain names.
You can also configure DNS resolution between your VPC and your network over a Direct Connect or VPN connection:
Forward DNS queries from resolvers on your network to Route 53 Resolver
DNS resolvers on your network can forward DNS queries to Resolver in a specified VPC. This allows your DNS resolvers to easily resolve domain names for Amazon Web Services resources such as EC2 instances or records in a Route 53 private hosted zone. For more information, see How DNS Resolvers on Your Network Forward DNS Queries to Route 53 Resolver in the Amazon Route 53 Developer Guide.
Conditionally forward queries from a VPC to resolvers on your network
You can configure Resolver to forward queries that it receives from EC2 instances in your VPCs to DNS resolvers on your network. To forward selected queries, you create Resolver rules that specify the domain names for the DNS queries that you want to forward (such as example.com), and the IP addresses of the DNS resolvers on your network that you want to forward the queries to. If a query matches multiple rules (example.com, acme.example.com), Resolver chooses the rule with the most specific match (acme.example.com) and forwards the query to the IP addresses that you specified in that rule. For more information, see How Route 53 Resolver Forwards DNS Queries from Your VPCs to Your Network in the Amazon Route 53 Developer Guide.
Like Amazon VPC, Resolver is Regional. In each Region where you have VPCs, you can choose whether to forward queries from your VPCs to your network (outbound queries), from your network to your VPCs (inbound queries), or both.
route53resolver(
config = list(),
credentials = list(),
endpoint = NULL,
region = NULL
)A client for the service. You can call the service's operations using
syntax like svc$operation(...), where svc is the name you've assigned
to the client. The available operations are listed in the
Operations section.
Optional configuration of credentials, endpoint, and/or region.
credentials:
creds:
access_key_id: AWS access key ID
secret_access_key: AWS secret access key
session_token: AWS temporary session token
profile: The name of a profile to use. If not given, then the default profile is used.
anonymous: Set anonymous credentials.
endpoint: The complete URL to use for the constructed client.
region: The AWS Region used in instantiating the client.
close_connection: Immediately close all HTTP connections.
timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.
s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. http://s3.amazonaws.com/BUCKET/KEY.
sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html
Optional credentials shorthand for the config parameter
creds:
access_key_id: AWS access key ID
secret_access_key: AWS secret access key
session_token: AWS temporary session token
profile: The name of a profile to use. If not given, then the default profile is used.
anonymous: Set anonymous credentials.
Optional shorthand for complete URL to use for the constructed client.
Optional shorthand for AWS Region used in instantiating the client.
svc <- route53resolver(
config = list(
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string",
close_connection = "logical",
timeout = "numeric",
s3_force_path_style = "logical",
sts_regional_endpoint = "string"
),
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string"
)
| associate_firewall_rule_group | Associates a FirewallRuleGroup with a VPC, to provide DNS filtering for the VPC |
| associate_resolver_endpoint_ip_address | Adds IP addresses to an inbound or an outbound Resolver endpoint |
| associate_resolver_query_log_config | Associates an Amazon VPC with a specified query logging configuration |
| associate_resolver_rule | Associates a Resolver rule with a VPC |
| create_firewall_domain_list | Creates an empty firewall domain list for use in DNS Firewall rules |
| create_firewall_rule | Creates a single DNS Firewall rule in the specified rule group, using the specified domain list |
| create_firewall_rule_group | Creates an empty DNS Firewall rule group for filtering DNS network traffic in a VPC |
| create_outpost_resolver | Creates a Route 53 Resolver on an Outpost |
| create_resolver_endpoint | Creates a Resolver endpoint |
| create_resolver_query_log_config | Creates a Resolver query logging configuration, which defines where you want Resolver to save DNS query logs that originate in your VPCs |
| create_resolver_rule | For DNS queries that originate in your VPCs, specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network |
| delete_firewall_domain_list | Deletes the specified domain list |
| delete_firewall_rule | Deletes the specified firewall rule |
| delete_firewall_rule_group | Deletes the specified firewall rule group |
| delete_outpost_resolver | Deletes a Resolver on the Outpost |
| delete_resolver_endpoint | Deletes a Resolver endpoint |
| delete_resolver_query_log_config | Deletes a query logging configuration |
| delete_resolver_rule | Deletes a Resolver rule |
| disassociate_firewall_rule_group | Disassociates a FirewallRuleGroup from a VPC, to remove DNS filtering from the VPC |
| disassociate_resolver_endpoint_ip_address | Removes IP addresses from an inbound or an outbound Resolver endpoint |
| disassociate_resolver_query_log_config | Disassociates a VPC from a query logging configuration |
| disassociate_resolver_rule | Removes the association between a specified Resolver rule and a specified VPC |
| get_firewall_config | Retrieves the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC) |
| get_firewall_domain_list | Retrieves the specified firewall domain list |
| get_firewall_rule_group | Retrieves the specified firewall rule group |
| get_firewall_rule_group_association | Retrieves a firewall rule group association, which enables DNS filtering for a VPC with one rule group |
| get_firewall_rule_group_policy | Returns the Identity and Access Management (Amazon Web Services IAM) policy for sharing the specified rule group |
| get_outpost_resolver | Gets information about a specified Resolver on the Outpost, such as its instance count and type, name, and the current status of the Resolver |
| get_resolver_config | Retrieves the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud |
| get_resolver_dnssec_config | Gets DNSSEC validation information for a specified resource |
| get_resolver_endpoint | Gets information about a specified Resolver endpoint, such as whether it's an inbound or an outbound Resolver endpoint, and the current status of the endpoint |
| get_resolver_query_log_config | Gets information about a specified Resolver query logging configuration, such as the number of VPCs that the configuration is logging queries for and the location that logs are sent to |
| get_resolver_query_log_config_association | Gets information about a specified association between a Resolver query logging configuration and an Amazon VPC |
| get_resolver_query_log_config_policy | Gets information about a query logging policy |
| get_resolver_rule | Gets information about a specified Resolver rule, such as the domain name that the rule forwards DNS queries for and the ID of the outbound Resolver endpoint that the rule is associated with |
| get_resolver_rule_association | Gets information about an association between a specified Resolver rule and a VPC |
| get_resolver_rule_policy | Gets information about the Resolver rule policy for a specified rule |
| import_firewall_domains | Imports domain names from a file into a domain list, for use in a DNS firewall rule group |
| list_firewall_configs | Retrieves the firewall configurations that you have defined |
| list_firewall_domain_lists | Retrieves the firewall domain lists that you have defined |
| list_firewall_domains | Retrieves the domains that you have defined for the specified firewall domain list |
| list_firewall_rule_group_associations | Retrieves the firewall rule group associations that you have defined |
| list_firewall_rule_groups | Retrieves the minimal high-level information for the rule groups that you have defined |
| list_firewall_rules | Retrieves the firewall rules that you have defined for the specified firewall rule group |
| list_outpost_resolvers | Lists all the Resolvers on Outposts that were created using the current Amazon Web Services account |
| list_resolver_configs | Retrieves the Resolver configurations that you have defined |
| list_resolver_dnssec_configs | Lists the configurations for DNSSEC validation that are associated with the current Amazon Web Services account |
| list_resolver_endpoint_ip_addresses | Gets the IP addresses for a specified Resolver endpoint |
| list_resolver_endpoints | Lists all the Resolver endpoints that were created using the current Amazon Web Services account |
| list_resolver_query_log_config_associations | Lists information about associations between Amazon VPCs and query logging configurations |
| list_resolver_query_log_configs | Lists information about the specified query logging configurations |
| list_resolver_rule_associations | Lists the associations that were created between Resolver rules and VPCs using the current Amazon Web Services account |
| list_resolver_rules | Lists the Resolver rules that were created using the current Amazon Web Services account |
| list_tags_for_resource | Lists the tags that you associated with the specified resource |
| put_firewall_rule_group_policy | Attaches an Identity and Access Management (Amazon Web Services IAM) policy for sharing the rule group |
| put_resolver_query_log_config_policy | Specifies an Amazon Web Services account that you want to share a query logging configuration with, the query logging configuration that you want to share, and the operations that you want the account to be able to perform on the configuration |
| put_resolver_rule_policy | Specifies an Amazon Web Services rule that you want to share with another account, the account that you want to share the rule with, and the operations that you want the account to be able to perform on the rule |
| tag_resource | Adds one or more tags to a specified resource |
| untag_resource | Removes one or more tags from a specified resource |
| update_firewall_config | Updates the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC) |
| update_firewall_domains | Updates the firewall domain list from an array of domain specifications |
| update_firewall_rule | Updates the specified firewall rule |
| update_firewall_rule_group_association | Changes the association of a FirewallRuleGroup with a VPC |
| update_outpost_resolver | You can use UpdateOutpostResolver to update the instance count, type, or name of a Resolver on an Outpost |
| update_resolver_config | Updates the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud |
| update_resolver_dnssec_config | Updates an existing DNSSEC validation configuration |
| update_resolver_endpoint | Updates the name, or endpoint type for an inbound or an outbound Resolver endpoint |
| update_resolver_rule | Updates settings for a specified Resolver rule |
if (FALSE) {
svc <- route53resolver()
svc$associate_firewall_rule_group(
Foo = 123
)
}
Run the code above in your browser using DataLab