/ cloudformation-templates / node_modules / aws-cdk / node_modules / aws-sdk / clients / route53resolver.d.ts
route53resolver.d.ts
1 import {Request} from '../lib/request'; 2 import {Response} from '../lib/response'; 3 import {AWSError} from '../lib/error'; 4 import {Service} from '../lib/service'; 5 import {ServiceConfigurationOptions} from '../lib/service'; 6 import {ConfigBase as Config} from '../lib/config-base'; 7 interface Blob {} 8 declare class Route53Resolver extends Service { 9 /** 10 * Constructs a service object. This object has one method for each API operation. 11 */ 12 constructor(options?: Route53Resolver.Types.ClientConfiguration) 13 config: Config & Route53Resolver.Types.ClientConfiguration; 14 /** 15 * Associates a FirewallRuleGroup with a VPC, to provide DNS filtering for the VPC. 16 */ 17 associateFirewallRuleGroup(params: Route53Resolver.Types.AssociateFirewallRuleGroupRequest, callback?: (err: AWSError, data: Route53Resolver.Types.AssociateFirewallRuleGroupResponse) => void): Request<Route53Resolver.Types.AssociateFirewallRuleGroupResponse, AWSError>; 18 /** 19 * Associates a FirewallRuleGroup with a VPC, to provide DNS filtering for the VPC. 20 */ 21 associateFirewallRuleGroup(callback?: (err: AWSError, data: Route53Resolver.Types.AssociateFirewallRuleGroupResponse) => void): Request<Route53Resolver.Types.AssociateFirewallRuleGroupResponse, AWSError>; 22 /** 23 * Adds IP addresses to an inbound or an outbound Resolver endpoint. If you want to add more than one IP address, submit one AssociateResolverEndpointIpAddress request for each IP address. To remove an IP address from an endpoint, see DisassociateResolverEndpointIpAddress. 24 */ 25 associateResolverEndpointIpAddress(params: Route53Resolver.Types.AssociateResolverEndpointIpAddressRequest, callback?: (err: AWSError, data: Route53Resolver.Types.AssociateResolverEndpointIpAddressResponse) => void): Request<Route53Resolver.Types.AssociateResolverEndpointIpAddressResponse, AWSError>; 26 /** 27 * Adds IP addresses to an inbound or an outbound Resolver endpoint. If you want to add more than one IP address, submit one AssociateResolverEndpointIpAddress request for each IP address. To remove an IP address from an endpoint, see DisassociateResolverEndpointIpAddress. 28 */ 29 associateResolverEndpointIpAddress(callback?: (err: AWSError, data: Route53Resolver.Types.AssociateResolverEndpointIpAddressResponse) => void): Request<Route53Resolver.Types.AssociateResolverEndpointIpAddressResponse, AWSError>; 30 /** 31 * Associates an Amazon VPC with a specified query logging configuration. Route 53 Resolver logs DNS queries that originate in all of the Amazon VPCs that are associated with a specified query logging configuration. To associate more than one VPC with a configuration, submit one AssociateResolverQueryLogConfig request for each VPC. The VPCs that you associate with a query logging configuration must be in the same Region as the configuration. To remove a VPC from a query logging configuration, see DisassociateResolverQueryLogConfig. 32 */ 33 associateResolverQueryLogConfig(params: Route53Resolver.Types.AssociateResolverQueryLogConfigRequest, callback?: (err: AWSError, data: Route53Resolver.Types.AssociateResolverQueryLogConfigResponse) => void): Request<Route53Resolver.Types.AssociateResolverQueryLogConfigResponse, AWSError>; 34 /** 35 * Associates an Amazon VPC with a specified query logging configuration. Route 53 Resolver logs DNS queries that originate in all of the Amazon VPCs that are associated with a specified query logging configuration. To associate more than one VPC with a configuration, submit one AssociateResolverQueryLogConfig request for each VPC. The VPCs that you associate with a query logging configuration must be in the same Region as the configuration. To remove a VPC from a query logging configuration, see DisassociateResolverQueryLogConfig. 36 */ 37 associateResolverQueryLogConfig(callback?: (err: AWSError, data: Route53Resolver.Types.AssociateResolverQueryLogConfigResponse) => void): Request<Route53Resolver.Types.AssociateResolverQueryLogConfigResponse, AWSError>; 38 /** 39 * Associates a Resolver rule with a VPC. When you associate a rule with a VPC, Resolver forwards all DNS queries for the domain name that is specified in the rule and that originate in the VPC. The queries are forwarded to the IP addresses for the DNS resolvers that are specified in the rule. For more information about rules, see CreateResolverRule. 40 */ 41 associateResolverRule(params: Route53Resolver.Types.AssociateResolverRuleRequest, callback?: (err: AWSError, data: Route53Resolver.Types.AssociateResolverRuleResponse) => void): Request<Route53Resolver.Types.AssociateResolverRuleResponse, AWSError>; 42 /** 43 * Associates a Resolver rule with a VPC. When you associate a rule with a VPC, Resolver forwards all DNS queries for the domain name that is specified in the rule and that originate in the VPC. The queries are forwarded to the IP addresses for the DNS resolvers that are specified in the rule. For more information about rules, see CreateResolverRule. 44 */ 45 associateResolverRule(callback?: (err: AWSError, data: Route53Resolver.Types.AssociateResolverRuleResponse) => void): Request<Route53Resolver.Types.AssociateResolverRuleResponse, AWSError>; 46 /** 47 * Creates an empty firewall domain list for use in DNS Firewall rules. You can populate the domains for the new list with a file, using ImportFirewallDomains, or with domain strings, using UpdateFirewallDomains. 48 */ 49 createFirewallDomainList(params: Route53Resolver.Types.CreateFirewallDomainListRequest, callback?: (err: AWSError, data: Route53Resolver.Types.CreateFirewallDomainListResponse) => void): Request<Route53Resolver.Types.CreateFirewallDomainListResponse, AWSError>; 50 /** 51 * Creates an empty firewall domain list for use in DNS Firewall rules. You can populate the domains for the new list with a file, using ImportFirewallDomains, or with domain strings, using UpdateFirewallDomains. 52 */ 53 createFirewallDomainList(callback?: (err: AWSError, data: Route53Resolver.Types.CreateFirewallDomainListResponse) => void): Request<Route53Resolver.Types.CreateFirewallDomainListResponse, AWSError>; 54 /** 55 * Creates a single DNS Firewall rule in the specified rule group, using the specified domain list. 56 */ 57 createFirewallRule(params: Route53Resolver.Types.CreateFirewallRuleRequest, callback?: (err: AWSError, data: Route53Resolver.Types.CreateFirewallRuleResponse) => void): Request<Route53Resolver.Types.CreateFirewallRuleResponse, AWSError>; 58 /** 59 * Creates a single DNS Firewall rule in the specified rule group, using the specified domain list. 60 */ 61 createFirewallRule(callback?: (err: AWSError, data: Route53Resolver.Types.CreateFirewallRuleResponse) => void): Request<Route53Resolver.Types.CreateFirewallRuleResponse, AWSError>; 62 /** 63 * Creates an empty DNS Firewall rule group for filtering DNS network traffic in a VPC. You can add rules to the new rule group by calling CreateFirewallRule. 64 */ 65 createFirewallRuleGroup(params: Route53Resolver.Types.CreateFirewallRuleGroupRequest, callback?: (err: AWSError, data: Route53Resolver.Types.CreateFirewallRuleGroupResponse) => void): Request<Route53Resolver.Types.CreateFirewallRuleGroupResponse, AWSError>; 66 /** 67 * Creates an empty DNS Firewall rule group for filtering DNS network traffic in a VPC. You can add rules to the new rule group by calling CreateFirewallRule. 68 */ 69 createFirewallRuleGroup(callback?: (err: AWSError, data: Route53Resolver.Types.CreateFirewallRuleGroupResponse) => void): Request<Route53Resolver.Types.CreateFirewallRuleGroupResponse, AWSError>; 70 /** 71 * Creates a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound: An inbound Resolver endpoint forwards DNS queries to the DNS service for a VPC from your network. An outbound Resolver endpoint forwards DNS queries from the DNS service for a VPC to your network. 72 */ 73 createResolverEndpoint(params: Route53Resolver.Types.CreateResolverEndpointRequest, callback?: (err: AWSError, data: Route53Resolver.Types.CreateResolverEndpointResponse) => void): Request<Route53Resolver.Types.CreateResolverEndpointResponse, AWSError>; 74 /** 75 * Creates a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound: An inbound Resolver endpoint forwards DNS queries to the DNS service for a VPC from your network. An outbound Resolver endpoint forwards DNS queries from the DNS service for a VPC to your network. 76 */ 77 createResolverEndpoint(callback?: (err: AWSError, data: Route53Resolver.Types.CreateResolverEndpointResponse) => void): Request<Route53Resolver.Types.CreateResolverEndpointResponse, AWSError>; 78 /** 79 * Creates a Resolver query logging configuration, which defines where you want Resolver to save DNS query logs that originate in your VPCs. Resolver can log queries only for VPCs that are in the same Region as the query logging configuration. To specify which VPCs you want to log queries for, you use AssociateResolverQueryLogConfig. For more information, see AssociateResolverQueryLogConfig. You can optionally use Resource Access Manager (RAM) to share a query logging configuration with other Amazon Web Services accounts. The other accounts can then associate VPCs with the configuration. The query logs that Resolver creates for a configuration include all DNS queries that originate in all VPCs that are associated with the configuration. 80 */ 81 createResolverQueryLogConfig(params: Route53Resolver.Types.CreateResolverQueryLogConfigRequest, callback?: (err: AWSError, data: Route53Resolver.Types.CreateResolverQueryLogConfigResponse) => void): Request<Route53Resolver.Types.CreateResolverQueryLogConfigResponse, AWSError>; 82 /** 83 * Creates a Resolver query logging configuration, which defines where you want Resolver to save DNS query logs that originate in your VPCs. Resolver can log queries only for VPCs that are in the same Region as the query logging configuration. To specify which VPCs you want to log queries for, you use AssociateResolverQueryLogConfig. For more information, see AssociateResolverQueryLogConfig. You can optionally use Resource Access Manager (RAM) to share a query logging configuration with other Amazon Web Services accounts. The other accounts can then associate VPCs with the configuration. The query logs that Resolver creates for a configuration include all DNS queries that originate in all VPCs that are associated with the configuration. 84 */ 85 createResolverQueryLogConfig(callback?: (err: AWSError, data: Route53Resolver.Types.CreateResolverQueryLogConfigResponse) => void): Request<Route53Resolver.Types.CreateResolverQueryLogConfigResponse, AWSError>; 86 /** 87 * For DNS queries that originate in your VPCs, specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network. 88 */ 89 createResolverRule(params: Route53Resolver.Types.CreateResolverRuleRequest, callback?: (err: AWSError, data: Route53Resolver.Types.CreateResolverRuleResponse) => void): Request<Route53Resolver.Types.CreateResolverRuleResponse, AWSError>; 90 /** 91 * For DNS queries that originate in your VPCs, specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network. 92 */ 93 createResolverRule(callback?: (err: AWSError, data: Route53Resolver.Types.CreateResolverRuleResponse) => void): Request<Route53Resolver.Types.CreateResolverRuleResponse, AWSError>; 94 /** 95 * Deletes the specified domain list. 96 */ 97 deleteFirewallDomainList(params: Route53Resolver.Types.DeleteFirewallDomainListRequest, callback?: (err: AWSError, data: Route53Resolver.Types.DeleteFirewallDomainListResponse) => void): Request<Route53Resolver.Types.DeleteFirewallDomainListResponse, AWSError>; 98 /** 99 * Deletes the specified domain list. 100 */ 101 deleteFirewallDomainList(callback?: (err: AWSError, data: Route53Resolver.Types.DeleteFirewallDomainListResponse) => void): Request<Route53Resolver.Types.DeleteFirewallDomainListResponse, AWSError>; 102 /** 103 * Deletes the specified firewall rule. 104 */ 105 deleteFirewallRule(params: Route53Resolver.Types.DeleteFirewallRuleRequest, callback?: (err: AWSError, data: Route53Resolver.Types.DeleteFirewallRuleResponse) => void): Request<Route53Resolver.Types.DeleteFirewallRuleResponse, AWSError>; 106 /** 107 * Deletes the specified firewall rule. 108 */ 109 deleteFirewallRule(callback?: (err: AWSError, data: Route53Resolver.Types.DeleteFirewallRuleResponse) => void): Request<Route53Resolver.Types.DeleteFirewallRuleResponse, AWSError>; 110 /** 111 * Deletes the specified firewall rule group. 112 */ 113 deleteFirewallRuleGroup(params: Route53Resolver.Types.DeleteFirewallRuleGroupRequest, callback?: (err: AWSError, data: Route53Resolver.Types.DeleteFirewallRuleGroupResponse) => void): Request<Route53Resolver.Types.DeleteFirewallRuleGroupResponse, AWSError>; 114 /** 115 * Deletes the specified firewall rule group. 116 */ 117 deleteFirewallRuleGroup(callback?: (err: AWSError, data: Route53Resolver.Types.DeleteFirewallRuleGroupResponse) => void): Request<Route53Resolver.Types.DeleteFirewallRuleGroupResponse, AWSError>; 118 /** 119 * Deletes a Resolver endpoint. The effect of deleting a Resolver endpoint depends on whether it's an inbound or an outbound Resolver endpoint: Inbound: DNS queries from your network are no longer routed to the DNS service for the specified VPC. Outbound: DNS queries from a VPC are no longer routed to your network. 120 */ 121 deleteResolverEndpoint(params: Route53Resolver.Types.DeleteResolverEndpointRequest, callback?: (err: AWSError, data: Route53Resolver.Types.DeleteResolverEndpointResponse) => void): Request<Route53Resolver.Types.DeleteResolverEndpointResponse, AWSError>; 122 /** 123 * Deletes a Resolver endpoint. The effect of deleting a Resolver endpoint depends on whether it's an inbound or an outbound Resolver endpoint: Inbound: DNS queries from your network are no longer routed to the DNS service for the specified VPC. Outbound: DNS queries from a VPC are no longer routed to your network. 124 */ 125 deleteResolverEndpoint(callback?: (err: AWSError, data: Route53Resolver.Types.DeleteResolverEndpointResponse) => void): Request<Route53Resolver.Types.DeleteResolverEndpointResponse, AWSError>; 126 /** 127 * Deletes a query logging configuration. When you delete a configuration, Resolver stops logging DNS queries for all of the Amazon VPCs that are associated with the configuration. This also applies if the query logging configuration is shared with other Amazon Web Services accounts, and the other accounts have associated VPCs with the shared configuration. Before you can delete a query logging configuration, you must first disassociate all VPCs from the configuration. See DisassociateResolverQueryLogConfig. If you used Resource Access Manager (RAM) to share a query logging configuration with other accounts, you must stop sharing the configuration before you can delete a configuration. The accounts that you shared the configuration with can first disassociate VPCs that they associated with the configuration, but that's not necessary. If you stop sharing the configuration, those VPCs are automatically disassociated from the configuration. 128 */ 129 deleteResolverQueryLogConfig(params: Route53Resolver.Types.DeleteResolverQueryLogConfigRequest, callback?: (err: AWSError, data: Route53Resolver.Types.DeleteResolverQueryLogConfigResponse) => void): Request<Route53Resolver.Types.DeleteResolverQueryLogConfigResponse, AWSError>; 130 /** 131 * Deletes a query logging configuration. When you delete a configuration, Resolver stops logging DNS queries for all of the Amazon VPCs that are associated with the configuration. This also applies if the query logging configuration is shared with other Amazon Web Services accounts, and the other accounts have associated VPCs with the shared configuration. Before you can delete a query logging configuration, you must first disassociate all VPCs from the configuration. See DisassociateResolverQueryLogConfig. If you used Resource Access Manager (RAM) to share a query logging configuration with other accounts, you must stop sharing the configuration before you can delete a configuration. The accounts that you shared the configuration with can first disassociate VPCs that they associated with the configuration, but that's not necessary. If you stop sharing the configuration, those VPCs are automatically disassociated from the configuration. 132 */ 133 deleteResolverQueryLogConfig(callback?: (err: AWSError, data: Route53Resolver.Types.DeleteResolverQueryLogConfigResponse) => void): Request<Route53Resolver.Types.DeleteResolverQueryLogConfigResponse, AWSError>; 134 /** 135 * Deletes a Resolver rule. Before you can delete a Resolver rule, you must disassociate it from all the VPCs that you associated the Resolver rule with. For more information, see DisassociateResolverRule. 136 */ 137 deleteResolverRule(params: Route53Resolver.Types.DeleteResolverRuleRequest, callback?: (err: AWSError, data: Route53Resolver.Types.DeleteResolverRuleResponse) => void): Request<Route53Resolver.Types.DeleteResolverRuleResponse, AWSError>; 138 /** 139 * Deletes a Resolver rule. Before you can delete a Resolver rule, you must disassociate it from all the VPCs that you associated the Resolver rule with. For more information, see DisassociateResolverRule. 140 */ 141 deleteResolverRule(callback?: (err: AWSError, data: Route53Resolver.Types.DeleteResolverRuleResponse) => void): Request<Route53Resolver.Types.DeleteResolverRuleResponse, AWSError>; 142 /** 143 * Disassociates a FirewallRuleGroup from a VPC, to remove DNS filtering from the VPC. 144 */ 145 disassociateFirewallRuleGroup(params: Route53Resolver.Types.DisassociateFirewallRuleGroupRequest, callback?: (err: AWSError, data: Route53Resolver.Types.DisassociateFirewallRuleGroupResponse) => void): Request<Route53Resolver.Types.DisassociateFirewallRuleGroupResponse, AWSError>; 146 /** 147 * Disassociates a FirewallRuleGroup from a VPC, to remove DNS filtering from the VPC. 148 */ 149 disassociateFirewallRuleGroup(callback?: (err: AWSError, data: Route53Resolver.Types.DisassociateFirewallRuleGroupResponse) => void): Request<Route53Resolver.Types.DisassociateFirewallRuleGroupResponse, AWSError>; 150 /** 151 * Removes IP addresses from an inbound or an outbound Resolver endpoint. If you want to remove more than one IP address, submit one DisassociateResolverEndpointIpAddress request for each IP address. To add an IP address to an endpoint, see AssociateResolverEndpointIpAddress. 152 */ 153 disassociateResolverEndpointIpAddress(params: Route53Resolver.Types.DisassociateResolverEndpointIpAddressRequest, callback?: (err: AWSError, data: Route53Resolver.Types.DisassociateResolverEndpointIpAddressResponse) => void): Request<Route53Resolver.Types.DisassociateResolverEndpointIpAddressResponse, AWSError>; 154 /** 155 * Removes IP addresses from an inbound or an outbound Resolver endpoint. If you want to remove more than one IP address, submit one DisassociateResolverEndpointIpAddress request for each IP address. To add an IP address to an endpoint, see AssociateResolverEndpointIpAddress. 156 */ 157 disassociateResolverEndpointIpAddress(callback?: (err: AWSError, data: Route53Resolver.Types.DisassociateResolverEndpointIpAddressResponse) => void): Request<Route53Resolver.Types.DisassociateResolverEndpointIpAddressResponse, AWSError>; 158 /** 159 * Disassociates a VPC from a query logging configuration. Before you can delete a query logging configuration, you must first disassociate all VPCs from the configuration. If you used Resource Access Manager (RAM) to share a query logging configuration with other accounts, VPCs can be disassociated from the configuration in the following ways: The accounts that you shared the configuration with can disassociate VPCs from the configuration. You can stop sharing the configuration. 160 */ 161 disassociateResolverQueryLogConfig(params: Route53Resolver.Types.DisassociateResolverQueryLogConfigRequest, callback?: (err: AWSError, data: Route53Resolver.Types.DisassociateResolverQueryLogConfigResponse) => void): Request<Route53Resolver.Types.DisassociateResolverQueryLogConfigResponse, AWSError>; 162 /** 163 * Disassociates a VPC from a query logging configuration. Before you can delete a query logging configuration, you must first disassociate all VPCs from the configuration. If you used Resource Access Manager (RAM) to share a query logging configuration with other accounts, VPCs can be disassociated from the configuration in the following ways: The accounts that you shared the configuration with can disassociate VPCs from the configuration. You can stop sharing the configuration. 164 */ 165 disassociateResolverQueryLogConfig(callback?: (err: AWSError, data: Route53Resolver.Types.DisassociateResolverQueryLogConfigResponse) => void): Request<Route53Resolver.Types.DisassociateResolverQueryLogConfigResponse, AWSError>; 166 /** 167 * Removes the association between a specified Resolver rule and a specified VPC. If you disassociate a Resolver rule from a VPC, Resolver stops forwarding DNS queries for the domain name that you specified in the Resolver rule. 168 */ 169 disassociateResolverRule(params: Route53Resolver.Types.DisassociateResolverRuleRequest, callback?: (err: AWSError, data: Route53Resolver.Types.DisassociateResolverRuleResponse) => void): Request<Route53Resolver.Types.DisassociateResolverRuleResponse, AWSError>; 170 /** 171 * Removes the association between a specified Resolver rule and a specified VPC. If you disassociate a Resolver rule from a VPC, Resolver stops forwarding DNS queries for the domain name that you specified in the Resolver rule. 172 */ 173 disassociateResolverRule(callback?: (err: AWSError, data: Route53Resolver.Types.DisassociateResolverRuleResponse) => void): Request<Route53Resolver.Types.DisassociateResolverRuleResponse, AWSError>; 174 /** 175 * Retrieves the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC). 176 */ 177 getFirewallConfig(params: Route53Resolver.Types.GetFirewallConfigRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetFirewallConfigResponse) => void): Request<Route53Resolver.Types.GetFirewallConfigResponse, AWSError>; 178 /** 179 * Retrieves the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC). 180 */ 181 getFirewallConfig(callback?: (err: AWSError, data: Route53Resolver.Types.GetFirewallConfigResponse) => void): Request<Route53Resolver.Types.GetFirewallConfigResponse, AWSError>; 182 /** 183 * Retrieves the specified firewall domain list. 184 */ 185 getFirewallDomainList(params: Route53Resolver.Types.GetFirewallDomainListRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetFirewallDomainListResponse) => void): Request<Route53Resolver.Types.GetFirewallDomainListResponse, AWSError>; 186 /** 187 * Retrieves the specified firewall domain list. 188 */ 189 getFirewallDomainList(callback?: (err: AWSError, data: Route53Resolver.Types.GetFirewallDomainListResponse) => void): Request<Route53Resolver.Types.GetFirewallDomainListResponse, AWSError>; 190 /** 191 * Retrieves the specified firewall rule group. 192 */ 193 getFirewallRuleGroup(params: Route53Resolver.Types.GetFirewallRuleGroupRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetFirewallRuleGroupResponse) => void): Request<Route53Resolver.Types.GetFirewallRuleGroupResponse, AWSError>; 194 /** 195 * Retrieves the specified firewall rule group. 196 */ 197 getFirewallRuleGroup(callback?: (err: AWSError, data: Route53Resolver.Types.GetFirewallRuleGroupResponse) => void): Request<Route53Resolver.Types.GetFirewallRuleGroupResponse, AWSError>; 198 /** 199 * Retrieves a firewall rule group association, which enables DNS filtering for a VPC with one rule group. A VPC can have more than one firewall rule group association, and a rule group can be associated with more than one VPC. 200 */ 201 getFirewallRuleGroupAssociation(params: Route53Resolver.Types.GetFirewallRuleGroupAssociationRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetFirewallRuleGroupAssociationResponse) => void): Request<Route53Resolver.Types.GetFirewallRuleGroupAssociationResponse, AWSError>; 202 /** 203 * Retrieves a firewall rule group association, which enables DNS filtering for a VPC with one rule group. A VPC can have more than one firewall rule group association, and a rule group can be associated with more than one VPC. 204 */ 205 getFirewallRuleGroupAssociation(callback?: (err: AWSError, data: Route53Resolver.Types.GetFirewallRuleGroupAssociationResponse) => void): Request<Route53Resolver.Types.GetFirewallRuleGroupAssociationResponse, AWSError>; 206 /** 207 * Returns the Identity and Access Management (Amazon Web Services IAM) policy for sharing the specified rule group. You can use the policy to share the rule group using Resource Access Manager (RAM). 208 */ 209 getFirewallRuleGroupPolicy(params: Route53Resolver.Types.GetFirewallRuleGroupPolicyRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetFirewallRuleGroupPolicyResponse) => void): Request<Route53Resolver.Types.GetFirewallRuleGroupPolicyResponse, AWSError>; 210 /** 211 * Returns the Identity and Access Management (Amazon Web Services IAM) policy for sharing the specified rule group. You can use the policy to share the rule group using Resource Access Manager (RAM). 212 */ 213 getFirewallRuleGroupPolicy(callback?: (err: AWSError, data: Route53Resolver.Types.GetFirewallRuleGroupPolicyResponse) => void): Request<Route53Resolver.Types.GetFirewallRuleGroupPolicyResponse, AWSError>; 214 /** 215 * Gets DNSSEC validation information for a specified resource. 216 */ 217 getResolverDnssecConfig(params: Route53Resolver.Types.GetResolverDnssecConfigRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverDnssecConfigResponse) => void): Request<Route53Resolver.Types.GetResolverDnssecConfigResponse, AWSError>; 218 /** 219 * Gets DNSSEC validation information for a specified resource. 220 */ 221 getResolverDnssecConfig(callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverDnssecConfigResponse) => void): Request<Route53Resolver.Types.GetResolverDnssecConfigResponse, AWSError>; 222 /** 223 * Gets information about a specified Resolver endpoint, such as whether it's an inbound or an outbound Resolver endpoint, and the current status of the endpoint. 224 */ 225 getResolverEndpoint(params: Route53Resolver.Types.GetResolverEndpointRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverEndpointResponse) => void): Request<Route53Resolver.Types.GetResolverEndpointResponse, AWSError>; 226 /** 227 * Gets information about a specified Resolver endpoint, such as whether it's an inbound or an outbound Resolver endpoint, and the current status of the endpoint. 228 */ 229 getResolverEndpoint(callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverEndpointResponse) => void): Request<Route53Resolver.Types.GetResolverEndpointResponse, AWSError>; 230 /** 231 * Gets information about a specified Resolver query logging configuration, such as the number of VPCs that the configuration is logging queries for and the location that logs are sent to. 232 */ 233 getResolverQueryLogConfig(params: Route53Resolver.Types.GetResolverQueryLogConfigRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverQueryLogConfigResponse) => void): Request<Route53Resolver.Types.GetResolverQueryLogConfigResponse, AWSError>; 234 /** 235 * Gets information about a specified Resolver query logging configuration, such as the number of VPCs that the configuration is logging queries for and the location that logs are sent to. 236 */ 237 getResolverQueryLogConfig(callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverQueryLogConfigResponse) => void): Request<Route53Resolver.Types.GetResolverQueryLogConfigResponse, AWSError>; 238 /** 239 * Gets information about a specified association between a Resolver query logging configuration and an Amazon VPC. When you associate a VPC with a query logging configuration, Resolver logs DNS queries that originate in that VPC. 240 */ 241 getResolverQueryLogConfigAssociation(params: Route53Resolver.Types.GetResolverQueryLogConfigAssociationRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverQueryLogConfigAssociationResponse) => void): Request<Route53Resolver.Types.GetResolverQueryLogConfigAssociationResponse, AWSError>; 242 /** 243 * Gets information about a specified association between a Resolver query logging configuration and an Amazon VPC. When you associate a VPC with a query logging configuration, Resolver logs DNS queries that originate in that VPC. 244 */ 245 getResolverQueryLogConfigAssociation(callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverQueryLogConfigAssociationResponse) => void): Request<Route53Resolver.Types.GetResolverQueryLogConfigAssociationResponse, AWSError>; 246 /** 247 * Gets information about a query logging policy. A query logging policy specifies the Resolver query logging operations and resources that you want to allow another Amazon Web Services account to be able to use. 248 */ 249 getResolverQueryLogConfigPolicy(params: Route53Resolver.Types.GetResolverQueryLogConfigPolicyRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverQueryLogConfigPolicyResponse) => void): Request<Route53Resolver.Types.GetResolverQueryLogConfigPolicyResponse, AWSError>; 250 /** 251 * Gets information about a query logging policy. A query logging policy specifies the Resolver query logging operations and resources that you want to allow another Amazon Web Services account to be able to use. 252 */ 253 getResolverQueryLogConfigPolicy(callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverQueryLogConfigPolicyResponse) => void): Request<Route53Resolver.Types.GetResolverQueryLogConfigPolicyResponse, AWSError>; 254 /** 255 * Gets information about a specified Resolver rule, such as the domain name that the rule forwards DNS queries for and the ID of the outbound Resolver endpoint that the rule is associated with. 256 */ 257 getResolverRule(params: Route53Resolver.Types.GetResolverRuleRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverRuleResponse) => void): Request<Route53Resolver.Types.GetResolverRuleResponse, AWSError>; 258 /** 259 * Gets information about a specified Resolver rule, such as the domain name that the rule forwards DNS queries for and the ID of the outbound Resolver endpoint that the rule is associated with. 260 */ 261 getResolverRule(callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverRuleResponse) => void): Request<Route53Resolver.Types.GetResolverRuleResponse, AWSError>; 262 /** 263 * Gets information about an association between a specified Resolver rule and a VPC. You associate a Resolver rule and a VPC using AssociateResolverRule. 264 */ 265 getResolverRuleAssociation(params: Route53Resolver.Types.GetResolverRuleAssociationRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverRuleAssociationResponse) => void): Request<Route53Resolver.Types.GetResolverRuleAssociationResponse, AWSError>; 266 /** 267 * Gets information about an association between a specified Resolver rule and a VPC. You associate a Resolver rule and a VPC using AssociateResolverRule. 268 */ 269 getResolverRuleAssociation(callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverRuleAssociationResponse) => void): Request<Route53Resolver.Types.GetResolverRuleAssociationResponse, AWSError>; 270 /** 271 * Gets information about the Resolver rule policy for a specified rule. A Resolver rule policy includes the rule that you want to share with another account, the account that you want to share the rule with, and the Resolver operations that you want to allow the account to use. 272 */ 273 getResolverRulePolicy(params: Route53Resolver.Types.GetResolverRulePolicyRequest, callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverRulePolicyResponse) => void): Request<Route53Resolver.Types.GetResolverRulePolicyResponse, AWSError>; 274 /** 275 * Gets information about the Resolver rule policy for a specified rule. A Resolver rule policy includes the rule that you want to share with another account, the account that you want to share the rule with, and the Resolver operations that you want to allow the account to use. 276 */ 277 getResolverRulePolicy(callback?: (err: AWSError, data: Route53Resolver.Types.GetResolverRulePolicyResponse) => void): Request<Route53Resolver.Types.GetResolverRulePolicyResponse, AWSError>; 278 /** 279 * Imports domain names from a file into a domain list, for use in a DNS firewall rule group. Each domain specification in your domain list must satisfy the following requirements: It can optionally start with * (asterisk). With the exception of the optional starting asterisk, it must only contain the following characters: A-Z, a-z, 0-9, - (hyphen). It must be from 1-255 characters in length. 280 */ 281 importFirewallDomains(params: Route53Resolver.Types.ImportFirewallDomainsRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ImportFirewallDomainsResponse) => void): Request<Route53Resolver.Types.ImportFirewallDomainsResponse, AWSError>; 282 /** 283 * Imports domain names from a file into a domain list, for use in a DNS firewall rule group. Each domain specification in your domain list must satisfy the following requirements: It can optionally start with * (asterisk). With the exception of the optional starting asterisk, it must only contain the following characters: A-Z, a-z, 0-9, - (hyphen). It must be from 1-255 characters in length. 284 */ 285 importFirewallDomains(callback?: (err: AWSError, data: Route53Resolver.Types.ImportFirewallDomainsResponse) => void): Request<Route53Resolver.Types.ImportFirewallDomainsResponse, AWSError>; 286 /** 287 * Retrieves the firewall configurations that you have defined. DNS Firewall uses the configurations to manage firewall behavior for your VPCs. A single call might return only a partial list of the configurations. For information, see MaxResults. 288 */ 289 listFirewallConfigs(params: Route53Resolver.Types.ListFirewallConfigsRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListFirewallConfigsResponse) => void): Request<Route53Resolver.Types.ListFirewallConfigsResponse, AWSError>; 290 /** 291 * Retrieves the firewall configurations that you have defined. DNS Firewall uses the configurations to manage firewall behavior for your VPCs. A single call might return only a partial list of the configurations. For information, see MaxResults. 292 */ 293 listFirewallConfigs(callback?: (err: AWSError, data: Route53Resolver.Types.ListFirewallConfigsResponse) => void): Request<Route53Resolver.Types.ListFirewallConfigsResponse, AWSError>; 294 /** 295 * Retrieves the firewall domain lists that you have defined. For each firewall domain list, you can retrieve the domains that are defined for a list by calling ListFirewallDomains. A single call to this list operation might return only a partial list of the domain lists. For information, see MaxResults. 296 */ 297 listFirewallDomainLists(params: Route53Resolver.Types.ListFirewallDomainListsRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListFirewallDomainListsResponse) => void): Request<Route53Resolver.Types.ListFirewallDomainListsResponse, AWSError>; 298 /** 299 * Retrieves the firewall domain lists that you have defined. For each firewall domain list, you can retrieve the domains that are defined for a list by calling ListFirewallDomains. A single call to this list operation might return only a partial list of the domain lists. For information, see MaxResults. 300 */ 301 listFirewallDomainLists(callback?: (err: AWSError, data: Route53Resolver.Types.ListFirewallDomainListsResponse) => void): Request<Route53Resolver.Types.ListFirewallDomainListsResponse, AWSError>; 302 /** 303 * Retrieves the domains that you have defined for the specified firewall domain list. A single call might return only a partial list of the domains. For information, see MaxResults. 304 */ 305 listFirewallDomains(params: Route53Resolver.Types.ListFirewallDomainsRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListFirewallDomainsResponse) => void): Request<Route53Resolver.Types.ListFirewallDomainsResponse, AWSError>; 306 /** 307 * Retrieves the domains that you have defined for the specified firewall domain list. A single call might return only a partial list of the domains. For information, see MaxResults. 308 */ 309 listFirewallDomains(callback?: (err: AWSError, data: Route53Resolver.Types.ListFirewallDomainsResponse) => void): Request<Route53Resolver.Types.ListFirewallDomainsResponse, AWSError>; 310 /** 311 * Retrieves the firewall rule group associations that you have defined. Each association enables DNS filtering for a VPC with one rule group. A single call might return only a partial list of the associations. For information, see MaxResults. 312 */ 313 listFirewallRuleGroupAssociations(params: Route53Resolver.Types.ListFirewallRuleGroupAssociationsRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListFirewallRuleGroupAssociationsResponse) => void): Request<Route53Resolver.Types.ListFirewallRuleGroupAssociationsResponse, AWSError>; 314 /** 315 * Retrieves the firewall rule group associations that you have defined. Each association enables DNS filtering for a VPC with one rule group. A single call might return only a partial list of the associations. For information, see MaxResults. 316 */ 317 listFirewallRuleGroupAssociations(callback?: (err: AWSError, data: Route53Resolver.Types.ListFirewallRuleGroupAssociationsResponse) => void): Request<Route53Resolver.Types.ListFirewallRuleGroupAssociationsResponse, AWSError>; 318 /** 319 * Retrieves the minimal high-level information for the rule groups that you have defined. A single call might return only a partial list of the rule groups. For information, see MaxResults. 320 */ 321 listFirewallRuleGroups(params: Route53Resolver.Types.ListFirewallRuleGroupsRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListFirewallRuleGroupsResponse) => void): Request<Route53Resolver.Types.ListFirewallRuleGroupsResponse, AWSError>; 322 /** 323 * Retrieves the minimal high-level information for the rule groups that you have defined. A single call might return only a partial list of the rule groups. For information, see MaxResults. 324 */ 325 listFirewallRuleGroups(callback?: (err: AWSError, data: Route53Resolver.Types.ListFirewallRuleGroupsResponse) => void): Request<Route53Resolver.Types.ListFirewallRuleGroupsResponse, AWSError>; 326 /** 327 * Retrieves the firewall rules that you have defined for the specified firewall rule group. DNS Firewall uses the rules in a rule group to filter DNS network traffic for a VPC. A single call might return only a partial list of the rules. For information, see MaxResults. 328 */ 329 listFirewallRules(params: Route53Resolver.Types.ListFirewallRulesRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListFirewallRulesResponse) => void): Request<Route53Resolver.Types.ListFirewallRulesResponse, AWSError>; 330 /** 331 * Retrieves the firewall rules that you have defined for the specified firewall rule group. DNS Firewall uses the rules in a rule group to filter DNS network traffic for a VPC. A single call might return only a partial list of the rules. For information, see MaxResults. 332 */ 333 listFirewallRules(callback?: (err: AWSError, data: Route53Resolver.Types.ListFirewallRulesResponse) => void): Request<Route53Resolver.Types.ListFirewallRulesResponse, AWSError>; 334 /** 335 * Lists the configurations for DNSSEC validation that are associated with the current Amazon Web Services account. 336 */ 337 listResolverDnssecConfigs(params: Route53Resolver.Types.ListResolverDnssecConfigsRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverDnssecConfigsResponse) => void): Request<Route53Resolver.Types.ListResolverDnssecConfigsResponse, AWSError>; 338 /** 339 * Lists the configurations for DNSSEC validation that are associated with the current Amazon Web Services account. 340 */ 341 listResolverDnssecConfigs(callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverDnssecConfigsResponse) => void): Request<Route53Resolver.Types.ListResolverDnssecConfigsResponse, AWSError>; 342 /** 343 * Gets the IP addresses for a specified Resolver endpoint. 344 */ 345 listResolverEndpointIpAddresses(params: Route53Resolver.Types.ListResolverEndpointIpAddressesRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverEndpointIpAddressesResponse) => void): Request<Route53Resolver.Types.ListResolverEndpointIpAddressesResponse, AWSError>; 346 /** 347 * Gets the IP addresses for a specified Resolver endpoint. 348 */ 349 listResolverEndpointIpAddresses(callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverEndpointIpAddressesResponse) => void): Request<Route53Resolver.Types.ListResolverEndpointIpAddressesResponse, AWSError>; 350 /** 351 * Lists all the Resolver endpoints that were created using the current Amazon Web Services account. 352 */ 353 listResolverEndpoints(params: Route53Resolver.Types.ListResolverEndpointsRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverEndpointsResponse) => void): Request<Route53Resolver.Types.ListResolverEndpointsResponse, AWSError>; 354 /** 355 * Lists all the Resolver endpoints that were created using the current Amazon Web Services account. 356 */ 357 listResolverEndpoints(callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverEndpointsResponse) => void): Request<Route53Resolver.Types.ListResolverEndpointsResponse, AWSError>; 358 /** 359 * Lists information about associations between Amazon VPCs and query logging configurations. 360 */ 361 listResolverQueryLogConfigAssociations(params: Route53Resolver.Types.ListResolverQueryLogConfigAssociationsRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverQueryLogConfigAssociationsResponse) => void): Request<Route53Resolver.Types.ListResolverQueryLogConfigAssociationsResponse, AWSError>; 362 /** 363 * Lists information about associations between Amazon VPCs and query logging configurations. 364 */ 365 listResolverQueryLogConfigAssociations(callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverQueryLogConfigAssociationsResponse) => void): Request<Route53Resolver.Types.ListResolverQueryLogConfigAssociationsResponse, AWSError>; 366 /** 367 * Lists information about the specified query logging configurations. Each configuration defines where you want Resolver to save DNS query logs and specifies the VPCs that you want to log queries for. 368 */ 369 listResolverQueryLogConfigs(params: Route53Resolver.Types.ListResolverQueryLogConfigsRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverQueryLogConfigsResponse) => void): Request<Route53Resolver.Types.ListResolverQueryLogConfigsResponse, AWSError>; 370 /** 371 * Lists information about the specified query logging configurations. Each configuration defines where you want Resolver to save DNS query logs and specifies the VPCs that you want to log queries for. 372 */ 373 listResolverQueryLogConfigs(callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverQueryLogConfigsResponse) => void): Request<Route53Resolver.Types.ListResolverQueryLogConfigsResponse, AWSError>; 374 /** 375 * Lists the associations that were created between Resolver rules and VPCs using the current Amazon Web Services account. 376 */ 377 listResolverRuleAssociations(params: Route53Resolver.Types.ListResolverRuleAssociationsRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverRuleAssociationsResponse) => void): Request<Route53Resolver.Types.ListResolverRuleAssociationsResponse, AWSError>; 378 /** 379 * Lists the associations that were created between Resolver rules and VPCs using the current Amazon Web Services account. 380 */ 381 listResolverRuleAssociations(callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverRuleAssociationsResponse) => void): Request<Route53Resolver.Types.ListResolverRuleAssociationsResponse, AWSError>; 382 /** 383 * Lists the Resolver rules that were created using the current Amazon Web Services account. 384 */ 385 listResolverRules(params: Route53Resolver.Types.ListResolverRulesRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverRulesResponse) => void): Request<Route53Resolver.Types.ListResolverRulesResponse, AWSError>; 386 /** 387 * Lists the Resolver rules that were created using the current Amazon Web Services account. 388 */ 389 listResolverRules(callback?: (err: AWSError, data: Route53Resolver.Types.ListResolverRulesResponse) => void): Request<Route53Resolver.Types.ListResolverRulesResponse, AWSError>; 390 /** 391 * Lists the tags that you associated with the specified resource. 392 */ 393 listTagsForResource(params: Route53Resolver.Types.ListTagsForResourceRequest, callback?: (err: AWSError, data: Route53Resolver.Types.ListTagsForResourceResponse) => void): Request<Route53Resolver.Types.ListTagsForResourceResponse, AWSError>; 394 /** 395 * Lists the tags that you associated with the specified resource. 396 */ 397 listTagsForResource(callback?: (err: AWSError, data: Route53Resolver.Types.ListTagsForResourceResponse) => void): Request<Route53Resolver.Types.ListTagsForResourceResponse, AWSError>; 398 /** 399 * Attaches an Identity and Access Management (Amazon Web Services IAM) policy for sharing the rule group. You can use the policy to share the rule group using Resource Access Manager (RAM). 400 */ 401 putFirewallRuleGroupPolicy(params: Route53Resolver.Types.PutFirewallRuleGroupPolicyRequest, callback?: (err: AWSError, data: Route53Resolver.Types.PutFirewallRuleGroupPolicyResponse) => void): Request<Route53Resolver.Types.PutFirewallRuleGroupPolicyResponse, AWSError>; 402 /** 403 * Attaches an Identity and Access Management (Amazon Web Services IAM) policy for sharing the rule group. You can use the policy to share the rule group using Resource Access Manager (RAM). 404 */ 405 putFirewallRuleGroupPolicy(callback?: (err: AWSError, data: Route53Resolver.Types.PutFirewallRuleGroupPolicyResponse) => void): Request<Route53Resolver.Types.PutFirewallRuleGroupPolicyResponse, AWSError>; 406 /** 407 * Specifies an Amazon Web Services account that you want to share a query logging configuration with, the query logging configuration that you want to share, and the operations that you want the account to be able to perform on the configuration. 408 */ 409 putResolverQueryLogConfigPolicy(params: Route53Resolver.Types.PutResolverQueryLogConfigPolicyRequest, callback?: (err: AWSError, data: Route53Resolver.Types.PutResolverQueryLogConfigPolicyResponse) => void): Request<Route53Resolver.Types.PutResolverQueryLogConfigPolicyResponse, AWSError>; 410 /** 411 * Specifies an Amazon Web Services account that you want to share a query logging configuration with, the query logging configuration that you want to share, and the operations that you want the account to be able to perform on the configuration. 412 */ 413 putResolverQueryLogConfigPolicy(callback?: (err: AWSError, data: Route53Resolver.Types.PutResolverQueryLogConfigPolicyResponse) => void): Request<Route53Resolver.Types.PutResolverQueryLogConfigPolicyResponse, AWSError>; 414 /** 415 * Specifies an Amazon Web Services rule that you want to share with another account, the account that you want to share the rule with, and the operations that you want the account to be able to perform on the rule. 416 */ 417 putResolverRulePolicy(params: Route53Resolver.Types.PutResolverRulePolicyRequest, callback?: (err: AWSError, data: Route53Resolver.Types.PutResolverRulePolicyResponse) => void): Request<Route53Resolver.Types.PutResolverRulePolicyResponse, AWSError>; 418 /** 419 * Specifies an Amazon Web Services rule that you want to share with another account, the account that you want to share the rule with, and the operations that you want the account to be able to perform on the rule. 420 */ 421 putResolverRulePolicy(callback?: (err: AWSError, data: Route53Resolver.Types.PutResolverRulePolicyResponse) => void): Request<Route53Resolver.Types.PutResolverRulePolicyResponse, AWSError>; 422 /** 423 * Adds one or more tags to a specified resource. 424 */ 425 tagResource(params: Route53Resolver.Types.TagResourceRequest, callback?: (err: AWSError, data: Route53Resolver.Types.TagResourceResponse) => void): Request<Route53Resolver.Types.TagResourceResponse, AWSError>; 426 /** 427 * Adds one or more tags to a specified resource. 428 */ 429 tagResource(callback?: (err: AWSError, data: Route53Resolver.Types.TagResourceResponse) => void): Request<Route53Resolver.Types.TagResourceResponse, AWSError>; 430 /** 431 * Removes one or more tags from a specified resource. 432 */ 433 untagResource(params: Route53Resolver.Types.UntagResourceRequest, callback?: (err: AWSError, data: Route53Resolver.Types.UntagResourceResponse) => void): Request<Route53Resolver.Types.UntagResourceResponse, AWSError>; 434 /** 435 * Removes one or more tags from a specified resource. 436 */ 437 untagResource(callback?: (err: AWSError, data: Route53Resolver.Types.UntagResourceResponse) => void): Request<Route53Resolver.Types.UntagResourceResponse, AWSError>; 438 /** 439 * Updates the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC). 440 */ 441 updateFirewallConfig(params: Route53Resolver.Types.UpdateFirewallConfigRequest, callback?: (err: AWSError, data: Route53Resolver.Types.UpdateFirewallConfigResponse) => void): Request<Route53Resolver.Types.UpdateFirewallConfigResponse, AWSError>; 442 /** 443 * Updates the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC). 444 */ 445 updateFirewallConfig(callback?: (err: AWSError, data: Route53Resolver.Types.UpdateFirewallConfigResponse) => void): Request<Route53Resolver.Types.UpdateFirewallConfigResponse, AWSError>; 446 /** 447 * Updates the firewall domain list from an array of domain specifications. 448 */ 449 updateFirewallDomains(params: Route53Resolver.Types.UpdateFirewallDomainsRequest, callback?: (err: AWSError, data: Route53Resolver.Types.UpdateFirewallDomainsResponse) => void): Request<Route53Resolver.Types.UpdateFirewallDomainsResponse, AWSError>; 450 /** 451 * Updates the firewall domain list from an array of domain specifications. 452 */ 453 updateFirewallDomains(callback?: (err: AWSError, data: Route53Resolver.Types.UpdateFirewallDomainsResponse) => void): Request<Route53Resolver.Types.UpdateFirewallDomainsResponse, AWSError>; 454 /** 455 * Updates the specified firewall rule. 456 */ 457 updateFirewallRule(params: Route53Resolver.Types.UpdateFirewallRuleRequest, callback?: (err: AWSError, data: Route53Resolver.Types.UpdateFirewallRuleResponse) => void): Request<Route53Resolver.Types.UpdateFirewallRuleResponse, AWSError>; 458 /** 459 * Updates the specified firewall rule. 460 */ 461 updateFirewallRule(callback?: (err: AWSError, data: Route53Resolver.Types.UpdateFirewallRuleResponse) => void): Request<Route53Resolver.Types.UpdateFirewallRuleResponse, AWSError>; 462 /** 463 * Changes the association of a FirewallRuleGroup with a VPC. The association enables DNS filtering for the VPC. 464 */ 465 updateFirewallRuleGroupAssociation(params: Route53Resolver.Types.UpdateFirewallRuleGroupAssociationRequest, callback?: (err: AWSError, data: Route53Resolver.Types.UpdateFirewallRuleGroupAssociationResponse) => void): Request<Route53Resolver.Types.UpdateFirewallRuleGroupAssociationResponse, AWSError>; 466 /** 467 * Changes the association of a FirewallRuleGroup with a VPC. The association enables DNS filtering for the VPC. 468 */ 469 updateFirewallRuleGroupAssociation(callback?: (err: AWSError, data: Route53Resolver.Types.UpdateFirewallRuleGroupAssociationResponse) => void): Request<Route53Resolver.Types.UpdateFirewallRuleGroupAssociationResponse, AWSError>; 470 /** 471 * Updates an existing DNSSEC validation configuration. If there is no existing DNSSEC validation configuration, one is created. 472 */ 473 updateResolverDnssecConfig(params: Route53Resolver.Types.UpdateResolverDnssecConfigRequest, callback?: (err: AWSError, data: Route53Resolver.Types.UpdateResolverDnssecConfigResponse) => void): Request<Route53Resolver.Types.UpdateResolverDnssecConfigResponse, AWSError>; 474 /** 475 * Updates an existing DNSSEC validation configuration. If there is no existing DNSSEC validation configuration, one is created. 476 */ 477 updateResolverDnssecConfig(callback?: (err: AWSError, data: Route53Resolver.Types.UpdateResolverDnssecConfigResponse) => void): Request<Route53Resolver.Types.UpdateResolverDnssecConfigResponse, AWSError>; 478 /** 479 * Updates the name of an inbound or an outbound Resolver endpoint. 480 */ 481 updateResolverEndpoint(params: Route53Resolver.Types.UpdateResolverEndpointRequest, callback?: (err: AWSError, data: Route53Resolver.Types.UpdateResolverEndpointResponse) => void): Request<Route53Resolver.Types.UpdateResolverEndpointResponse, AWSError>; 482 /** 483 * Updates the name of an inbound or an outbound Resolver endpoint. 484 */ 485 updateResolverEndpoint(callback?: (err: AWSError, data: Route53Resolver.Types.UpdateResolverEndpointResponse) => void): Request<Route53Resolver.Types.UpdateResolverEndpointResponse, AWSError>; 486 /** 487 * Updates settings for a specified Resolver rule. ResolverRuleId is required, and all other parameters are optional. If you don't specify a parameter, it retains its current value. 488 */ 489 updateResolverRule(params: Route53Resolver.Types.UpdateResolverRuleRequest, callback?: (err: AWSError, data: Route53Resolver.Types.UpdateResolverRuleResponse) => void): Request<Route53Resolver.Types.UpdateResolverRuleResponse, AWSError>; 490 /** 491 * Updates settings for a specified Resolver rule. ResolverRuleId is required, and all other parameters are optional. If you don't specify a parameter, it retains its current value. 492 */ 493 updateResolverRule(callback?: (err: AWSError, data: Route53Resolver.Types.UpdateResolverRuleResponse) => void): Request<Route53Resolver.Types.UpdateResolverRuleResponse, AWSError>; 494 } 495 declare namespace Route53Resolver { 496 export type AccountId = string; 497 export type Action = "ALLOW"|"BLOCK"|"ALERT"|string; 498 export type Arn = string; 499 export interface AssociateFirewallRuleGroupRequest { 500 /** 501 * A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp. 502 */ 503 CreatorRequestId: CreatorRequestId; 504 /** 505 * The unique identifier of the firewall rule group. 506 */ 507 FirewallRuleGroupId: ResourceId; 508 /** 509 * The unique identifier of the VPC that you want to associate with the rule group. 510 */ 511 VpcId: ResourceId; 512 /** 513 * The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting. You must specify a unique priority for each rule group that you associate with a single VPC. To make it easier to insert rule groups later, leave space between the numbers, for example, use 101, 200, and so on. You can change the priority setting for a rule group association after you create it. The allowed values for Priority are between 100 and 9900. 514 */ 515 Priority: Priority; 516 /** 517 * A name that lets you identify the association, to manage and use it. 518 */ 519 Name: Name; 520 /** 521 * If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections. When you create the association, the default setting is DISABLED. 522 */ 523 MutationProtection?: MutationProtectionStatus; 524 /** 525 * A list of the tag keys and values that you want to associate with the rule group association. 526 */ 527 Tags?: TagList; 528 } 529 export interface AssociateFirewallRuleGroupResponse { 530 /** 531 * The association that you just created. The association has an ID that you can use to identify it in other requests, like update and delete. 532 */ 533 FirewallRuleGroupAssociation?: FirewallRuleGroupAssociation; 534 } 535 export interface AssociateResolverEndpointIpAddressRequest { 536 /** 537 * The ID of the Resolver endpoint that you want to associate IP addresses with. 538 */ 539 ResolverEndpointId: ResourceId; 540 /** 541 * Either the IPv4 address that you want to add to a Resolver endpoint or a subnet ID. If you specify a subnet ID, Resolver chooses an IP address for you from the available IPs in the specified subnet. 542 */ 543 IpAddress: IpAddressUpdate; 544 } 545 export interface AssociateResolverEndpointIpAddressResponse { 546 /** 547 * The response to an AssociateResolverEndpointIpAddress request. 548 */ 549 ResolverEndpoint?: ResolverEndpoint; 550 } 551 export interface AssociateResolverQueryLogConfigRequest { 552 /** 553 * The ID of the query logging configuration that you want to associate a VPC with. 554 */ 555 ResolverQueryLogConfigId: ResourceId; 556 /** 557 * The ID of an Amazon VPC that you want this query logging configuration to log queries for. The VPCs and the query logging configuration must be in the same Region. 558 */ 559 ResourceId: ResourceId; 560 } 561 export interface AssociateResolverQueryLogConfigResponse { 562 /** 563 * A complex type that contains settings for a specified association between an Amazon VPC and a query logging configuration. 564 */ 565 ResolverQueryLogConfigAssociation?: ResolverQueryLogConfigAssociation; 566 } 567 export interface AssociateResolverRuleRequest { 568 /** 569 * The ID of the Resolver rule that you want to associate with the VPC. To list the existing Resolver rules, use ListResolverRules. 570 */ 571 ResolverRuleId: ResourceId; 572 /** 573 * A name for the association that you're creating between a Resolver rule and a VPC. 574 */ 575 Name?: Name; 576 /** 577 * The ID of the VPC that you want to associate the Resolver rule with. 578 */ 579 VPCId: ResourceId; 580 } 581 export interface AssociateResolverRuleResponse { 582 /** 583 * Information about the AssociateResolverRule request, including the status of the request. 584 */ 585 ResolverRuleAssociation?: ResolverRuleAssociation; 586 } 587 export type BlockOverrideDnsType = "CNAME"|string; 588 export type BlockOverrideDomain = string; 589 export type BlockOverrideTtl = number; 590 export type BlockResponse = "NODATA"|"NXDOMAIN"|"OVERRIDE"|string; 591 export type Boolean = boolean; 592 export type Count = number; 593 export interface CreateFirewallDomainListRequest { 594 /** 595 * A unique string that identifies the request and that allows you to retry failed requests without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp. 596 */ 597 CreatorRequestId: CreatorRequestId; 598 /** 599 * A name that lets you identify the domain list to manage and use it. 600 */ 601 Name: Name; 602 /** 603 * A list of the tag keys and values that you want to associate with the domain list. 604 */ 605 Tags?: TagList; 606 } 607 export interface CreateFirewallDomainListResponse { 608 /** 609 * The domain list that you just created. 610 */ 611 FirewallDomainList?: FirewallDomainList; 612 } 613 export interface CreateFirewallRuleGroupRequest { 614 /** 615 * A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp. 616 */ 617 CreatorRequestId: CreatorRequestId; 618 /** 619 * A name that lets you identify the rule group, to manage and use it. 620 */ 621 Name: Name; 622 /** 623 * A list of the tag keys and values that you want to associate with the rule group. 624 */ 625 Tags?: TagList; 626 } 627 export interface CreateFirewallRuleGroupResponse { 628 /** 629 * A collection of rules used to filter DNS network traffic. 630 */ 631 FirewallRuleGroup?: FirewallRuleGroup; 632 } 633 export interface CreateFirewallRuleRequest { 634 /** 635 * A unique string that identifies the request and that allows you to retry failed requests without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp. 636 */ 637 CreatorRequestId: CreatorRequestId; 638 /** 639 * The unique identifier of the firewall rule group where you want to create the rule. 640 */ 641 FirewallRuleGroupId: ResourceId; 642 /** 643 * The ID of the domain list that you want to use in the rule. 644 */ 645 FirewallDomainListId: ResourceId; 646 /** 647 * The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting. You must specify a unique priority for each rule in a rule group. To make it easier to insert rules later, leave space between the numbers, for example, use 100, 200, and so on. You can change the priority setting for the rules in a rule group at any time. 648 */ 649 Priority: Priority; 650 /** 651 * The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list: ALLOW - Permit the request to go through. ALERT - Permit the request and send metrics and logs to Cloud Watch. BLOCK - Disallow the request. This option requires additional details in the rule's BlockResponse. 652 */ 653 Action: Action; 654 /** 655 * The way that you want DNS Firewall to block the request, used with the rule action setting BLOCK. NODATA - Respond indicating that the query was successful, but no response is available for it. NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist. OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings. This setting is required if the rule action setting is BLOCK. 656 */ 657 BlockResponse?: BlockResponse; 658 /** 659 * The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE. This setting is required if the BlockResponse setting is OVERRIDE. 660 */ 661 BlockOverrideDomain?: BlockOverrideDomain; 662 /** 663 * The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE. This setting is required if the BlockResponse setting is OVERRIDE. 664 */ 665 BlockOverrideDnsType?: BlockOverrideDnsType; 666 /** 667 * The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE. This setting is required if the BlockResponse setting is OVERRIDE. 668 */ 669 BlockOverrideTtl?: BlockOverrideTtl; 670 /** 671 * A name that lets you identify the rule in the rule group. 672 */ 673 Name: Name; 674 } 675 export interface CreateFirewallRuleResponse { 676 /** 677 * The firewall rule that you just created. 678 */ 679 FirewallRule?: FirewallRule; 680 } 681 export interface CreateResolverEndpointRequest { 682 /** 683 * A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp. 684 */ 685 CreatorRequestId: CreatorRequestId; 686 /** 687 * A friendly name that lets you easily find a configuration in the Resolver dashboard in the Route 53 console. 688 */ 689 Name?: Name; 690 /** 691 * The ID of one or more security groups that you want to use to control access to this VPC. The security group that you specify must include one or more inbound rules (for inbound Resolver endpoints) or outbound rules (for outbound Resolver endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network. 692 */ 693 SecurityGroupIds: SecurityGroupIds; 694 /** 695 * Specify the applicable value: INBOUND: Resolver forwards DNS queries to the DNS service for a VPC from your network OUTBOUND: Resolver forwards DNS queries from the DNS service for a VPC to your network 696 */ 697 Direction: ResolverEndpointDirection; 698 /** 699 * The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC. 700 */ 701 IpAddresses: IpAddressesRequest; 702 /** 703 * A list of the tag keys and values that you want to associate with the endpoint. 704 */ 705 Tags?: TagList; 706 } 707 export interface CreateResolverEndpointResponse { 708 /** 709 * Information about the CreateResolverEndpoint request, including the status of the request. 710 */ 711 ResolverEndpoint?: ResolverEndpoint; 712 } 713 export interface CreateResolverQueryLogConfigRequest { 714 /** 715 * The name that you want to give the query logging configuration. 716 */ 717 Name: ResolverQueryLogConfigName; 718 /** 719 * The ARN of the resource that you want Resolver to send query logs. You can send query logs to an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream. Examples of valid values include the following: S3 bucket: arn:aws:s3:::examplebucket You can optionally append a file prefix to the end of the ARN. arn:aws:s3:::examplebucket/development/ CloudWatch Logs log group: arn:aws:logs:us-west-1:123456789012:log-group:/mystack-testgroup-12ABC1AB12A1:* Kinesis Data Firehose delivery stream: arn:aws:kinesis:us-east-2:0123456789:stream/my_stream_name 720 */ 721 DestinationArn: DestinationArn; 722 /** 723 * A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp. 724 */ 725 CreatorRequestId: CreatorRequestId; 726 /** 727 * A list of the tag keys and values that you want to associate with the query logging configuration. 728 */ 729 Tags?: TagList; 730 } 731 export interface CreateResolverQueryLogConfigResponse { 732 /** 733 * Information about the CreateResolverQueryLogConfig request, including the status of the request. 734 */ 735 ResolverQueryLogConfig?: ResolverQueryLogConfig; 736 } 737 export interface CreateResolverRuleRequest { 738 /** 739 * A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp. 740 */ 741 CreatorRequestId: CreatorRequestId; 742 /** 743 * A friendly name that lets you easily find a rule in the Resolver dashboard in the Route 53 console. 744 */ 745 Name?: Name; 746 /** 747 * When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD. When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM. For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType. Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType. 748 */ 749 RuleType: RuleTypeOption; 750 /** 751 * DNS queries for this domain name are forwarded to the IP addresses that you specify in TargetIps. If a query matches multiple Resolver rules (example.com and www.example.com), outbound DNS queries are routed using the Resolver rule that contains the most specific domain name (www.example.com). 752 */ 753 DomainName: DomainName; 754 /** 755 * The IPs that you want Resolver to forward DNS queries to. You can specify only IPv4 addresses. Separate IP addresses with a space. TargetIps is available only when the value of Rule type is FORWARD. 756 */ 757 TargetIps?: TargetList; 758 /** 759 * The ID of the outbound Resolver endpoint that you want to use to route DNS queries to the IP addresses that you specify in TargetIps. 760 */ 761 ResolverEndpointId?: ResourceId; 762 /** 763 * A list of the tag keys and values that you want to associate with the endpoint. 764 */ 765 Tags?: TagList; 766 } 767 export interface CreateResolverRuleResponse { 768 /** 769 * Information about the CreateResolverRule request, including the status of the request. 770 */ 771 ResolverRule?: ResolverRule; 772 } 773 export type CreatorRequestId = string; 774 export interface DeleteFirewallDomainListRequest { 775 /** 776 * The ID of the domain list that you want to delete. 777 */ 778 FirewallDomainListId: ResourceId; 779 } 780 export interface DeleteFirewallDomainListResponse { 781 /** 782 * The domain list that you just deleted. 783 */ 784 FirewallDomainList?: FirewallDomainList; 785 } 786 export interface DeleteFirewallRuleGroupRequest { 787 /** 788 * The unique identifier of the firewall rule group that you want to delete. 789 */ 790 FirewallRuleGroupId: ResourceId; 791 } 792 export interface DeleteFirewallRuleGroupResponse { 793 /** 794 * A collection of rules used to filter DNS network traffic. 795 */ 796 FirewallRuleGroup?: FirewallRuleGroup; 797 } 798 export interface DeleteFirewallRuleRequest { 799 /** 800 * The unique identifier of the firewall rule group that you want to delete the rule from. 801 */ 802 FirewallRuleGroupId: ResourceId; 803 /** 804 * The ID of the domain list that's used in the rule. 805 */ 806 FirewallDomainListId: ResourceId; 807 } 808 export interface DeleteFirewallRuleResponse { 809 /** 810 * The specification for the firewall rule that you just deleted. 811 */ 812 FirewallRule?: FirewallRule; 813 } 814 export interface DeleteResolverEndpointRequest { 815 /** 816 * The ID of the Resolver endpoint that you want to delete. 817 */ 818 ResolverEndpointId: ResourceId; 819 } 820 export interface DeleteResolverEndpointResponse { 821 /** 822 * Information about the DeleteResolverEndpoint request, including the status of the request. 823 */ 824 ResolverEndpoint?: ResolverEndpoint; 825 } 826 export interface DeleteResolverQueryLogConfigRequest { 827 /** 828 * The ID of the query logging configuration that you want to delete. 829 */ 830 ResolverQueryLogConfigId: ResourceId; 831 } 832 export interface DeleteResolverQueryLogConfigResponse { 833 /** 834 * Information about the query logging configuration that you deleted, including the status of the request. 835 */ 836 ResolverQueryLogConfig?: ResolverQueryLogConfig; 837 } 838 export interface DeleteResolverRuleRequest { 839 /** 840 * The ID of the Resolver rule that you want to delete. 841 */ 842 ResolverRuleId: ResourceId; 843 } 844 export interface DeleteResolverRuleResponse { 845 /** 846 * Information about the DeleteResolverRule request, including the status of the request. 847 */ 848 ResolverRule?: ResolverRule; 849 } 850 export type DestinationArn = string; 851 export interface DisassociateFirewallRuleGroupRequest { 852 /** 853 * The identifier of the FirewallRuleGroupAssociation. 854 */ 855 FirewallRuleGroupAssociationId: ResourceId; 856 } 857 export interface DisassociateFirewallRuleGroupResponse { 858 /** 859 * The firewall rule group association that you just removed. 860 */ 861 FirewallRuleGroupAssociation?: FirewallRuleGroupAssociation; 862 } 863 export interface DisassociateResolverEndpointIpAddressRequest { 864 /** 865 * The ID of the Resolver endpoint that you want to disassociate an IP address from. 866 */ 867 ResolverEndpointId: ResourceId; 868 /** 869 * The IPv4 address that you want to remove from a Resolver endpoint. 870 */ 871 IpAddress: IpAddressUpdate; 872 } 873 export interface DisassociateResolverEndpointIpAddressResponse { 874 /** 875 * The response to an DisassociateResolverEndpointIpAddress request. 876 */ 877 ResolverEndpoint?: ResolverEndpoint; 878 } 879 export interface DisassociateResolverQueryLogConfigRequest { 880 /** 881 * The ID of the query logging configuration that you want to disassociate a specified VPC from. 882 */ 883 ResolverQueryLogConfigId: ResourceId; 884 /** 885 * The ID of the Amazon VPC that you want to disassociate from a specified query logging configuration. 886 */ 887 ResourceId: ResourceId; 888 } 889 export interface DisassociateResolverQueryLogConfigResponse { 890 /** 891 * A complex type that contains settings for the association that you deleted between an Amazon VPC and a query logging configuration. 892 */ 893 ResolverQueryLogConfigAssociation?: ResolverQueryLogConfigAssociation; 894 } 895 export interface DisassociateResolverRuleRequest { 896 /** 897 * The ID of the VPC that you want to disassociate the Resolver rule from. 898 */ 899 VPCId: ResourceId; 900 /** 901 * The ID of the Resolver rule that you want to disassociate from the specified VPC. 902 */ 903 ResolverRuleId: ResourceId; 904 } 905 export interface DisassociateResolverRuleResponse { 906 /** 907 * Information about the DisassociateResolverRule request, including the status of the request. 908 */ 909 ResolverRuleAssociation?: ResolverRuleAssociation; 910 } 911 export type DomainListFileUrl = string; 912 export type DomainName = string; 913 export interface Filter { 914 /** 915 * The name of the parameter that you want to use to filter objects. The valid values for Name depend on the action that you're including the filter in, ListResolverEndpoints, ListResolverRules, ListResolverRuleAssociations, ListResolverQueryLogConfigs, or ListResolverQueryLogConfigAssociations. In early versions of Resolver, values for Name were listed as uppercase, with underscore (_) delimiters. For example, CreatorRequestId was originally listed as CREATOR_REQUEST_ID. Uppercase values for Name are still supported. ListResolverEndpoints Valid values for Name include the following: CreatorRequestId: The value that you specified when you created the Resolver endpoint. Direction: Whether you want to return inbound or outbound Resolver endpoints. If you specify DIRECTION for Name, specify INBOUND or OUTBOUND for Values. HostVPCId: The ID of the VPC that inbound DNS queries pass through on the way from your network to your VPCs in a region, or the VPC that outbound queries pass through on the way from your VPCs to your network. In a CreateResolverEndpoint request, SubnetId indirectly identifies the VPC. In a GetResolverEndpoint request, the VPC ID for a Resolver endpoint is returned in the HostVPCId element. IpAddressCount: The number of IP addresses that you have associated with the Resolver endpoint. Name: The name of the Resolver endpoint. SecurityGroupIds: The IDs of the VPC security groups that you specified when you created the Resolver endpoint. Status: The status of the Resolver endpoint. If you specify Status for Name, specify one of the following status codes for Values: CREATING, OPERATIONAL, UPDATING, AUTO_RECOVERING, ACTION_NEEDED, or DELETING. For more information, see Status in ResolverEndpoint. ListResolverRules Valid values for Name include the following: CreatorRequestId: The value that you specified when you created the Resolver rule. DomainName: The domain name for which Resolver is forwarding DNS queries to your network. In the value that you specify for Values, include a trailing dot (.) after the domain name. For example, if the domain name is example.com, specify the following value. Note the "." after com: example.com. Name: The name of the Resolver rule. ResolverEndpointId: The ID of the Resolver endpoint that the Resolver rule is associated with. You can filter on the Resolver endpoint only for rules that have a value of FORWARD for RuleType. Status: The status of the Resolver rule. If you specify Status for Name, specify one of the following status codes for Values: COMPLETE, DELETING, UPDATING, or FAILED. Type: The type of the Resolver rule. If you specify TYPE for Name, specify FORWARD or SYSTEM for Values. ListResolverRuleAssociations Valid values for Name include the following: Name: The name of the Resolver rule association. ResolverRuleId: The ID of the Resolver rule that is associated with one or more VPCs. Status: The status of the Resolver rule association. If you specify Status for Name, specify one of the following status codes for Values: CREATING, COMPLETE, DELETING, or FAILED. VPCId: The ID of the VPC that the Resolver rule is associated with. ListResolverQueryLogConfigs Valid values for Name include the following: Arn: The ARN for the query logging configuration. AssociationCount: The number of VPCs that are associated with the query logging configuration. CreationTime: The date and time that the query logging configuration was created, in Unix time format and Coordinated Universal Time (UTC). CreatorRequestId: A unique string that identifies the request that created the query logging configuration. Destination: The Amazon Web Services service that you want to forward query logs to. Valid values include the following: S3 CloudWatchLogs KinesisFirehose DestinationArn: The ARN of the location that Resolver is sending query logs to. This value can be the ARN for an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream. Id: The ID of the query logging configuration Name: The name of the query logging configuration OwnerId: The Amazon Web Services account ID for the account that created the query logging configuration. ShareStatus: An indication of whether the query logging configuration is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Valid values include: NOT_SHARED, SHARED_WITH_ME, or SHARED_BY_ME. Status: The status of the query logging configuration. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status. ListResolverQueryLogConfigAssociations Valid values for Name include the following: CreationTime: The date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC). Error: If the value of Status is FAILED, specify the cause: DESTINATION_NOT_FOUND or ACCESS_DENIED. Id: The ID of the query logging association. ResolverQueryLogConfigId: The ID of the query logging configuration that a VPC is associated with. ResourceId: The ID of the Amazon VPC that is associated with the query logging configuration. Status: The status of the query logging association. If you specify Status for Name, specify the applicable status code for Values: CREATING, CREATED, DELETING, or FAILED. For more information, see Status. 916 */ 917 Name?: FilterName; 918 /** 919 * When you're using a List operation and you want the operation to return a subset of objects, such as Resolver endpoints or Resolver rules, the value of the parameter that you want to use to filter objects. For example, to list only inbound Resolver endpoints, specify Direction for Name and specify INBOUND for Values. 920 */ 921 Values?: FilterValues; 922 } 923 export type FilterName = string; 924 export type FilterValue = string; 925 export type FilterValues = FilterValue[]; 926 export type Filters = Filter[]; 927 export interface FirewallConfig { 928 /** 929 * The ID of the firewall configuration. 930 */ 931 Id?: ResourceId; 932 /** 933 * The ID of the VPC that this firewall configuration applies to. 934 */ 935 ResourceId?: ResourceId; 936 /** 937 * The Amazon Web Services account ID of the owner of the VPC that this firewall configuration applies to. 938 */ 939 OwnerId?: AccountId; 940 /** 941 * Determines how DNS Firewall operates during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall returns a failure error when it is unable to properly evaluate a query. If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them. This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association. 942 */ 943 FirewallFailOpen?: FirewallFailOpenStatus; 944 } 945 export type FirewallConfigList = FirewallConfig[]; 946 export type FirewallDomainImportOperation = "REPLACE"|string; 947 export interface FirewallDomainList { 948 /** 949 * The ID of the domain list. 950 */ 951 Id?: ResourceId; 952 /** 953 * The Amazon Resource Name (ARN) of the firewall domain list. 954 */ 955 Arn?: Arn; 956 /** 957 * The name of the domain list. 958 */ 959 Name?: Name; 960 /** 961 * The number of domain names that are specified in the domain list. 962 */ 963 DomainCount?: Unsigned; 964 /** 965 * The status of the domain list. 966 */ 967 Status?: FirewallDomainListStatus; 968 /** 969 * Additional information about the status of the list, if available. 970 */ 971 StatusMessage?: StatusMessage; 972 /** 973 * The owner of the list, used only for lists that are not managed by you. For example, the managed domain list AWSManagedDomainsMalwareDomainList has the managed owner name Route 53 Resolver DNS Firewall. 974 */ 975 ManagedOwnerName?: ServicePrinciple; 976 /** 977 * A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp. 978 */ 979 CreatorRequestId?: CreatorRequestId; 980 /** 981 * The date and time that the domain list was created, in Unix time format and Coordinated Universal Time (UTC). 982 */ 983 CreationTime?: Rfc3339TimeString; 984 /** 985 * The date and time that the domain list was last modified, in Unix time format and Coordinated Universal Time (UTC). 986 */ 987 ModificationTime?: Rfc3339TimeString; 988 } 989 export interface FirewallDomainListMetadata { 990 /** 991 * The ID of the domain list. 992 */ 993 Id?: ResourceId; 994 /** 995 * The Amazon Resource Name (ARN) of the firewall domain list metadata. 996 */ 997 Arn?: Arn; 998 /** 999 * The name of the domain list. 1000 */ 1001 Name?: Name; 1002 /** 1003 * A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp. 1004 */ 1005 CreatorRequestId?: CreatorRequestId; 1006 /** 1007 * The owner of the list, used only for lists that are not managed by you. For example, the managed domain list AWSManagedDomainsMalwareDomainList has the managed owner name Route 53 Resolver DNS Firewall. 1008 */ 1009 ManagedOwnerName?: ServicePrinciple; 1010 } 1011 export type FirewallDomainListMetadataList = FirewallDomainListMetadata[]; 1012 export type FirewallDomainListStatus = "COMPLETE"|"COMPLETE_IMPORT_FAILED"|"IMPORTING"|"DELETING"|"UPDATING"|string; 1013 export type FirewallDomainName = string; 1014 export type FirewallDomainUpdateOperation = "ADD"|"REMOVE"|"REPLACE"|string; 1015 export type FirewallDomains = FirewallDomainName[]; 1016 export type FirewallFailOpenStatus = "ENABLED"|"DISABLED"|string; 1017 export interface FirewallRule { 1018 /** 1019 * The unique identifier of the firewall rule group of the rule. 1020 */ 1021 FirewallRuleGroupId?: ResourceId; 1022 /** 1023 * The ID of the domain list that's used in the rule. 1024 */ 1025 FirewallDomainListId?: ResourceId; 1026 /** 1027 * The name of the rule. 1028 */ 1029 Name?: Name; 1030 /** 1031 * The priority of the rule in the rule group. This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting. 1032 */ 1033 Priority?: Priority; 1034 /** 1035 * The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list: ALLOW - Permit the request to go through. ALERT - Permit the request to go through but send an alert to the logs. BLOCK - Disallow the request. If this is specified, additional handling details are provided in the rule's BlockResponse setting. 1036 */ 1037 Action?: Action; 1038 /** 1039 * The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK. NODATA - Respond indicating that the query was successful, but no response is available for it. NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist. OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings. 1040 */ 1041 BlockResponse?: BlockResponse; 1042 /** 1043 * The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE. 1044 */ 1045 BlockOverrideDomain?: BlockOverrideDomain; 1046 /** 1047 * The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE. 1048 */ 1049 BlockOverrideDnsType?: BlockOverrideDnsType; 1050 /** 1051 * The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE. 1052 */ 1053 BlockOverrideTtl?: Unsigned; 1054 /** 1055 * A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp. 1056 */ 1057 CreatorRequestId?: CreatorRequestId; 1058 /** 1059 * The date and time that the rule was created, in Unix time format and Coordinated Universal Time (UTC). 1060 */ 1061 CreationTime?: Rfc3339TimeString; 1062 /** 1063 * The date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC). 1064 */ 1065 ModificationTime?: Rfc3339TimeString; 1066 } 1067 export interface FirewallRuleGroup { 1068 /** 1069 * The ID of the rule group. 1070 */ 1071 Id?: ResourceId; 1072 /** 1073 * The ARN (Amazon Resource Name) of the rule group. 1074 */ 1075 Arn?: Arn; 1076 /** 1077 * The name of the rule group. 1078 */ 1079 Name?: Name; 1080 /** 1081 * The number of rules in the rule group. 1082 */ 1083 RuleCount?: Unsigned; 1084 /** 1085 * The status of the domain list. 1086 */ 1087 Status?: FirewallRuleGroupStatus; 1088 /** 1089 * Additional information about the status of the rule group, if available. 1090 */ 1091 StatusMessage?: StatusMessage; 1092 /** 1093 * The Amazon Web Services account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you. 1094 */ 1095 OwnerId?: AccountId; 1096 /** 1097 * A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp. 1098 */ 1099 CreatorRequestId?: CreatorRequestId; 1100 /** 1101 * Whether the rule group is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM). 1102 */ 1103 ShareStatus?: ShareStatus; 1104 /** 1105 * The date and time that the rule group was created, in Unix time format and Coordinated Universal Time (UTC). 1106 */ 1107 CreationTime?: Rfc3339TimeString; 1108 /** 1109 * The date and time that the rule group was last modified, in Unix time format and Coordinated Universal Time (UTC). 1110 */ 1111 ModificationTime?: Rfc3339TimeString; 1112 } 1113 export interface FirewallRuleGroupAssociation { 1114 /** 1115 * The identifier for the association. 1116 */ 1117 Id?: ResourceId; 1118 /** 1119 * The Amazon Resource Name (ARN) of the firewall rule group association. 1120 */ 1121 Arn?: Arn; 1122 /** 1123 * The unique identifier of the firewall rule group. 1124 */ 1125 FirewallRuleGroupId?: ResourceId; 1126 /** 1127 * The unique identifier of the VPC that is associated with the rule group. 1128 */ 1129 VpcId?: ResourceId; 1130 /** 1131 * The name of the association. 1132 */ 1133 Name?: Name; 1134 /** 1135 * The setting that determines the processing order of the rule group among the rule groups that are associated with a single VPC. DNS Firewall filters VPC traffic starting from rule group with the lowest numeric priority setting. 1136 */ 1137 Priority?: Priority; 1138 /** 1139 * If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections. 1140 */ 1141 MutationProtection?: MutationProtectionStatus; 1142 /** 1143 * The owner of the association, used only for associations that are not managed by you. If you use Firewall Manager to manage your DNS Firewalls, then this reports Firewall Manager as the managed owner. 1144 */ 1145 ManagedOwnerName?: ServicePrinciple; 1146 /** 1147 * The current status of the association. 1148 */ 1149 Status?: FirewallRuleGroupAssociationStatus; 1150 /** 1151 * Additional information about the status of the response, if available. 1152 */ 1153 StatusMessage?: StatusMessage; 1154 /** 1155 * A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp. 1156 */ 1157 CreatorRequestId?: CreatorRequestId; 1158 /** 1159 * The date and time that the association was created, in Unix time format and Coordinated Universal Time (UTC). 1160 */ 1161 CreationTime?: Rfc3339TimeString; 1162 /** 1163 * The date and time that the association was last modified, in Unix time format and Coordinated Universal Time (UTC). 1164 */ 1165 ModificationTime?: Rfc3339TimeString; 1166 } 1167 export type FirewallRuleGroupAssociationStatus = "COMPLETE"|"DELETING"|"UPDATING"|string; 1168 export type FirewallRuleGroupAssociations = FirewallRuleGroupAssociation[]; 1169 export interface FirewallRuleGroupMetadata { 1170 /** 1171 * The ID of the rule group. 1172 */ 1173 Id?: ResourceId; 1174 /** 1175 * The ARN (Amazon Resource Name) of the rule group. 1176 */ 1177 Arn?: Arn; 1178 /** 1179 * The name of the rule group. 1180 */ 1181 Name?: Name; 1182 /** 1183 * The Amazon Web Services account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you. 1184 */ 1185 OwnerId?: AccountId; 1186 /** 1187 * A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of running the operation twice. This can be any unique string, for example, a timestamp. 1188 */ 1189 CreatorRequestId?: CreatorRequestId; 1190 /** 1191 * Whether the rule group is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM). 1192 */ 1193 ShareStatus?: ShareStatus; 1194 } 1195 export type FirewallRuleGroupMetadataList = FirewallRuleGroupMetadata[]; 1196 export type FirewallRuleGroupPolicy = string; 1197 export type FirewallRuleGroupStatus = "COMPLETE"|"DELETING"|"UPDATING"|string; 1198 export type FirewallRules = FirewallRule[]; 1199 export interface GetFirewallConfigRequest { 1200 /** 1201 * The ID of the VPC from Amazon VPC that the configuration is for. 1202 */ 1203 ResourceId: ResourceId; 1204 } 1205 export interface GetFirewallConfigResponse { 1206 /** 1207 * Configuration of the firewall behavior provided by DNS Firewall for a single VPC from AmazonVPC. 1208 */ 1209 FirewallConfig?: FirewallConfig; 1210 } 1211 export interface GetFirewallDomainListRequest { 1212 /** 1213 * The ID of the domain list. 1214 */ 1215 FirewallDomainListId: ResourceId; 1216 } 1217 export interface GetFirewallDomainListResponse { 1218 /** 1219 * The domain list that you requested. 1220 */ 1221 FirewallDomainList?: FirewallDomainList; 1222 } 1223 export interface GetFirewallRuleGroupAssociationRequest { 1224 /** 1225 * The identifier of the FirewallRuleGroupAssociation. 1226 */ 1227 FirewallRuleGroupAssociationId: ResourceId; 1228 } 1229 export interface GetFirewallRuleGroupAssociationResponse { 1230 /** 1231 * The association that you requested. 1232 */ 1233 FirewallRuleGroupAssociation?: FirewallRuleGroupAssociation; 1234 } 1235 export interface GetFirewallRuleGroupPolicyRequest { 1236 /** 1237 * The ARN (Amazon Resource Name) for the rule group. 1238 */ 1239 Arn: Arn; 1240 } 1241 export interface GetFirewallRuleGroupPolicyResponse { 1242 /** 1243 * The Identity and Access Management (Amazon Web Services IAM) policy for sharing the specified rule group. You can use the policy to share the rule group using Resource Access Manager (RAM). 1244 */ 1245 FirewallRuleGroupPolicy?: FirewallRuleGroupPolicy; 1246 } 1247 export interface GetFirewallRuleGroupRequest { 1248 /** 1249 * The unique identifier of the firewall rule group. 1250 */ 1251 FirewallRuleGroupId: ResourceId; 1252 } 1253 export interface GetFirewallRuleGroupResponse { 1254 /** 1255 * A collection of rules used to filter DNS network traffic. 1256 */ 1257 FirewallRuleGroup?: FirewallRuleGroup; 1258 } 1259 export interface GetResolverDnssecConfigRequest { 1260 /** 1261 * The ID of the virtual private cloud (VPC) for the DNSSEC validation status. 1262 */ 1263 ResourceId: ResourceId; 1264 } 1265 export interface GetResolverDnssecConfigResponse { 1266 /** 1267 * The information about a configuration for DNSSEC validation. 1268 */ 1269 ResolverDNSSECConfig?: ResolverDnssecConfig; 1270 } 1271 export interface GetResolverEndpointRequest { 1272 /** 1273 * The ID of the Resolver endpoint that you want to get information about. 1274 */ 1275 ResolverEndpointId: ResourceId; 1276 } 1277 export interface GetResolverEndpointResponse { 1278 /** 1279 * Information about the Resolver endpoint that you specified in a GetResolverEndpoint request. 1280 */ 1281 ResolverEndpoint?: ResolverEndpoint; 1282 } 1283 export interface GetResolverQueryLogConfigAssociationRequest { 1284 /** 1285 * The ID of the Resolver query logging configuration association that you want to get information about. 1286 */ 1287 ResolverQueryLogConfigAssociationId: ResourceId; 1288 } 1289 export interface GetResolverQueryLogConfigAssociationResponse { 1290 /** 1291 * Information about the Resolver query logging configuration association that you specified in a GetQueryLogConfigAssociation request. 1292 */ 1293 ResolverQueryLogConfigAssociation?: ResolverQueryLogConfigAssociation; 1294 } 1295 export interface GetResolverQueryLogConfigPolicyRequest { 1296 /** 1297 * The ARN of the query logging configuration that you want to get the query logging policy for. 1298 */ 1299 Arn: Arn; 1300 } 1301 export interface GetResolverQueryLogConfigPolicyResponse { 1302 /** 1303 * Information about the query logging policy for the query logging configuration that you specified in a GetResolverQueryLogConfigPolicy request. 1304 */ 1305 ResolverQueryLogConfigPolicy?: ResolverQueryLogConfigPolicy; 1306 } 1307 export interface GetResolverQueryLogConfigRequest { 1308 /** 1309 * The ID of the Resolver query logging configuration that you want to get information about. 1310 */ 1311 ResolverQueryLogConfigId: ResourceId; 1312 } 1313 export interface GetResolverQueryLogConfigResponse { 1314 /** 1315 * Information about the Resolver query logging configuration that you specified in a GetQueryLogConfig request. 1316 */ 1317 ResolverQueryLogConfig?: ResolverQueryLogConfig; 1318 } 1319 export interface GetResolverRuleAssociationRequest { 1320 /** 1321 * The ID of the Resolver rule association that you want to get information about. 1322 */ 1323 ResolverRuleAssociationId: ResourceId; 1324 } 1325 export interface GetResolverRuleAssociationResponse { 1326 /** 1327 * Information about the Resolver rule association that you specified in a GetResolverRuleAssociation request. 1328 */ 1329 ResolverRuleAssociation?: ResolverRuleAssociation; 1330 } 1331 export interface GetResolverRulePolicyRequest { 1332 /** 1333 * The ID of the Resolver rule that you want to get the Resolver rule policy for. 1334 */ 1335 Arn: Arn; 1336 } 1337 export interface GetResolverRulePolicyResponse { 1338 /** 1339 * The Resolver rule policy for the rule that you specified in a GetResolverRulePolicy request. 1340 */ 1341 ResolverRulePolicy?: ResolverRulePolicy; 1342 } 1343 export interface GetResolverRuleRequest { 1344 /** 1345 * The ID of the Resolver rule that you want to get information about. 1346 */ 1347 ResolverRuleId: ResourceId; 1348 } 1349 export interface GetResolverRuleResponse { 1350 /** 1351 * Information about the Resolver rule that you specified in a GetResolverRule request. 1352 */ 1353 ResolverRule?: ResolverRule; 1354 } 1355 export interface ImportFirewallDomainsRequest { 1356 /** 1357 * The ID of the domain list that you want to modify with the import operation. 1358 */ 1359 FirewallDomainListId: ResourceId; 1360 /** 1361 * What you want DNS Firewall to do with the domains that are listed in the file. This must be set to REPLACE, which updates the domain list to exactly match the list in the file. 1362 */ 1363 Operation: FirewallDomainImportOperation; 1364 /** 1365 * The fully qualified URL or URI of the file stored in Amazon Simple Storage Service (Amazon S3) that contains the list of domains to import. The file must be in an S3 bucket that's in the same Region as your DNS Firewall. The file must be a text file and must contain a single domain per line. 1366 */ 1367 DomainFileUrl: DomainListFileUrl; 1368 } 1369 export interface ImportFirewallDomainsResponse { 1370 /** 1371 * The Id of the firewall domain list that DNS Firewall just updated. 1372 */ 1373 Id?: ResourceId; 1374 /** 1375 * The name of the domain list. 1376 */ 1377 Name?: Name; 1378 /** 1379 * 1380 */ 1381 Status?: FirewallDomainListStatus; 1382 /** 1383 * Additional information about the status of the list, if available. 1384 */ 1385 StatusMessage?: StatusMessage; 1386 } 1387 export type Ip = string; 1388 export type IpAddressCount = number; 1389 export interface IpAddressRequest { 1390 /** 1391 * The ID of the subnet that contains the IP address. 1392 */ 1393 SubnetId: SubnetId; 1394 /** 1395 * The IP address that you want to use for DNS queries. 1396 */ 1397 Ip?: Ip; 1398 } 1399 export interface IpAddressResponse { 1400 /** 1401 * The ID of one IP address. 1402 */ 1403 IpId?: ResourceId; 1404 /** 1405 * The ID of one subnet. 1406 */ 1407 SubnetId?: SubnetId; 1408 /** 1409 * One IP address that the Resolver endpoint uses for DNS queries. 1410 */ 1411 Ip?: Ip; 1412 /** 1413 * A status code that gives the current status of the request. 1414 */ 1415 Status?: IpAddressStatus; 1416 /** 1417 * A message that provides additional information about the status of the request. 1418 */ 1419 StatusMessage?: StatusMessage; 1420 /** 1421 * The date and time that the IP address was created, in Unix time format and Coordinated Universal Time (UTC). 1422 */ 1423 CreationTime?: Rfc3339TimeString; 1424 /** 1425 * The date and time that the IP address was last modified, in Unix time format and Coordinated Universal Time (UTC). 1426 */ 1427 ModificationTime?: Rfc3339TimeString; 1428 } 1429 export type IpAddressStatus = "CREATING"|"FAILED_CREATION"|"ATTACHING"|"ATTACHED"|"REMAP_DETACHING"|"REMAP_ATTACHING"|"DETACHING"|"FAILED_RESOURCE_GONE"|"DELETING"|"DELETE_FAILED_FAS_EXPIRED"|string; 1430 export interface IpAddressUpdate { 1431 /** 1432 * Only when removing an IP address from a Resolver endpoint: The ID of the IP address that you want to remove. To get this ID, use GetResolverEndpoint. 1433 */ 1434 IpId?: ResourceId; 1435 /** 1436 * The ID of the subnet that includes the IP address that you want to update. To get this ID, use GetResolverEndpoint. 1437 */ 1438 SubnetId?: SubnetId; 1439 /** 1440 * The new IP address. 1441 */ 1442 Ip?: Ip; 1443 } 1444 export type IpAddressesRequest = IpAddressRequest[]; 1445 export type IpAddressesResponse = IpAddressResponse[]; 1446 export type ListDomainMaxResults = number; 1447 export type ListFirewallConfigsMaxResult = number; 1448 export interface ListFirewallConfigsRequest { 1449 /** 1450 * The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects. If you don't specify a value for MaxResults, Resolver returns up to 100 objects. 1451 */ 1452 MaxResults?: ListFirewallConfigsMaxResult; 1453 /** 1454 * For the first call to this list request, omit this value. When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request. 1455 */ 1456 NextToken?: NextToken; 1457 } 1458 export interface ListFirewallConfigsResponse { 1459 /** 1460 * If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request. 1461 */ 1462 NextToken?: NextToken; 1463 /** 1464 * The configurations for the firewall behavior provided by DNS Firewall for VPCs from Amazon Virtual Private Cloud (Amazon VPC). 1465 */ 1466 FirewallConfigs?: FirewallConfigList; 1467 } 1468 export interface ListFirewallDomainListsRequest { 1469 /** 1470 * The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects. If you don't specify a value for MaxResults, Resolver returns up to 100 objects. 1471 */ 1472 MaxResults?: MaxResults; 1473 /** 1474 * For the first call to this list request, omit this value. When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request. 1475 */ 1476 NextToken?: NextToken; 1477 } 1478 export interface ListFirewallDomainListsResponse { 1479 /** 1480 * If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request. 1481 */ 1482 NextToken?: NextToken; 1483 /** 1484 * A list of the domain lists that you have defined. This might be a partial list of the domain lists that you've defined. For information, see MaxResults. 1485 */ 1486 FirewallDomainLists?: FirewallDomainListMetadataList; 1487 } 1488 export interface ListFirewallDomainsRequest { 1489 /** 1490 * The ID of the domain list whose domains you want to retrieve. 1491 */ 1492 FirewallDomainListId: ResourceId; 1493 /** 1494 * The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects. If you don't specify a value for MaxResults, Resolver returns up to 100 objects. 1495 */ 1496 MaxResults?: ListDomainMaxResults; 1497 /** 1498 * For the first call to this list request, omit this value. When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request. 1499 */ 1500 NextToken?: NextToken; 1501 } 1502 export interface ListFirewallDomainsResponse { 1503 /** 1504 * If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request. 1505 */ 1506 NextToken?: NextToken; 1507 /** 1508 * A list of the domains in the firewall domain list. This might be a partial list of the domains that you've defined in the domain list. For information, see MaxResults. 1509 */ 1510 Domains?: FirewallDomains; 1511 } 1512 export interface ListFirewallRuleGroupAssociationsRequest { 1513 /** 1514 * The unique identifier of the firewall rule group that you want to retrieve the associations for. Leave this blank to retrieve associations for any rule group. 1515 */ 1516 FirewallRuleGroupId?: ResourceId; 1517 /** 1518 * The unique identifier of the VPC that you want to retrieve the associations for. Leave this blank to retrieve associations for any VPC. 1519 */ 1520 VpcId?: ResourceId; 1521 /** 1522 * The setting that determines the processing order of the rule group among the rule groups that are associated with a single VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting. 1523 */ 1524 Priority?: Priority; 1525 /** 1526 * The association Status setting that you want DNS Firewall to filter on for the list. If you don't specify this, then DNS Firewall returns all associations, regardless of status. 1527 */ 1528 Status?: FirewallRuleGroupAssociationStatus; 1529 /** 1530 * The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects. If you don't specify a value for MaxResults, Resolver returns up to 100 objects. 1531 */ 1532 MaxResults?: MaxResults; 1533 /** 1534 * For the first call to this list request, omit this value. When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request. 1535 */ 1536 NextToken?: NextToken; 1537 } 1538 export interface ListFirewallRuleGroupAssociationsResponse { 1539 /** 1540 * If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request. 1541 */ 1542 NextToken?: NextToken; 1543 /** 1544 * A list of your firewall rule group associations. This might be a partial list of the associations that you have defined. For information, see MaxResults. 1545 */ 1546 FirewallRuleGroupAssociations?: FirewallRuleGroupAssociations; 1547 } 1548 export interface ListFirewallRuleGroupsRequest { 1549 /** 1550 * The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects. If you don't specify a value for MaxResults, Resolver returns up to 100 objects. 1551 */ 1552 MaxResults?: MaxResults; 1553 /** 1554 * For the first call to this list request, omit this value. When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request. 1555 */ 1556 NextToken?: NextToken; 1557 } 1558 export interface ListFirewallRuleGroupsResponse { 1559 /** 1560 * If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request. 1561 */ 1562 NextToken?: NextToken; 1563 /** 1564 * A list of your firewall rule groups. This might be a partial list of the rule groups that you have defined. For information, see MaxResults. 1565 */ 1566 FirewallRuleGroups?: FirewallRuleGroupMetadataList; 1567 } 1568 export interface ListFirewallRulesRequest { 1569 /** 1570 * The unique identifier of the firewall rule group that you want to retrieve the rules for. 1571 */ 1572 FirewallRuleGroupId: ResourceId; 1573 /** 1574 * Optional additional filter for the rules to retrieve. The setting that determines the processing order of the rules in a rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting. 1575 */ 1576 Priority?: Priority; 1577 /** 1578 * Optional additional filter for the rules to retrieve. The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list: ALLOW - Permit the request to go through. ALERT - Permit the request to go through but send an alert to the logs. BLOCK - Disallow the request. If this is specified, additional handling details are provided in the rule's BlockResponse setting. 1579 */ 1580 Action?: Action; 1581 /** 1582 * The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects. If you don't specify a value for MaxResults, Resolver returns up to 100 objects. 1583 */ 1584 MaxResults?: MaxResults; 1585 /** 1586 * For the first call to this list request, omit this value. When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request. 1587 */ 1588 NextToken?: NextToken; 1589 } 1590 export interface ListFirewallRulesResponse { 1591 /** 1592 * If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request. 1593 */ 1594 NextToken?: NextToken; 1595 /** 1596 * A list of the rules that you have defined. This might be a partial list of the firewall rules that you've defined. For information, see MaxResults. 1597 */ 1598 FirewallRules?: FirewallRules; 1599 } 1600 export interface ListResolverDnssecConfigsRequest { 1601 /** 1602 * Optional: An integer that specifies the maximum number of DNSSEC configuration results that you want Amazon Route 53 to return. If you don't specify a value for MaxResults, Route 53 returns up to 100 configuration per page. 1603 */ 1604 MaxResults?: MaxResults; 1605 /** 1606 * (Optional) If the current Amazon Web Services account has more than MaxResults DNSSEC configurations, use NextToken to get the second and subsequent pages of results. For the first ListResolverDnssecConfigs request, omit this value. For the second and subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request. 1607 */ 1608 NextToken?: NextToken; 1609 /** 1610 * An optional specification to return a subset of objects. 1611 */ 1612 Filters?: Filters; 1613 } 1614 export interface ListResolverDnssecConfigsResponse { 1615 /** 1616 * If a response includes the last of the DNSSEC configurations that are associated with the current Amazon Web Services account, NextToken doesn't appear in the response. If a response doesn't include the last of the configurations, you can get more configurations by submitting another ListResolverDnssecConfigs request. Get the value of NextToken that Amazon Route 53 returned in the previous response and include it in NextToken in the next request. 1617 */ 1618 NextToken?: NextToken; 1619 /** 1620 * An array that contains one ResolverDnssecConfig element for each configuration for DNSSEC validation that is associated with the current Amazon Web Services account. 1621 */ 1622 ResolverDnssecConfigs?: ResolverDnssecConfigList; 1623 } 1624 export interface ListResolverEndpointIpAddressesRequest { 1625 /** 1626 * The ID of the Resolver endpoint that you want to get IP addresses for. 1627 */ 1628 ResolverEndpointId: ResourceId; 1629 /** 1630 * The maximum number of IP addresses that you want to return in the response to a ListResolverEndpointIpAddresses request. If you don't specify a value for MaxResults, Resolver returns up to 100 IP addresses. 1631 */ 1632 MaxResults?: MaxResults; 1633 /** 1634 * For the first ListResolverEndpointIpAddresses request, omit this value. If the specified Resolver endpoint has more than MaxResults IP addresses, you can submit another ListResolverEndpointIpAddresses request to get the next group of IP addresses. In the next request, specify the value of NextToken from the previous response. 1635 */ 1636 NextToken?: NextToken; 1637 } 1638 export interface ListResolverEndpointIpAddressesResponse { 1639 /** 1640 * If the specified endpoint has more than MaxResults IP addresses, you can submit another ListResolverEndpointIpAddresses request to get the next group of IP addresses. In the next request, specify the value of NextToken from the previous response. 1641 */ 1642 NextToken?: NextToken; 1643 /** 1644 * The value that you specified for MaxResults in the request. 1645 */ 1646 MaxResults?: MaxResults; 1647 /** 1648 * Information about the IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). 1649 */ 1650 IpAddresses?: IpAddressesResponse; 1651 } 1652 export interface ListResolverEndpointsRequest { 1653 /** 1654 * The maximum number of Resolver endpoints that you want to return in the response to a ListResolverEndpoints request. If you don't specify a value for MaxResults, Resolver returns up to 100 Resolver endpoints. 1655 */ 1656 MaxResults?: MaxResults; 1657 /** 1658 * For the first ListResolverEndpoints request, omit this value. If you have more than MaxResults Resolver endpoints, you can submit another ListResolverEndpoints request to get the next group of Resolver endpoints. In the next request, specify the value of NextToken from the previous response. 1659 */ 1660 NextToken?: NextToken; 1661 /** 1662 * An optional specification to return a subset of Resolver endpoints, such as all inbound Resolver endpoints. If you submit a second or subsequent ListResolverEndpoints request and specify the NextToken parameter, you must use the same values for Filters, if any, as in the previous request. 1663 */ 1664 Filters?: Filters; 1665 } 1666 export interface ListResolverEndpointsResponse { 1667 /** 1668 * If more than MaxResults IP addresses match the specified criteria, you can submit another ListResolverEndpoint request to get the next group of results. In the next request, specify the value of NextToken from the previous response. 1669 */ 1670 NextToken?: NextToken; 1671 /** 1672 * The value that you specified for MaxResults in the request. 1673 */ 1674 MaxResults?: MaxResults; 1675 /** 1676 * The Resolver endpoints that were created by using the current Amazon Web Services account, and that match the specified filters, if any. 1677 */ 1678 ResolverEndpoints?: ResolverEndpoints; 1679 } 1680 export interface ListResolverQueryLogConfigAssociationsRequest { 1681 /** 1682 * The maximum number of query logging associations that you want to return in the response to a ListResolverQueryLogConfigAssociations request. If you don't specify a value for MaxResults, Resolver returns up to 100 query logging associations. 1683 */ 1684 MaxResults?: MaxResults; 1685 /** 1686 * For the first ListResolverQueryLogConfigAssociations request, omit this value. If there are more than MaxResults query logging associations that match the values that you specify for Filters, you can submit another ListResolverQueryLogConfigAssociations request to get the next group of associations. In the next request, specify the value of NextToken from the previous response. 1687 */ 1688 NextToken?: NextToken; 1689 /** 1690 * An optional specification to return a subset of query logging associations. If you submit a second or subsequent ListResolverQueryLogConfigAssociations request and specify the NextToken parameter, you must use the same values for Filters, if any, as in the previous request. 1691 */ 1692 Filters?: Filters; 1693 /** 1694 * The element that you want Resolver to sort query logging associations by. If you submit a second or subsequent ListResolverQueryLogConfigAssociations request and specify the NextToken parameter, you must use the same value for SortBy, if any, as in the previous request. Valid values include the following elements: CreationTime: The ID of the query logging association. Error: If the value of Status is FAILED, the value of Error indicates the cause: DESTINATION_NOT_FOUND: The specified destination (for example, an Amazon S3 bucket) was deleted. ACCESS_DENIED: Permissions don't allow sending logs to the destination. If Status is a value other than FAILED, ERROR is null. Id: The ID of the query logging association ResolverQueryLogConfigId: The ID of the query logging configuration ResourceId: The ID of the VPC that is associated with the query logging configuration Status: The current status of the configuration. Valid values include the following: CREATING: Resolver is creating an association between an Amazon VPC and a query logging configuration. CREATED: The association between an Amazon VPC and a query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC. DELETING: Resolver is deleting this query logging association. FAILED: Resolver either couldn't create or couldn't delete the query logging association. Here are two common causes: The specified destination (for example, an Amazon S3 bucket) was deleted. Permissions don't allow sending logs to the destination. 1695 */ 1696 SortBy?: SortByKey; 1697 /** 1698 * If you specified a value for SortBy, the order that you want query logging associations to be listed in, ASCENDING or DESCENDING. If you submit a second or subsequent ListResolverQueryLogConfigAssociations request and specify the NextToken parameter, you must use the same value for SortOrder, if any, as in the previous request. 1699 */ 1700 SortOrder?: SortOrder; 1701 } 1702 export interface ListResolverQueryLogConfigAssociationsResponse { 1703 /** 1704 * If there are more than MaxResults query logging associations, you can submit another ListResolverQueryLogConfigAssociations request to get the next group of associations. In the next request, specify the value of NextToken from the previous response. 1705 */ 1706 NextToken?: NextToken; 1707 /** 1708 * The total number of query logging associations that were created by the current account in the specified Region. This count can differ from the number of associations that are returned in a ListResolverQueryLogConfigAssociations response, depending on the values that you specify in the request. 1709 */ 1710 TotalCount?: Count; 1711 /** 1712 * The total number of query logging associations that were created by the current account in the specified Region and that match the filters that were specified in the ListResolverQueryLogConfigAssociations request. For the total number of associations that were created by the current account in the specified Region, see TotalCount. 1713 */ 1714 TotalFilteredCount?: Count; 1715 /** 1716 * A list that contains one ResolverQueryLogConfigAssociations element for each query logging association that matches the values that you specified for Filter. 1717 */ 1718 ResolverQueryLogConfigAssociations?: ResolverQueryLogConfigAssociationList; 1719 } 1720 export interface ListResolverQueryLogConfigsRequest { 1721 /** 1722 * The maximum number of query logging configurations that you want to return in the response to a ListResolverQueryLogConfigs request. If you don't specify a value for MaxResults, Resolver returns up to 100 query logging configurations. 1723 */ 1724 MaxResults?: MaxResults; 1725 /** 1726 * For the first ListResolverQueryLogConfigs request, omit this value. If there are more than MaxResults query logging configurations that match the values that you specify for Filters, you can submit another ListResolverQueryLogConfigs request to get the next group of configurations. In the next request, specify the value of NextToken from the previous response. 1727 */ 1728 NextToken?: NextToken; 1729 /** 1730 * An optional specification to return a subset of query logging configurations. If you submit a second or subsequent ListResolverQueryLogConfigs request and specify the NextToken parameter, you must use the same values for Filters, if any, as in the previous request. 1731 */ 1732 Filters?: Filters; 1733 /** 1734 * The element that you want Resolver to sort query logging configurations by. If you submit a second or subsequent ListResolverQueryLogConfigs request and specify the NextToken parameter, you must use the same value for SortBy, if any, as in the previous request. Valid values include the following elements: Arn: The ARN of the query logging configuration AssociationCount: The number of VPCs that are associated with the specified configuration CreationTime: The date and time that Resolver returned when the configuration was created CreatorRequestId: The value that was specified for CreatorRequestId when the configuration was created DestinationArn: The location that logs are sent to Id: The ID of the configuration Name: The name of the configuration OwnerId: The Amazon Web Services account number of the account that created the configuration ShareStatus: Whether the configuration is shared with other Amazon Web Services accounts or shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM). Status: The current status of the configuration. Valid values include the following: CREATING: Resolver is creating the query logging configuration. CREATED: The query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC. DELETING: Resolver is deleting this query logging configuration. FAILED: Resolver either couldn't create or couldn't delete the query logging configuration. Here are two common causes: The specified destination (for example, an Amazon S3 bucket) was deleted. Permissions don't allow sending logs to the destination. 1735 */ 1736 SortBy?: SortByKey; 1737 /** 1738 * If you specified a value for SortBy, the order that you want query logging configurations to be listed in, ASCENDING or DESCENDING. If you submit a second or subsequent ListResolverQueryLogConfigs request and specify the NextToken parameter, you must use the same value for SortOrder, if any, as in the previous request. 1739 */ 1740 SortOrder?: SortOrder; 1741 } 1742 export interface ListResolverQueryLogConfigsResponse { 1743 /** 1744 * If there are more than MaxResults query logging configurations, you can submit another ListResolverQueryLogConfigs request to get the next group of configurations. In the next request, specify the value of NextToken from the previous response. 1745 */ 1746 NextToken?: NextToken; 1747 /** 1748 * The total number of query logging configurations that were created by the current account in the specified Region. This count can differ from the number of query logging configurations that are returned in a ListResolverQueryLogConfigs response, depending on the values that you specify in the request. 1749 */ 1750 TotalCount?: Count; 1751 /** 1752 * The total number of query logging configurations that were created by the current account in the specified Region and that match the filters that were specified in the ListResolverQueryLogConfigs request. For the total number of query logging configurations that were created by the current account in the specified Region, see TotalCount. 1753 */ 1754 TotalFilteredCount?: Count; 1755 /** 1756 * A list that contains one ResolverQueryLogConfig element for each query logging configuration that matches the values that you specified for Filter. 1757 */ 1758 ResolverQueryLogConfigs?: ResolverQueryLogConfigList; 1759 } 1760 export interface ListResolverRuleAssociationsRequest { 1761 /** 1762 * The maximum number of rule associations that you want to return in the response to a ListResolverRuleAssociations request. If you don't specify a value for MaxResults, Resolver returns up to 100 rule associations. 1763 */ 1764 MaxResults?: MaxResults; 1765 /** 1766 * For the first ListResolverRuleAssociation request, omit this value. If you have more than MaxResults rule associations, you can submit another ListResolverRuleAssociation request to get the next group of rule associations. In the next request, specify the value of NextToken from the previous response. 1767 */ 1768 NextToken?: NextToken; 1769 /** 1770 * An optional specification to return a subset of Resolver rules, such as Resolver rules that are associated with the same VPC ID. If you submit a second or subsequent ListResolverRuleAssociations request and specify the NextToken parameter, you must use the same values for Filters, if any, as in the previous request. 1771 */ 1772 Filters?: Filters; 1773 } 1774 export interface ListResolverRuleAssociationsResponse { 1775 /** 1776 * If more than MaxResults rule associations match the specified criteria, you can submit another ListResolverRuleAssociation request to get the next group of results. In the next request, specify the value of NextToken from the previous response. 1777 */ 1778 NextToken?: NextToken; 1779 /** 1780 * The value that you specified for MaxResults in the request. 1781 */ 1782 MaxResults?: MaxResults; 1783 /** 1784 * The associations that were created between Resolver rules and VPCs using the current Amazon Web Services account, and that match the specified filters, if any. 1785 */ 1786 ResolverRuleAssociations?: ResolverRuleAssociations; 1787 } 1788 export interface ListResolverRulesRequest { 1789 /** 1790 * The maximum number of Resolver rules that you want to return in the response to a ListResolverRules request. If you don't specify a value for MaxResults, Resolver returns up to 100 Resolver rules. 1791 */ 1792 MaxResults?: MaxResults; 1793 /** 1794 * For the first ListResolverRules request, omit this value. If you have more than MaxResults Resolver rules, you can submit another ListResolverRules request to get the next group of Resolver rules. In the next request, specify the value of NextToken from the previous response. 1795 */ 1796 NextToken?: NextToken; 1797 /** 1798 * An optional specification to return a subset of Resolver rules, such as all Resolver rules that are associated with the same Resolver endpoint. If you submit a second or subsequent ListResolverRules request and specify the NextToken parameter, you must use the same values for Filters, if any, as in the previous request. 1799 */ 1800 Filters?: Filters; 1801 } 1802 export interface ListResolverRulesResponse { 1803 /** 1804 * If more than MaxResults Resolver rules match the specified criteria, you can submit another ListResolverRules request to get the next group of results. In the next request, specify the value of NextToken from the previous response. 1805 */ 1806 NextToken?: NextToken; 1807 /** 1808 * The value that you specified for MaxResults in the request. 1809 */ 1810 MaxResults?: MaxResults; 1811 /** 1812 * The Resolver rules that were created using the current Amazon Web Services account and that match the specified filters, if any. 1813 */ 1814 ResolverRules?: ResolverRules; 1815 } 1816 export interface ListTagsForResourceRequest { 1817 /** 1818 * The Amazon Resource Name (ARN) for the resource that you want to list tags for. 1819 */ 1820 ResourceArn: Arn; 1821 /** 1822 * The maximum number of tags that you want to return in the response to a ListTagsForResource request. If you don't specify a value for MaxResults, Resolver returns up to 100 tags. 1823 */ 1824 MaxResults?: MaxResults; 1825 /** 1826 * For the first ListTagsForResource request, omit this value. If you have more than MaxResults tags, you can submit another ListTagsForResource request to get the next group of tags for the resource. In the next request, specify the value of NextToken from the previous response. 1827 */ 1828 NextToken?: NextToken; 1829 } 1830 export interface ListTagsForResourceResponse { 1831 /** 1832 * The tags that are associated with the resource that you specified in the ListTagsForResource request. 1833 */ 1834 Tags?: TagList; 1835 /** 1836 * If more than MaxResults tags match the specified criteria, you can submit another ListTagsForResource request to get the next group of results. In the next request, specify the value of NextToken from the previous response. 1837 */ 1838 NextToken?: NextToken; 1839 } 1840 export type MaxResults = number; 1841 export type MutationProtectionStatus = "ENABLED"|"DISABLED"|string; 1842 export type Name = string; 1843 export type NextToken = string; 1844 export type Port = number; 1845 export type Priority = number; 1846 export interface PutFirewallRuleGroupPolicyRequest { 1847 /** 1848 * The ARN (Amazon Resource Name) for the rule group that you want to share. 1849 */ 1850 Arn: Arn; 1851 /** 1852 * The Identity and Access Management (Amazon Web Services IAM) policy to attach to the rule group. 1853 */ 1854 FirewallRuleGroupPolicy: FirewallRuleGroupPolicy; 1855 } 1856 export interface PutFirewallRuleGroupPolicyResponse { 1857 /** 1858 * 1859 */ 1860 ReturnValue?: Boolean; 1861 } 1862 export interface PutResolverQueryLogConfigPolicyRequest { 1863 /** 1864 * The Amazon Resource Name (ARN) of the account that you want to share rules with. 1865 */ 1866 Arn: Arn; 1867 /** 1868 * An Identity and Access Management policy statement that lists the query logging configurations that you want to share with another Amazon Web Services account and the operations that you want the account to be able to perform. You can specify the following operations in the Actions section of the statement: route53resolver:AssociateResolverQueryLogConfig route53resolver:DisassociateResolverQueryLogConfig route53resolver:ListResolverQueryLogConfigAssociations route53resolver:ListResolverQueryLogConfigs In the Resource section of the statement, you specify the ARNs for the query logging configurations that you want to share with the account that you specified in Arn. 1869 */ 1870 ResolverQueryLogConfigPolicy: ResolverQueryLogConfigPolicy; 1871 } 1872 export interface PutResolverQueryLogConfigPolicyResponse { 1873 /** 1874 * Whether the PutResolverQueryLogConfigPolicy request was successful. 1875 */ 1876 ReturnValue?: Boolean; 1877 } 1878 export interface PutResolverRulePolicyRequest { 1879 /** 1880 * The Amazon Resource Name (ARN) of the rule that you want to share with another account. 1881 */ 1882 Arn: Arn; 1883 /** 1884 * An Identity and Access Management policy statement that lists the rules that you want to share with another Amazon Web Services account and the operations that you want the account to be able to perform. You can specify the following operations in the Action section of the statement: route53resolver:GetResolverRule route53resolver:AssociateResolverRule route53resolver:DisassociateResolverRule route53resolver:ListResolverRules route53resolver:ListResolverRuleAssociations In the Resource section of the statement, specify the ARN for the rule that you want to share with another account. Specify the same ARN that you specified in Arn. 1885 */ 1886 ResolverRulePolicy: ResolverRulePolicy; 1887 } 1888 export interface PutResolverRulePolicyResponse { 1889 /** 1890 * Whether the PutResolverRulePolicy request was successful. 1891 */ 1892 ReturnValue?: Boolean; 1893 } 1894 export type ResolverDNSSECValidationStatus = "ENABLING"|"ENABLED"|"DISABLING"|"DISABLED"|string; 1895 export interface ResolverDnssecConfig { 1896 /** 1897 * The ID for a configuration for DNSSEC validation. 1898 */ 1899 Id?: ResourceId; 1900 /** 1901 * The owner account ID of the virtual private cloud (VPC) for a configuration for DNSSEC validation. 1902 */ 1903 OwnerId?: AccountId; 1904 /** 1905 * The ID of the virtual private cloud (VPC) that you're configuring the DNSSEC validation status for. 1906 */ 1907 ResourceId?: ResourceId; 1908 /** 1909 * The validation status for a DNSSEC configuration. The status can be one of the following: ENABLING: DNSSEC validation is being enabled but is not complete. ENABLED: DNSSEC validation is enabled. DISABLING: DNSSEC validation is being disabled but is not complete. DISABLED DNSSEC validation is disabled. 1910 */ 1911 ValidationStatus?: ResolverDNSSECValidationStatus; 1912 } 1913 export type ResolverDnssecConfigList = ResolverDnssecConfig[]; 1914 export interface ResolverEndpoint { 1915 /** 1916 * The ID of the Resolver endpoint. 1917 */ 1918 Id?: ResourceId; 1919 /** 1920 * A unique string that identifies the request that created the Resolver endpoint. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice. 1921 */ 1922 CreatorRequestId?: CreatorRequestId; 1923 /** 1924 * The ARN (Amazon Resource Name) for the Resolver endpoint. 1925 */ 1926 Arn?: Arn; 1927 /** 1928 * The name that you assigned to the Resolver endpoint when you submitted a CreateResolverEndpoint request. 1929 */ 1930 Name?: Name; 1931 /** 1932 * The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network. 1933 */ 1934 SecurityGroupIds?: SecurityGroupIds; 1935 /** 1936 * Indicates whether the Resolver endpoint allows inbound or outbound DNS queries: INBOUND: allows DNS queries to your VPC from your network OUTBOUND: allows DNS queries from your VPC to your network 1937 */ 1938 Direction?: ResolverEndpointDirection; 1939 /** 1940 * The number of IP addresses that the Resolver endpoint can use for DNS queries. 1941 */ 1942 IpAddressCount?: IpAddressCount; 1943 /** 1944 * The ID of the VPC that you want to create the Resolver endpoint in. 1945 */ 1946 HostVPCId?: ResourceId; 1947 /** 1948 * A code that specifies the current status of the Resolver endpoint. Valid values include the following: CREATING: Resolver is creating and configuring one or more Amazon VPC network interfaces for this endpoint. OPERATIONAL: The Amazon VPC network interfaces for this endpoint are correctly configured and able to pass inbound or outbound DNS queries between your network and Resolver. UPDATING: Resolver is associating or disassociating one or more network interfaces with this endpoint. AUTO_RECOVERING: Resolver is trying to recover one or more of the network interfaces that are associated with this endpoint. During the recovery process, the endpoint functions with limited capacity because of the limit on the number of DNS queries per IP address (per network interface). For the current limit, see Limits on Route 53 Resolver. ACTION_NEEDED: This endpoint is unhealthy, and Resolver can't automatically recover it. To resolve the problem, we recommend that you check each IP address that you associated with the endpoint. For each IP address that isn't available, add another IP address and then delete the IP address that isn't available. (An endpoint must always include at least two IP addresses.) A status of ACTION_NEEDED can have a variety of causes. Here are two common causes: One or more of the network interfaces that are associated with the endpoint were deleted using Amazon VPC. The network interface couldn't be created for some reason that's outside the control of Resolver. DELETING: Resolver is deleting this endpoint and the associated network interfaces. 1949 */ 1950 Status?: ResolverEndpointStatus; 1951 /** 1952 * A detailed description of the status of the Resolver endpoint. 1953 */ 1954 StatusMessage?: StatusMessage; 1955 /** 1956 * The date and time that the endpoint was created, in Unix time format and Coordinated Universal Time (UTC). 1957 */ 1958 CreationTime?: Rfc3339TimeString; 1959 /** 1960 * The date and time that the endpoint was last modified, in Unix time format and Coordinated Universal Time (UTC). 1961 */ 1962 ModificationTime?: Rfc3339TimeString; 1963 } 1964 export type ResolverEndpointDirection = "INBOUND"|"OUTBOUND"|string; 1965 export type ResolverEndpointStatus = "CREATING"|"OPERATIONAL"|"UPDATING"|"AUTO_RECOVERING"|"ACTION_NEEDED"|"DELETING"|string; 1966 export type ResolverEndpoints = ResolverEndpoint[]; 1967 export interface ResolverQueryLogConfig { 1968 /** 1969 * The ID for the query logging configuration. 1970 */ 1971 Id?: ResourceId; 1972 /** 1973 * The Amazon Web Services account ID for the account that created the query logging configuration. 1974 */ 1975 OwnerId?: AccountId; 1976 /** 1977 * The status of the specified query logging configuration. Valid values include the following: CREATING: Resolver is creating the query logging configuration. CREATED: The query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC. DELETING: Resolver is deleting this query logging configuration. FAILED: Resolver can't deliver logs to the location that is specified in the query logging configuration. Here are two common causes: The specified destination (for example, an Amazon S3 bucket) was deleted. Permissions don't allow sending logs to the destination. 1978 */ 1979 Status?: ResolverQueryLogConfigStatus; 1980 /** 1981 * An indication of whether the query logging configuration is shared with other Amazon Web Services accounts, or was shared with the current account by another Amazon Web Services account. Sharing is configured through Resource Access Manager (RAM). 1982 */ 1983 ShareStatus?: ShareStatus; 1984 /** 1985 * The number of VPCs that are associated with the query logging configuration. 1986 */ 1987 AssociationCount?: Count; 1988 /** 1989 * The ARN for the query logging configuration. 1990 */ 1991 Arn?: Arn; 1992 /** 1993 * The name of the query logging configuration. 1994 */ 1995 Name?: ResolverQueryLogConfigName; 1996 /** 1997 * The ARN of the resource that you want Resolver to send query logs: an Amazon S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream. 1998 */ 1999 DestinationArn?: DestinationArn; 2000 /** 2001 * A unique string that identifies the request that created the query logging configuration. The CreatorRequestId allows failed requests to be retried without the risk of running the operation twice. 2002 */ 2003 CreatorRequestId?: CreatorRequestId; 2004 /** 2005 * The date and time that the query logging configuration was created, in Unix time format and Coordinated Universal Time (UTC). 2006 */ 2007 CreationTime?: Rfc3339TimeString; 2008 } 2009 export interface ResolverQueryLogConfigAssociation { 2010 /** 2011 * The ID of the query logging association. 2012 */ 2013 Id?: ResourceId; 2014 /** 2015 * The ID of the query logging configuration that a VPC is associated with. 2016 */ 2017 ResolverQueryLogConfigId?: ResourceId; 2018 /** 2019 * The ID of the Amazon VPC that is associated with the query logging configuration. 2020 */ 2021 ResourceId?: ResourceId; 2022 /** 2023 * The status of the specified query logging association. Valid values include the following: CREATING: Resolver is creating an association between an Amazon VPC and a query logging configuration. CREATED: The association between an Amazon VPC and a query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC. DELETING: Resolver is deleting this query logging association. FAILED: Resolver either couldn't create or couldn't delete the query logging association. 2024 */ 2025 Status?: ResolverQueryLogConfigAssociationStatus; 2026 /** 2027 * If the value of Status is FAILED, the value of Error indicates the cause: DESTINATION_NOT_FOUND: The specified destination (for example, an Amazon S3 bucket) was deleted. ACCESS_DENIED: Permissions don't allow sending logs to the destination. If the value of Status is a value other than FAILED, Error is null. 2028 */ 2029 Error?: ResolverQueryLogConfigAssociationError; 2030 /** 2031 * Contains additional information about the error. If the value or Error is null, the value of ErrorMessage also is null. 2032 */ 2033 ErrorMessage?: ResolverQueryLogConfigAssociationErrorMessage; 2034 /** 2035 * The date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC). 2036 */ 2037 CreationTime?: Rfc3339TimeString; 2038 } 2039 export type ResolverQueryLogConfigAssociationError = "NONE"|"DESTINATION_NOT_FOUND"|"ACCESS_DENIED"|"INTERNAL_SERVICE_ERROR"|string; 2040 export type ResolverQueryLogConfigAssociationErrorMessage = string; 2041 export type ResolverQueryLogConfigAssociationList = ResolverQueryLogConfigAssociation[]; 2042 export type ResolverQueryLogConfigAssociationStatus = "CREATING"|"ACTIVE"|"ACTION_NEEDED"|"DELETING"|"FAILED"|string; 2043 export type ResolverQueryLogConfigList = ResolverQueryLogConfig[]; 2044 export type ResolverQueryLogConfigName = string; 2045 export type ResolverQueryLogConfigPolicy = string; 2046 export type ResolverQueryLogConfigStatus = "CREATING"|"CREATED"|"DELETING"|"FAILED"|string; 2047 export interface ResolverRule { 2048 /** 2049 * The ID that Resolver assigned to the Resolver rule when you created it. 2050 */ 2051 Id?: ResourceId; 2052 /** 2053 * A unique string that you specified when you created the Resolver rule. CreatorRequestId identifies the request and allows failed requests to be retried without the risk of running the operation twice. 2054 */ 2055 CreatorRequestId?: CreatorRequestId; 2056 /** 2057 * The ARN (Amazon Resource Name) for the Resolver rule specified by Id. 2058 */ 2059 Arn?: Arn; 2060 /** 2061 * DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps. If a query matches multiple Resolver rules (example.com and www.example.com), the query is routed using the Resolver rule that contains the most specific domain name (www.example.com). 2062 */ 2063 DomainName?: DomainName; 2064 /** 2065 * A code that specifies the current status of the Resolver rule. 2066 */ 2067 Status?: ResolverRuleStatus; 2068 /** 2069 * A detailed description of the status of a Resolver rule. 2070 */ 2071 StatusMessage?: StatusMessage; 2072 /** 2073 * When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD. When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM. For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType. Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType. 2074 */ 2075 RuleType?: RuleTypeOption; 2076 /** 2077 * The name for the Resolver rule, which you specified when you created the Resolver rule. 2078 */ 2079 Name?: Name; 2080 /** 2081 * An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network. Specify IPv4 addresses. IPv6 is not supported. 2082 */ 2083 TargetIps?: TargetList; 2084 /** 2085 * The ID of the endpoint that the rule is associated with. 2086 */ 2087 ResolverEndpointId?: ResourceId; 2088 /** 2089 * When a rule is shared with another Amazon Web Services account, the account ID of the account that the rule is shared with. 2090 */ 2091 OwnerId?: AccountId; 2092 /** 2093 * Whether the rule is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account. 2094 */ 2095 ShareStatus?: ShareStatus; 2096 /** 2097 * The date and time that the Resolver rule was created, in Unix time format and Coordinated Universal Time (UTC). 2098 */ 2099 CreationTime?: Rfc3339TimeString; 2100 /** 2101 * The date and time that the Resolver rule was last updated, in Unix time format and Coordinated Universal Time (UTC). 2102 */ 2103 ModificationTime?: Rfc3339TimeString; 2104 } 2105 export interface ResolverRuleAssociation { 2106 /** 2107 * The ID of the association between a Resolver rule and a VPC. Resolver assigns this value when you submit an AssociateResolverRule request. 2108 */ 2109 Id?: ResourceId; 2110 /** 2111 * The ID of the Resolver rule that you associated with the VPC that is specified by VPCId. 2112 */ 2113 ResolverRuleId?: ResourceId; 2114 /** 2115 * The name of an association between a Resolver rule and a VPC. 2116 */ 2117 Name?: Name; 2118 /** 2119 * The ID of the VPC that you associated the Resolver rule with. 2120 */ 2121 VPCId?: ResourceId; 2122 /** 2123 * A code that specifies the current status of the association between a Resolver rule and a VPC. 2124 */ 2125 Status?: ResolverRuleAssociationStatus; 2126 /** 2127 * A detailed description of the status of the association between a Resolver rule and a VPC. 2128 */ 2129 StatusMessage?: StatusMessage; 2130 } 2131 export type ResolverRuleAssociationStatus = "CREATING"|"COMPLETE"|"DELETING"|"FAILED"|"OVERRIDDEN"|string; 2132 export type ResolverRuleAssociations = ResolverRuleAssociation[]; 2133 export interface ResolverRuleConfig { 2134 /** 2135 * The new name for the Resolver rule. The name that you specify appears in the Resolver dashboard in the Route 53 console. 2136 */ 2137 Name?: Name; 2138 /** 2139 * For DNS queries that originate in your VPC, the new IP addresses that you want to route outbound DNS queries to. 2140 */ 2141 TargetIps?: TargetList; 2142 /** 2143 * The ID of the new outbound Resolver endpoint that you want to use to route DNS queries to the IP addresses that you specify in TargetIps. 2144 */ 2145 ResolverEndpointId?: ResourceId; 2146 } 2147 export type ResolverRulePolicy = string; 2148 export type ResolverRuleStatus = "COMPLETE"|"DELETING"|"UPDATING"|"FAILED"|string; 2149 export type ResolverRules = ResolverRule[]; 2150 export type ResourceId = string; 2151 export type Rfc3339TimeString = string; 2152 export type RuleTypeOption = "FORWARD"|"SYSTEM"|"RECURSIVE"|string; 2153 export type SecurityGroupIds = ResourceId[]; 2154 export type ServicePrinciple = string; 2155 export type ShareStatus = "NOT_SHARED"|"SHARED_WITH_ME"|"SHARED_BY_ME"|string; 2156 export type SortByKey = string; 2157 export type SortOrder = "ASCENDING"|"DESCENDING"|string; 2158 export type StatusMessage = string; 2159 export type SubnetId = string; 2160 export interface Tag { 2161 /** 2162 * The name for the tag. For example, if you want to associate Resolver resources with the account IDs of your customers for billing purposes, the value of Key might be account-id. 2163 */ 2164 Key: TagKey; 2165 /** 2166 * The value for the tag. For example, if Key is account-id, then Value might be the ID of the customer account that you're creating the resource for. 2167 */ 2168 Value: TagValue; 2169 } 2170 export type TagKey = string; 2171 export type TagKeyList = TagKey[]; 2172 export type TagList = Tag[]; 2173 export interface TagResourceRequest { 2174 /** 2175 * The Amazon Resource Name (ARN) for the resource that you want to add tags to. To get the ARN for a resource, use the applicable Get or List command: GetResolverEndpoint GetResolverRule GetResolverRuleAssociation ListResolverEndpoints ListResolverRuleAssociations ListResolverRules 2176 */ 2177 ResourceArn: Arn; 2178 /** 2179 * The tags that you want to add to the specified resource. 2180 */ 2181 Tags: TagList; 2182 } 2183 export interface TagResourceResponse { 2184 } 2185 export type TagValue = string; 2186 export interface TargetAddress { 2187 /** 2188 * One IP address that you want to forward DNS queries to. You can specify only IPv4 addresses. 2189 */ 2190 Ip: Ip; 2191 /** 2192 * The port at Ip that you want to forward DNS queries to. 2193 */ 2194 Port?: Port; 2195 } 2196 export type TargetList = TargetAddress[]; 2197 export type Unsigned = number; 2198 export interface UntagResourceRequest { 2199 /** 2200 * The Amazon Resource Name (ARN) for the resource that you want to remove tags from. To get the ARN for a resource, use the applicable Get or List command: GetResolverEndpoint GetResolverRule GetResolverRuleAssociation ListResolverEndpoints ListResolverRuleAssociations ListResolverRules 2201 */ 2202 ResourceArn: Arn; 2203 /** 2204 * The tags that you want to remove to the specified resource. 2205 */ 2206 TagKeys: TagKeyList; 2207 } 2208 export interface UntagResourceResponse { 2209 } 2210 export interface UpdateFirewallConfigRequest { 2211 /** 2212 * The ID of the VPC that the configuration is for. 2213 */ 2214 ResourceId: ResourceId; 2215 /** 2216 * Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly. If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them. This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association. 2217 */ 2218 FirewallFailOpen: FirewallFailOpenStatus; 2219 } 2220 export interface UpdateFirewallConfigResponse { 2221 /** 2222 * Configuration of the firewall behavior provided by DNS Firewall for a single VPC. 2223 */ 2224 FirewallConfig?: FirewallConfig; 2225 } 2226 export interface UpdateFirewallDomainsRequest { 2227 /** 2228 * The ID of the domain list whose domains you want to update. 2229 */ 2230 FirewallDomainListId: ResourceId; 2231 /** 2232 * What you want DNS Firewall to do with the domains that you are providing: ADD - Add the domains to the ones that are already in the domain list. REMOVE - Search the domain list for the domains and remove them from the list. REPLACE - Update the domain list to exactly match the list that you are providing. 2233 */ 2234 Operation: FirewallDomainUpdateOperation; 2235 /** 2236 * A list of domains to use in the update operation. Each domain specification in your domain list must satisfy the following requirements: It can optionally start with * (asterisk). With the exception of the optional starting asterisk, it must only contain the following characters: A-Z, a-z, 0-9, - (hyphen). It must be from 1-255 characters in length. 2237 */ 2238 Domains: FirewallDomains; 2239 } 2240 export interface UpdateFirewallDomainsResponse { 2241 /** 2242 * The ID of the firewall domain list that DNS Firewall just updated. 2243 */ 2244 Id?: ResourceId; 2245 /** 2246 * The name of the domain list. 2247 */ 2248 Name?: Name; 2249 /** 2250 * 2251 */ 2252 Status?: FirewallDomainListStatus; 2253 /** 2254 * Additional information about the status of the list, if available. 2255 */ 2256 StatusMessage?: StatusMessage; 2257 } 2258 export interface UpdateFirewallRuleGroupAssociationRequest { 2259 /** 2260 * The identifier of the FirewallRuleGroupAssociation. 2261 */ 2262 FirewallRuleGroupAssociationId: ResourceId; 2263 /** 2264 * The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting. You must specify a unique priority for each rule group that you associate with a single VPC. To make it easier to insert rule groups later, leave space between the numbers, for example, use 100, 200, and so on. You can change the priority setting for a rule group association after you create it. 2265 */ 2266 Priority?: Priority; 2267 /** 2268 * If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections. 2269 */ 2270 MutationProtection?: MutationProtectionStatus; 2271 /** 2272 * The name of the rule group association. 2273 */ 2274 Name?: Name; 2275 } 2276 export interface UpdateFirewallRuleGroupAssociationResponse { 2277 /** 2278 * The association that you just updated. 2279 */ 2280 FirewallRuleGroupAssociation?: FirewallRuleGroupAssociation; 2281 } 2282 export interface UpdateFirewallRuleRequest { 2283 /** 2284 * The unique identifier of the firewall rule group for the rule. 2285 */ 2286 FirewallRuleGroupId: ResourceId; 2287 /** 2288 * The ID of the domain list to use in the rule. 2289 */ 2290 FirewallDomainListId: ResourceId; 2291 /** 2292 * The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting. You must specify a unique priority for each rule in a rule group. To make it easier to insert rules later, leave space between the numbers, for example, use 100, 200, and so on. You can change the priority setting for the rules in a rule group at any time. 2293 */ 2294 Priority?: Priority; 2295 /** 2296 * The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list: ALLOW - Permit the request to go through. ALERT - Permit the request to go through but send an alert to the logs. BLOCK - Disallow the request. This option requires additional details in the rule's BlockResponse. 2297 */ 2298 Action?: Action; 2299 /** 2300 * The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK. NODATA - Respond indicating that the query was successful, but no response is available for it. NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist. OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings. 2301 */ 2302 BlockResponse?: BlockResponse; 2303 /** 2304 * The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE. 2305 */ 2306 BlockOverrideDomain?: BlockOverrideDomain; 2307 /** 2308 * The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE. 2309 */ 2310 BlockOverrideDnsType?: BlockOverrideDnsType; 2311 /** 2312 * The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE. 2313 */ 2314 BlockOverrideTtl?: BlockOverrideTtl; 2315 /** 2316 * The name of the rule. 2317 */ 2318 Name?: Name; 2319 } 2320 export interface UpdateFirewallRuleResponse { 2321 /** 2322 * The firewall rule that you just updated. 2323 */ 2324 FirewallRule?: FirewallRule; 2325 } 2326 export interface UpdateResolverDnssecConfigRequest { 2327 /** 2328 * The ID of the virtual private cloud (VPC) that you're updating the DNSSEC validation status for. 2329 */ 2330 ResourceId: ResourceId; 2331 /** 2332 * The new value that you are specifying for DNSSEC validation for the VPC. The value can be ENABLE or DISABLE. Be aware that it can take time for a validation status change to be completed. 2333 */ 2334 Validation: Validation; 2335 } 2336 export interface UpdateResolverDnssecConfigResponse { 2337 /** 2338 * A complex type that contains settings for the specified DNSSEC configuration. 2339 */ 2340 ResolverDNSSECConfig?: ResolverDnssecConfig; 2341 } 2342 export interface UpdateResolverEndpointRequest { 2343 /** 2344 * The ID of the Resolver endpoint that you want to update. 2345 */ 2346 ResolverEndpointId: ResourceId; 2347 /** 2348 * The name of the Resolver endpoint that you want to update. 2349 */ 2350 Name?: Name; 2351 } 2352 export interface UpdateResolverEndpointResponse { 2353 /** 2354 * The response to an UpdateResolverEndpoint request. 2355 */ 2356 ResolverEndpoint?: ResolverEndpoint; 2357 } 2358 export interface UpdateResolverRuleRequest { 2359 /** 2360 * The ID of the Resolver rule that you want to update. 2361 */ 2362 ResolverRuleId: ResourceId; 2363 /** 2364 * The new settings for the Resolver rule. 2365 */ 2366 Config: ResolverRuleConfig; 2367 } 2368 export interface UpdateResolverRuleResponse { 2369 /** 2370 * The response to an UpdateResolverRule request. 2371 */ 2372 ResolverRule?: ResolverRule; 2373 } 2374 export type Validation = "ENABLE"|"DISABLE"|string; 2375 /** 2376 * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version. 2377 */ 2378 export type apiVersion = "2018-04-01"|"latest"|string; 2379 export interface ClientApiVersions { 2380 /** 2381 * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version. 2382 */ 2383 apiVersion?: apiVersion; 2384 } 2385 export type ClientConfiguration = ServiceConfigurationOptions & ClientApiVersions; 2386 /** 2387 * Contains interfaces for use with the Route53Resolver client. 2388 */ 2389 export import Types = Route53Resolver; 2390 } 2391 export = Route53Resolver;