The CDK Construct Library for AWS::Route53Resolver

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aws-cdk from gravatar.com aws-cdk Avatar for osa-amazon from gravatar.com osa-amazon

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (Apache-2.0)
  • Author: Amazon Web Services
  • Requires: Python >=3.6
Classifiers
Report project as malware

Project description

Amazon Route53 Resolver Construct Library

---

cfn-resources: Stable

All classes with the Cfn prefix in this module (CFN Resources) are always stable and safe to use.

cdk-constructs: Experimental

The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

DNS Firewall

With Route 53 Resolver DNS Firewall, you can filter and regulate outbound DNS traffic for your virtual private connections (VPCs). To do this, you create reusable collections of filtering rules in DNS Firewall rule groups and associate the rule groups to your VPC.

DNS Firewall provides protection for outbound DNS requests from your VPCs. These requests route through Resolver for domain name resolution. A primary use of DNS Firewall protections is to help prevent DNS exfiltration of your data. DNS exfiltration can happen when a bad actor compromises an application instance in your VPC and then uses DNS lookup to send data out of the VPC to a domain that they control. With DNS Firewall, you can monitor and control the domains that your applications can query. You can deny access to the domains that you know to be bad and allow all other queries to pass through. Alternately, you can deny access to all domains except for the ones that you explicitly trust.

Domain lists

Domain lists can be created using a list of strings, a text file stored in Amazon S3 or a local text file:

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
block_list = route53resolver.FirewallDomainList(self, "BlockList",
    domains=route53resolver.FirewallDomains.from_list(["bad-domain.com", "bot-domain.net"])
)

s3_list = route53resolver.FirewallDomainList(self, "S3List",
    domains=route53resolver.FirewallDomains.from_s3_url("s3://bucket/prefix/object")
)

asset_list = route53resolver.FirewallDomainList(self, "AssetList",
    domains=route53resolver.FirewallDomains.from_asset("/path/to/domains.txt")
)

The file must be a text file and must contain a single domain per line.

Use FirewallDomainList.fromFirewallDomainListId() to import an existing or AWS managed domain list:

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
# AWSManagedDomainsMalwareDomainList in us-east-1
malware_list = route53resolver.FirewallDomainList.from_firewall_domain_list_id(self, "Malware", "rslvr-fdl-2c46f2ecbfec4dcc")

Rule group

Create a rule group:

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
route53resolver.FirewallRuleGroup(self, "RuleGroup",
    rules=[{
        "priority": 10,
        "firewall_domain_list": my_block_list,
        # block and reply with NODATA
        "action": route53resolver.FirewallRuleAction.block()
    }
    ]
)

Rules can be added at construction time or using addRule():

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
rule_group.add_rule(
    priority=10,
    firewall_domain_list=block_list,
    # block and reply with NXDOMAIN
    action=route53resolver.FirewallRuleAction.block(route53resolver.DnsBlockResponse.nx_domain())
)

rule_group.add_rule(
    priority=20,
    firewall_domain_list=block_list,
    # block and override DNS response with a custom domain
    action=route53resolver.FirewallRuleAction.block(route53resolver.DnsBlockResponse.override("amazon.com"))
)

Use associate() to associate a rule group with a VPC:

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
rule_group.associate(
    priority=101,
    vpc=my_vpc
)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aws-cdk from gravatar.com aws-cdk Avatar for osa-amazon from gravatar.com osa-amazon

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (Apache-2.0)
  • Author: Amazon Web Services
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

2.243.0a0 pre-release

2.242.0a0 pre-release

2.241.0a0 pre-release

2.240.0a0 pre-release

2.239.0a0 pre-release

2.238.0a0 pre-release

2.237.1a0 pre-release

2.237.0a0 pre-release

2.236.0a0 pre-release

2.235.1a0 pre-release

2.235.0a0 pre-release

2.234.1a0 pre-release

2.234.0a0 pre-release

2.233.0a0 pre-release

2.232.2a0 pre-release

2.232.1a0 pre-release

2.232.0a0 pre-release

2.231.0a0 pre-release

2.230.0a0 pre-release

2.229.1a0 pre-release

2.229.0a0 pre-release

2.228.0a0 pre-release

2.227.0a0 pre-release

2.226.0a0 pre-release

2.225.0a0 pre-release

2.224.0a0 pre-release

2.223.0a0 pre-release

2.222.0a0 pre-release

2.221.1a0 pre-release

2.221.0a0 pre-release

2.220.0a0 pre-release

2.219.0a0 pre-release

2.218.0a0 pre-release

2.217.0a0 pre-release

2.216.0a0 pre-release

2.215.0a0 pre-release

2.214.1a0 pre-release

2.214.0a0 pre-release

2.213.0a0 pre-release

2.212.0a0 pre-release

2.211.0a0 pre-release

2.210.0a0 pre-release

2.209.1a0 pre-release

2.209.0a0 pre-release

2.208.0a0 pre-release

2.207.0a0 pre-release

2.206.0a0 pre-release

2.205.0a0 pre-release

2.204.0a0 pre-release

2.203.1a0 pre-release

2.203.0a0 pre-release

2.202.0a0 pre-release

2.201.0a0 pre-release

2.200.2a0 pre-release

2.200.1a0 pre-release

2.200.0a0 pre-release

2.199.0a0 pre-release

2.198.0a0 pre-release

2.197.0a0 pre-release

2.196.1a0 pre-release

2.196.0a0 pre-release

2.195.0a0 pre-release

2.194.0a0 pre-release

2.193.0a0 pre-release

2.192.0a0 pre-release

2.191.0a0 pre-release

2.190.0a0 pre-release

2.189.1a0 pre-release

2.189.0a0 pre-release

2.188.0a0 pre-release

2.187.0a0 pre-release

2.186.0a0 pre-release

2.185.0a0 pre-release

2.184.1a0 pre-release

2.184.0a0 pre-release

2.183.0a0 pre-release

2.182.0a0 pre-release

2.181.1a0 pre-release

2.181.0a0 pre-release

2.180.0a0 pre-release

2.179.0a0 pre-release

2.178.2a0 pre-release

2.178.1a0 pre-release

2.178.0a0 pre-release

2.177.0a0 pre-release

2.176.0a0 pre-release

2.175.1a0 pre-release

2.175.0a0 pre-release

2.174.1a0 pre-release

2.174.0a0 pre-release

2.173.4a0 pre-release

2.173.3a0 pre-release

2.173.2a0 pre-release

2.173.1a0 pre-release

2.173.0a0 pre-release

2.172.0a0 pre-release

2.171.1a0 pre-release

2.171.0a0 pre-release

2.170.0a0 pre-release

2.169.0a0 pre-release

2.168.0a0 pre-release

2.167.2a0 pre-release

2.167.1a0 pre-release

2.167.0a0 pre-release

2.166.0a0 pre-release

2.165.0a0 pre-release

2.164.1a0 pre-release

2.164.0a0 pre-release

2.163.1a0 pre-release

2.163.0a0 pre-release

2.162.1a0 pre-release

2.162.0a0 pre-release

2.161.1a0 pre-release

2.161.0a0 pre-release

2.160.0a0 pre-release

2.159.1a0 pre-release

2.159.0a0 pre-release

2.158.0a0 pre-release

2.157.0a0 pre-release

2.156.0a0 pre-release

2.155.0a0 pre-release

2.154.1a0 pre-release

2.154.0a0 pre-release

2.153.0a0 pre-release

2.152.0a0 pre-release

2.151.1a0 pre-release

2.151.0a0 pre-release

2.150.0a0 pre-release

2.149.0a0 pre-release

2.148.1a0 pre-release

2.148.0a0 pre-release

2.147.3a0 pre-release

2.147.2a0 pre-release

2.147.1a0 pre-release

2.147.0a0 pre-release

2.146.0a0 pre-release

2.145.0a0 pre-release

2.144.0a0 pre-release

2.143.1a0 pre-release

2.143.0a0 pre-release

2.142.1a0 pre-release

2.142.0a0 pre-release

2.141.0a0 pre-release

2.140.0a0 pre-release

2.139.1a0 pre-release

2.139.0a0 pre-release

2.138.0a0 pre-release

2.137.0a0 pre-release

2.136.1a0 pre-release

2.136.0a0 pre-release

2.135.0a0 pre-release

2.134.0a0 pre-release

2.133.0a0 pre-release

2.132.1a0 pre-release

2.132.0a0 pre-release

2.131.0a0 pre-release

2.130.0a0 pre-release

2.129.0a0 pre-release

2.128.0a0 pre-release

2.127.0a0 pre-release

2.126.0a0 pre-release

2.125.0a0 pre-release

2.124.0a0 pre-release

2.123.0a0 pre-release

2.122.0a0 pre-release

2.121.1a0 pre-release

2.121.0a0 pre-release

2.120.0a0 pre-release

2.119.0a0 pre-release

2.118.0a0 pre-release

2.117.0a0 pre-release

2.116.1a0 pre-release

2.116.0a0 pre-release

2.115.0a0 pre-release

2.114.1a0 pre-release

2.114.0a0 pre-release

2.113.0a0 pre-release

2.112.0a0 pre-release

2.111.0a0 pre-release

2.110.1a0 pre-release

2.110.0a0 pre-release

2.109.0a0 pre-release

2.108.1a0 pre-release

2.108.0a0 pre-release

2.107.0a0 pre-release

2.106.1a0 pre-release

2.106.0a0 pre-release

2.105.0a0 pre-release

2.104.0a0 pre-release

2.103.1a0 pre-release

2.103.0a0 pre-release

2.102.1a0 pre-release

2.102.0a0 pre-release

2.101.1a0 pre-release

2.101.0a0 pre-release

2.100.0a0 pre-release

2.99.1a0 pre-release

2.99.0a0 pre-release

2.98.0a0 pre-release

2.97.1a0 pre-release

2.97.0a0 pre-release

2.96.2a0 pre-release

2.96.1a0 pre-release

2.96.0a0 pre-release

2.95.1a0 pre-release

2.95.0a0 pre-release

2.94.0a0 pre-release

2.93.0a0 pre-release

2.92.0a0 pre-release

2.91.0a0 pre-release

2.90.0a0 pre-release

2.89.0a0 pre-release

2.88.0a0 pre-release

2.87.0a0 pre-release

2.86.0a0 pre-release

2.85.0a0 pre-release

2.84.0a0 pre-release

2.83.1a0 pre-release

2.83.0a0 pre-release

2.82.0a0 pre-release

2.81.0a0 pre-release

2.80.0a0 pre-release

2.79.1a0 pre-release

2.79.0a0 pre-release

2.78.0a0 pre-release

2.77.0a0 pre-release

2.76.0a0 pre-release

2.75.1a0 pre-release

2.75.0a0 pre-release

2.74.0a0 pre-release

2.73.0a0 pre-release

2.72.1a0 pre-release

2.72.0a0 pre-release

2.71.0a0 pre-release

2.70.0a0 pre-release

2.69.0a0 pre-release

2.68.0a0 pre-release

2.67.0a0 pre-release

2.66.1a0 pre-release

2.66.0a0 pre-release

2.65.0a0 pre-release

2.64.0a0 pre-release

2.63.2a0 pre-release

2.63.1a0 pre-release

2.63.0a0 pre-release

2.62.2a0 pre-release

2.62.1a0 pre-release

2.62.0a0 pre-release

2.61.1a0 pre-release

2.61.0a0 pre-release

2.60.0a0 pre-release

2.59.0a0 pre-release

2.58.1a0 pre-release

2.58.0a0 pre-release

2.57.0a0 pre-release

2.56.1a0 pre-release

2.56.0a0 pre-release

2.55.1a0 pre-release

2.55.0a0 pre-release

2.54.0a0 pre-release

2.53.0a0 pre-release

2.52.1a0 pre-release

2.52.0a0 pre-release

2.51.1a0 pre-release

2.51.0a0 pre-release

2.50.0a0 pre-release

2.49.1a0 pre-release

2.49.0a0 pre-release

2.48.0a0 pre-release

2.47.0a0 pre-release

2.46.0a0 pre-release

2.45.0a0 pre-release

2.44.0a0 pre-release

2.43.1a0 pre-release

2.43.0a0 pre-release

2.42.1a0 pre-release

2.42.0a0 pre-release

2.41.0a0 pre-release

2.40.0a0 pre-release

2.39.1a0 pre-release

2.39.0a0 pre-release

2.38.1a0 pre-release

2.38.0a0 pre-release

2.37.1a0 pre-release

2.37.0a0 pre-release

2.36.0a0 pre-release

2.35.0a0 pre-release

2.34.2a0 pre-release

2.34.1a0 pre-release

2.34.0a0 pre-release

2.33.0a0 pre-release

2.32.1a0 pre-release

2.32.0a0 pre-release

2.31.2a0 pre-release

2.31.1a0 pre-release

2.31.0a0 pre-release

2.30.0a0 pre-release

2.29.1a0 pre-release

2.29.0a0 pre-release

2.28.1a0 pre-release

2.28.0a0 pre-release

2.27.0a0 pre-release

2.26.0a0 pre-release

2.25.0a0 pre-release

2.24.1a0 pre-release

2.24.0a0 pre-release

2.23.0a0 pre-release

2.22.0a0 pre-release

2.21.1a0 pre-release

2.21.0a0 pre-release

2.20.0a0 pre-release

2.19.0a0 pre-release

2.18.0a0 pre-release

2.17.0a0 pre-release

2.16.0a0 pre-release

2.15.0a0 pre-release

2.14.0a0 pre-release

2.13.0a0 pre-release

2.12.0a0 pre-release

2.11.0a0 pre-release

2.10.0a0 pre-release

2.9.0a0 pre-release

2.8.0a0 pre-release

2.7.0a0 pre-release

2.6.0a0 pre-release

2.5.0a0 pre-release

2.4.0a0 pre-release

2.3.0a0 pre-release

2.2.0a0 pre-release

2.1.0a0 pre-release

2.0.0rc24 pre-release

2.0.0rc23 pre-release

2.0.0a11 pre-release

2.0.0a10 pre-release

2.0.0a9 pre-release

2.0.0a8 pre-release

2.0.0a7 pre-release

2.0.0a6 pre-release

2.0.0a5 pre-release

2.0.0a4 pre-release

2.0.0a3 pre-release

This version

2.0.0a2 pre-release

2.0.0a1 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws-cdk.aws-route53resolver-alpha-2.0.0a2.tar.gz (302.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aws_cdk.aws_route53resolver_alpha-2.0.0a2-py3-none-any.whl (301.5 kB view details)

Uploaded Python 3

File details

Details for the file aws-cdk.aws-route53resolver-alpha-2.0.0a2.tar.gz.

File metadata

  • Download URL: aws-cdk.aws-route53resolver-alpha-2.0.0a2.tar.gz
  • Upload date:
  • Size: 302.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.6.5

File hashes

Hashes for aws-cdk.aws-route53resolver-alpha-2.0.0a2.tar.gz
Algorithm Hash digest
SHA256 496ff1bc22b8a10433ff231761e7033d8d030b6c6b7d1eceeb51f7841dd03647
MD5 0ef1bf57d4d738fed8beb0651d78cd6f
BLAKE2b-256 c657f889d745824eff43101d4ed5ee99b0b0446aad1093a7aef73da5163b0f02

See more details on using hashes here.

File details

Details for the file aws_cdk.aws_route53resolver_alpha-2.0.0a2-py3-none-any.whl.

File metadata

  • Download URL: aws_cdk.aws_route53resolver_alpha-2.0.0a2-py3-none-any.whl
  • Upload date:
  • Size: 301.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.6.5

File hashes

Hashes for aws_cdk.aws_route53resolver_alpha-2.0.0a2-py3-none-any.whl
Algorithm Hash digest
SHA256 41cc87e36f7f881b2f8e328695914982e59ea3d9619962ad3ed9e5e0d61e45b6
MD5 35edc50e0d313f466706c73952d6b49a
BLAKE2b-256 9e4236dc329db2c54b05fcc7946a44e90fcb31207071916166c499307812411c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page