resolver_endpoints
Creates, updates, deletes or gets a resolver_endpoint resource or lists resolver_endpoints in a region
Overview
| Name | resolver_endpoints |
| Type | Resource |
| Description | Resource type definition for AWS::Route53Resolver::ResolverEndpoint |
| Id | awscc.route53resolver.resolver_endpoints |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
arn | string | The Amazon Resource Name (ARN) of the resolver endpoint, such as arn:aws:route53resolver:us-east-1:123456789012:resolver-endpoint/resolver-endpoint-a1bzhi. |
direction | string | Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:<br />- INBOUND: allows DNS queries to your VPC from your network <br />- OUTBOUND: allows DNS queries from your VPC to your network <br />- INBOUND_DELEGATION: allows DNS queries to your VPC from your network with authoritative answers from private hosted zones |
host_vpc_id | string | The ID of the VPC that you want to create the resolver endpoint in. |
ip_address_count | string | The number of IP addresses that the resolver endpoint can use for DNS queries. |
ip_addresses | array | The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC. |
name | string | A friendly name that lets you easily find a configuration in the Resolver dashboard in the Route 53 console. |
outpost_arn | string | The ARN (Amazon Resource Name) for the Outpost. |
preferred_instance_type | string | The Amazon EC2 instance type. |
protocols | array | Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only. |
resolver_endpoint_id | string | The ID of the resolver endpoint. |
resolver_endpoint_type | string | The Resolver endpoint IP address type. |
security_group_ids | array | The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network. |
tags | array | An array of key-value pairs to apply to this resource. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
resolver_endpoint_id | string | The ID of the resolver endpoint. |
region | string | AWS region. |
For more information, see AWS::Route53Resolver::ResolverEndpoint.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | resolver_endpoints | INSERT | Direction, IpAddresses, SecurityGroupIds, region |
delete_resource | resolver_endpoints | DELETE | Identifier, region |
update_resource | resolver_endpoints | UPDATE | Identifier, PatchDocument, region |
list_resources | resolver_endpoints_list_only | SELECT | region |
get_resource | resolver_endpoints | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual resolver_endpoint.
SELECT
region,
arn,
direction,
host_vpc_id,
ip_address_count,
ip_addresses,
name,
outpost_arn,
preferred_instance_type,
protocols,
resolver_endpoint_id,
resolver_endpoint_type,
security_group_ids,
tags
FROM awscc.route53resolver.resolver_endpoints
WHERE
region = 'us-east-1' AND
Identifier = '{{ resolver_endpoint_id }}';
Lists all resolver_endpoints in a region.
SELECT
region,
resolver_endpoint_id
FROM awscc.route53resolver.resolver_endpoints_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new resolver_endpoint resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.route53resolver.resolver_endpoints (
Direction,
IpAddresses,
SecurityGroupIds,
region
)
SELECT
'{{ direction }}',
'{{ ip_addresses }}',
'{{ security_group_ids }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.route53resolver.resolver_endpoints (
Direction,
IpAddresses,
Name,
OutpostArn,
PreferredInstanceType,
Protocols,
ResolverEndpointType,
SecurityGroupIds,
Tags,
region
)
SELECT
'{{ direction }}',
'{{ ip_addresses }}',
'{{ name }}',
'{{ outpost_arn }}',
'{{ preferred_instance_type }}',
'{{ protocols }}',
'{{ resolver_endpoint_type }}',
'{{ security_group_ids }}',
'{{ tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: resolver_endpoint
props:
- name: direction
value: '{{ direction }}'
- name: ip_addresses
value:
- ip: '{{ ip }}'
ipv6: '{{ ipv6 }}'
subnet_id: '{{ subnet_id }}'
- name: name
value: '{{ name }}'
- name: outpost_arn
value: '{{ outpost_arn }}'
- name: preferred_instance_type
value: '{{ preferred_instance_type }}'
- name: protocols
value:
- '{{ protocols[0] }}'
- name: resolver_endpoint_type
value: '{{ resolver_endpoint_type }}'
- name: security_group_ids
value:
- '{{ security_group_ids[0] }}'
- name: tags
value:
- key: '{{ key }}'
value: '{{ value }}'
UPDATE example
Use the following StackQL query and manifest file to update a resolver_endpoint resource, using stack-deploy.
/*+ update */
UPDATE awscc.route53resolver.resolver_endpoints
SET PatchDocument = string('{{ {
"IpAddresses": ip_addresses,
"Name": name,
"Protocols": protocols,
"ResolverEndpointType": resolver_endpoint_type,
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ resolver_endpoint_id }}';
DELETE example
/*+ delete */
DELETE FROM awscc.route53resolver.resolver_endpoints
WHERE
Identifier = '{{ resolver_endpoint_id }}' AND
region = 'us-east-1';
Permissions
To operate on the resolver_endpoints resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
route53resolver:CreateResolverEndpoint,
route53resolver:GetResolverEndpoint,
route53resolver:ListResolverEndpointIpAddresses,
route53resolver:ListTagsForResource,
route53resolver:TagResource,
route53resolver:UntagResource,
ec2:CreateNetworkInterface,
ec2:DescribeNetworkInterfaces,
ec2:DescribeSubnets,
ec2:DescribeSecurityGroups,
ec2:DescribeVpcs
route53resolver:GetResolverEndpoint,
route53resolver:ListResolverEndpointIpAddresses,
route53resolver:ListTagsForResource
route53resolver:AssociateResolverEndpointIpAddress,
route53resolver:DisassociateResolverEndpointIpAddress,
route53resolver:GetResolverEndpoint,
route53resolver:ListResolverEndpointIpAddresses,
route53resolver:ListTagsForResource,
route53resolver:TagResource,
route53resolver:UntagResource,
route53resolver:UpdateResolverEndpoint,
ec2:AssignIpv6Addresses,
ec2:CreateNetworkInterface,
ec2:DeleteNetworkInterface,
ec2:DescribeNetworkInterfaces,
ec2:DescribeSecurityGroups,
ec2:DescribeSubnets,
ec2:DescribeVpcs,
ec2:ModifyNetworkInterfaceAttribute,
ec2:UnassignIpv6Addresses
route53resolver:DeleteResolverEndpoint,
route53resolver:GetResolverEndpoint,
ec2:DeleteNetworkInterface,
ec2:DescribeNetworkInterfaces
route53resolver:ListResolverEndpoints