This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::Route53GlobalResolver::DnsView
Creates a DNS view within a Route 53 Global Resolver. A DNS view models end users, user groups, networks, and devices, and serves as a parent resource that holds configurations controlling access, authorization, DNS firewall rules, and forwarding rules.
Important
Route 53 Global Resolver is a global service that supports resolvers in multiple AWS Regions but you must specify the
US East (Ohio) Region to create, update, or otherwise work with Route 53 Global Resolver resources. That is, for example,
specify
--region us-east-2
on AWS CLI commands.
Syntax
To declare this entity in your CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Route53GlobalResolver::DnsView", "Properties" : { "ClientToken" :String, "Description" :String, "DnssecValidation" :String, "EdnsClientSubnet" :String, "FirewallRulesFailOpen" :String, "GlobalResolverId" :String, "Name" :String, "Tags" :[ Tag, ... ]} }
YAML
Type: AWS::Route53GlobalResolver::DnsView Properties: ClientToken:StringDescription:StringDnssecValidation:StringEdnsClientSubnet:StringFirewallRulesFailOpen:StringGlobalResolverId:StringName:StringTags:- Tag
Properties
ClientToken-
A unique string that identifies the request and ensures idempotency.
Required: No
Type: String
Minimum:
1Maximum:
256Update requires: Replacement
Description-
An optional description for the DNS view.
Required: No
Type: String
Minimum:
1Maximum:
256Update requires: No interruption
DnssecValidation-
Whether to enable DNSSEC validation for DNS queries in this DNS view. When enabled, the resolver verifies the authenticity and integrity of DNS responses from public name servers for DNSSEC-signed domains.
Required: No
Type: String
Allowed values:
ENABLED | DISABLEDUpdate requires: No interruption
EdnsClientSubnet-
Whether to enable EDNS Client Subnet injection for DNS queries in this DNS view. When enabled, client subnet information is forwarded to provide more accurate geographic-based DNS responses.
Required: No
Type: String
Allowed values:
ENABLED | DISABLEDUpdate requires: No interruption
FirewallRulesFailOpen-
Determines the behavior when Route 53 Global Resolver cannot apply DNS firewall rules due to service impairment. When enabled, DNS queries are allowed through; when disabled, queries are blocked.
Required: No
Type: String
Allowed values:
ENABLED | DISABLEDUpdate requires: No interruption
GlobalResolverId-
The ID of the Route 53 Global Resolver to associate with this DNS view.
Required: Yes
Type: String
Minimum:
1Maximum:
64Update requires: Replacement
Name-
A descriptive name for the DNS view.
Required: Yes
Type: String
Pattern:
(?!^[0-9]+$)([a-zA-Z0-9-_' ']+)Minimum:
1Maximum:
64Update requires: No interruption
-
Tags to associate with the DNS view.
Required: No
Type: Array of Tag
Maximum:
50Update requires: No interruption
Return values
Ref
Fn::GetAtt
Arn-
The Amazon Resource Name (ARN) of the DNS view.
CreatedAt-
The date and time when the DNS view was created.
DnsViewId-
The unique identifier for the DNS view.
Status-
The operational status of the DNS view.
UpdatedAt-
The date and time when the DNS view was last updated.
