route53resolver/aws.sdk.kotlin.services.route53resolver/Route53ResolverClient/createFirewallRule

createFirewallRule

abstract suspend fun createFirewallRule(input: CreateFirewallRuleRequest): CreateFirewallRuleResponse

Creates a single DNS Firewall rule in the specified rule group. The rule can use any one of the following match sources, and the chosen source must be supplied through the matching request field — they are mutually exclusive:

  • FirewallDomainListId — match a customer-managed or AWS-managed domain list.

  • DnsThreatProtection — match a built-in DNS Firewall Advanced threat detector (DGA, DNS_TUNNELING, or DICTIONARY_DGA).

  • FirewallRuleType — match one of the rule-type variants returned by ListFirewallRuleTypes: FirewallAdvancedContentCategory, FirewallAdvancedThreatCategory, DnsThreatProtection, or PartnerThreatProtection. The PartnerThreatProtection variant requires an active AWS Marketplace subscription to the named partner product.

For rules that require asynchronous provisioning (today, the PartnerThreatProtection rule type), the rule's Status begins at CREATING and transitions to COMPLETE once the rule is provisioned and the marketplace entitlement is verified. If provisioning fails, Status becomes CREATION_FAILED and StatusMessage contains a human-readable reason; the rule is then immutable and must be removed with DeleteFirewallRule.

Generated by Dokka
© 2026, Amazon Web Services, Inc. or its affiliates. All rights reserved.