BatchCreateFirewallRule
Creates multiple DNS Firewall rules in the specified rule group.
Request Syntax
{
"CreateFirewallRuleEntries": [
{
"Action": "string",
"BlockOverrideDnsType": "string",
"BlockOverrideDomain": "string",
"BlockOverrideTtl": number,
"BlockResponse": "string",
"ConfidenceThreshold": "string",
"CreatorRequestId": "string",
"DnsThreatProtection": "string",
"FirewallDomainListId": "string",
"FirewallDomainRedirectionAction": "string",
"FirewallRuleGroupId": "string",
"FirewallRuleType": {
"DnsThreatProtection": {
"ConfidenceThreshold": "string",
"Value": "string"
},
"FirewallAdvancedContentCategory": {
"Category": "string"
},
"FirewallAdvancedThreatCategory": {
"Category": "string"
}
},
"Name": "string",
"Priority": number,
"Qtype": "string"
}
]
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- CreateFirewallRuleEntries
-
The list of firewall rules to create.
Type: Array of CreateFirewallRuleEntry objects
Required: Yes
Response Syntax
{
"CreatedFirewallRules": [
{
"Action": "string",
"BlockOverrideDnsType": "string",
"BlockOverrideDomain": "string",
"BlockOverrideTtl": number,
"BlockResponse": "string",
"ConfidenceThreshold": "string",
"CreationTime": "string",
"CreatorRequestId": "string",
"DnsThreatProtection": "string",
"FirewallDomainListId": "string",
"FirewallDomainRedirectionAction": "string",
"FirewallRuleGroupId": "string",
"FirewallRuleType": {
"DnsThreatProtection": {
"ConfidenceThreshold": "string",
"Value": "string"
},
"FirewallAdvancedContentCategory": {
"Category": "string"
},
"FirewallAdvancedThreatCategory": {
"Category": "string"
}
},
"FirewallThreatProtectionId": "string",
"ModificationTime": "string",
"Name": "string",
"Priority": number,
"Qtype": "string"
}
],
"CreateErrors": [
{
"Code": "string",
"FirewallRule": {
"Action": "string",
"BlockOverrideDnsType": "string",
"BlockOverrideDomain": "string",
"BlockOverrideTtl": number,
"BlockResponse": "string",
"ConfidenceThreshold": "string",
"CreatorRequestId": "string",
"DnsThreatProtection": "string",
"FirewallDomainListId": "string",
"FirewallDomainRedirectionAction": "string",
"FirewallRuleGroupId": "string",
"FirewallRuleType": {
"DnsThreatProtection": {
"ConfidenceThreshold": "string",
"Value": "string"
},
"FirewallAdvancedContentCategory": {
"Category": "string"
},
"FirewallAdvancedThreatCategory": {
"Category": "string"
}
},
"Name": "string",
"Priority": number,
"Qtype": "string"
},
"Message": "string"
}
]
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- CreatedFirewallRules
-
The firewall rules that were successfully created by the request.
Type: Array of FirewallRule objects
- CreateErrors
-
A list of errors that occurred while creating the firewall rules.
Type: Array of BatchCreateFirewallRuleError objects
Errors
For information about the errors that are common to all actions, see Common Error Types.
- AccessDeniedException
-
The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
This error can also be thrown when a customer has reached the 5120 character limit for a resource policy for CloudWatch Logs.
HTTP Status Code: 400
- InternalServiceErrorException
-
We encountered an unknown error. Try again in a few minutes.
HTTP Status Code: 400
- LimitExceededException
-
The request caused one or more limits to be exceeded.
- ResourceType
-
For a
LimitExceededExceptionerror, the type of resource that exceeded the current limit.
HTTP Status Code: 400
- ThrottlingException
-
The request was throttled. Try again in a few minutes.
HTTP Status Code: 400
- ValidationException
-
You have provided an invalid command. If you ran the
UpdateFirewallDomainsrequest. supported values areADD,REMOVE, orREPLACEa domain.HTTP Status Code: 400
Examples
BatchCreateFirewallRule Example
This example illustrates one usage of BatchCreateFirewallRule.
Sample Request
POST / HTTP/1.1
Host: route53resolver.us-east-1.amazonaws.com
Accept-Encoding: identity
Content-Length: 502
X-Amz-Target: Route53Resolver.BatchCreateFirewallRule
X-Amz-Date: 20260420T120000Z
User-Agent: aws-cli/2.15.0 Python/3.11.6
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256
Credential=AKIAJJ2SONIPEXAMPLE/20260420/us-east-1/route53resolver/aws4_request,
SignedHeaders=content-type;host;x-amz-date;x-amz-target,
Signature=[calculated-signature]
{
"CreateFirewallRuleEntries": [
{
"CreatorRequestId": "batch-create-rule-1",
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-9e956e9bfexample",
"Priority": 101,
"Action": "BLOCK",
"BlockResponse": "NODATA",
"Name": "block-bad-domains"
},
{
"CreatorRequestId": "batch-create-rule-2",
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-3b5a094aexample",
"Priority": 102,
"Action": "ALLOW",
"Name": "allow-safe-domains"
}
]
}Sample Response
HTTP/1.1 200 OK
Date: Sun, 20 Apr 2026 12:00:01 GMT
Content-Type: application/x-amz-json-1.1
Content-Length: 890
x-amzn-RequestId: 4b2a1c3d-5e6f-7a8b-9c0d-1e2f3example
Connection: keep-alive
{
"CreatedFirewallRules": [
{
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-9e956e9bfexample",
"Name": "block-bad-domains",
"Priority": 101,
"Action": "BLOCK",
"BlockResponse": "NODATA",
"CreatorRequestId": "batch-create-rule-1",
"CreationTime": "2026-04-20T12:00:01.000Z",
"ModificationTime": "2026-04-20T12:00:01.000Z"
},
{
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-3b5a094aexample",
"Name": "allow-safe-domains",
"Priority": 102,
"Action": "ALLOW",
"CreatorRequestId": "batch-create-rule-2",
"CreationTime": "2026-04-20T12:00:01.000Z",
"ModificationTime": "2026-04-20T12:00:01.000Z"
}
],
"CreateErrors": []
}See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
