VPC Security Controls - VPC DNS Query Logging (Route53 Resolver Query Logging)

New! Security Assessments

Configuration to enable logging the DNS queries that originate in an Amazon VPC using the Route53 Resolver Query Logging feature. Query logs can be sent to CloudWatch logs, S3 Buckets, or Kinesis Data Firehose

Provide the following details to configure Route53 Resolver Query Logging:

VPC Id: The VPC Id for which DNS queries should be logged
Destination Arn: The ARN of the CloudWatch Log Group, S3 bucket, or Kinesis Data Firehose Delivery Stream

CloudFormation |AWS CLI

Items

Size

0.5 KB

Missing Parameters

YAML/JSON

AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  Route53QueryLoggingConfig:
    Type: 'AWS::Route53Resolver::ResolverQueryLoggingConfig'
    Properties:
      DestinationArn: ''
  Route53QueryLoggingConfigAssociation:
    Type: 'AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation'
    Properties:
      ResolverQueryLogConfigId:
        'Fn::GetAtt':
          - Route53QueryLoggingConfig
          - Id
      ResourceId: ''
Parameters: {}
Metadata: {}
Conditions: {}

* Required field

Configuration Source: AWS Documentation

Additional Documentation:

AWS Documentation: Route53 Resolver Query Logging
CloudFormation Reference Guide: Configure Route53 Resolver Query Logging and Logging Config Association
AWS CLI Command Reference Guide:Configure Route53 Resolver Query Logging and Logging Config Association

A configuration package to deploy an Amazon VPC with predefined presets to select: Subnet Tiers (Public and Private), Availability Zones, and Internet Connectivity. Configuration includes Subnets, Routing Tables, Internet Gateway, Nat Gateways, and Security Groups

Configuration Package

About Privacy Policy Terms of Service

Security Control

Configuration Packages

Service

Security Strategy Guides

Solutions, Guides & Tools

Overview

Configuration Templates

Actions

Customize Template

Sources and Documentation

A Secure Cloud