Configuration templates to deploy an AWS Route53 Resolver Firewall and related settings including firewall rule groups, custom domain lists, and VPC associations. This configuration can be used to block DNS requests for malicious or unwanted domains.

Configuration to enable logging the DNS queries that originate in an Amazon VPC using the Route53 Resolver Query Logging feature. Query logs can be sent to CloudWatch logs, S3 Buckets, or Kinesis Data Firehose.

This template creates a DNS Firewall rule group with associated rules for ALLOW, ALERT, and BLOCK. The rule group is named 'SampleFirewallRuleGroup' and has tags for LineOfBusiness with a value of Engineering.

This template creates an Amazon Route 53 outbound resolver endpoint. The resolver endpoint is configured to have an outbound direction. It uses the specified subnets to automatically choose an IP address. The resolver endpoint is named 'MyOutboundEndpoint' and is associated with a security group. It also has a tag with the key 'LineOfBusiness' and the value 'Engineering'.

This template associates a resolver rule with a VPC. The resolver rule is named 'MyResolverRuleAssociation' and is associated with the specified resolver rule ID and VPC ID.

This template creates an Amazon Route 53 outbound resolver rule with the specified properties. The resolver rule is associated with the domain name 'example.com' and has the name 'MyRule'. It is linked to the resolver endpoint with the ID 'rslvr-out-fdc049932dexample'. The rule type is set to 'FORWARD'. The resolver rule is tagged with the key 'LineOfBusiness' and the value 'Engineering'. The resolver rule has two target IPs, '192.0.2.6' and '192.0.2.99', both listening on port 53.