AWS::Route53Resolver::ResolverEndpoint - AWS CloudFormation


Creates a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound:

  • An inbound Resolver endpoint forwards DNS queries to the DNS service for a VPC from your network.

  • An outbound Resolver endpoint forwards DNS queries from the DNS service for a VPC to your network.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::Route53Resolver::ResolverEndpoint", "Properties" : { "Direction" : String, "IpAddresses" : [ IpAddressRequest, ... ], "Name" : String, "SecurityGroupIds" : [ String, ... ], "Tags" : [ Tag, ... ] } }


Type: AWS::Route53Resolver::ResolverEndpoint Properties: Direction: String IpAddresses: - IpAddressRequest Name: String SecurityGroupIds: - String Tags: - Tag



Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:

  • INBOUND: allows DNS queries to your VPC from your network

  • OUTBOUND: allows DNS queries from your VPC to your network

Required: Yes

Type: String

Allowed values: INBOUND | OUTBOUND

Update requires: Replacement


The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC.

Required: Yes

Type: List of IpAddressRequest

Maximum: 10

Update requires: No interruption


A friendly name that lets you easily find a configuration in the Resolver dashboard in the Route 53 console.

Required: No

Type: String

Maximum: 64

Pattern: (?!^[0-9]+$)([a-zA-Z0-9\-_' ']+)

Update requires: No interruption


The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

Required: Yes

Type: List of String

Update requires: Replacement


Route 53 Resolver doesn't support updating tags through CloudFormation.

Required: No

Type: List of Tag

Maximum: 200

Update requires: No interruption

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ResolverEndpoint object.

For more information about using the Ref function, see Ref.


The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.


The Amazon Resource Name (ARN) of the resolver endpoint, such as arn:aws:route53resolver:us-east-1:123456789012:resolver-endpoint/resolver-endpoint-a1bzhi.


Indicates whether the resolver endpoint allows inbound or outbound DNS queries.


The ID of the VPC that you want to create the resolver endpoint in.


The number of IP addresses that the resolver endpoint can use for DNS queries.


The name that you assigned to the resolver endpoint when you created the endpoint.


The ID of the resolver endpoint.


Create Resolver endpoint

The following example creates an Amazon Route 53 outbound resolver endpoint. The IpAddresses object includes values for SubnetId but not for Ip. This causes Route 53 Resolver to automatically choose an IP address from among the available IP addresses in the specified subnet.


{ "Type" : "AWS::Route53Resolver::ResolverEndpoint", "Properties" : { "Direction" : "Outbound", "IpAddresses" : [ { "SubnetId": "subnet-0bca4d363dexample" }, { "SubnetId": "subnet-0cdb5e474dexample" } ], "Name" : "MyOutboundEndpoint", "SecurityGroupIds" : [ "sg-071b99f42example" ], "Tags" : [ "Key": "LineOfBusiness", "Value": "Engineering" ] } }


Type : AWS::Route53Resolver::ResolverEndpoint Properties : Direction : Outbound IpAddresses : - SubnetId: subnet-0bca4d363dexample - SubnetId: subnet-0cdb5e474dexample Name : MyOutboundEndpoint SecurityGroupIds : - sg-071b99f42example Tags : - Key: LineOfBusiness Value: Engineering

See also