AWS CloudFormation
User Guide (Version )

AWS::Route53Resolver::ResolverEndpoint

Creates a resolver endpoint. There are two types of resolver endpoints, inbound and outbound:

  • An inbound resolver endpoint forwards DNS queries to the DNS service for a VPC from your network or another VPC.

  • An outbound resolver endpoint forwards DNS queries from the DNS service for a VPC to your network or another VPC.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Route53Resolver::ResolverEndpoint", "Properties" : { "Direction" : String, "IpAddresses" : [ IpAddressRequest, ... ], "Name" : String, "SecurityGroupIds" : [ String, ... ], "Tags" : [ Tag, ... ] } }

YAML

Type: AWS::Route53Resolver::ResolverEndpoint Properties: Direction: String IpAddresses: - IpAddressRequest Name: String SecurityGroupIds: - String Tags: - Tag

Properties

Direction

Indicates whether the resolver endpoint allows inbound or outbound DNS queries:

  • INBOUND: allows DNS queries to your VPC from your network or another VPC

  • OUTBOUND: allows DNS queries from your VPC to your network or another VPC

Required: Yes

Type: String

Allowed Values: INBOUND | OUTBOUND

Update requires: Replacement

IpAddresses

The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC.

Required: Yes

Type: List of IpAddressRequest

Maximum: 10

Update requires: No interruption

Name

A friendly name that lets you easily find a configuration in the Resolver dashboard in the Route 53 console.

Required: No

Type: String

Maximum: 64

Pattern: (?!^[0-9]+$)([a-zA-Z0-9-_' ']+)

Update requires: No interruption

SecurityGroupIds

The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

Required: Yes

Type: List of String

Update requires: Replacement

Tags

A list of the tag keys and values that you want to associate with the endpoint.

Required: No

Type: List of Tag

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ResolverEndpoint object.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name (ARN) of the resolver endpoint, such as arn:aws:route53Resolver:us-east-1:123456789012:resolver-endpoint/resolver-endpoint-a1bzhi.

Direction

Indicates whether the resolver endpoint allows inbound or outbound DNS queries.

HostVPCId

The ID of the VPC that you want to create the resolver endpoint in.

IpAddressCount

The number of IP addresses that the resolver endpoint can use for DNS queries.

Name

The name that you assigned to the resolver endpoint when you created the endpoint.

ResolverEndpointId

The ID of the resolver endpoint.

Examples

Create Resolver endpoint

The following example creates an Amazon Route 53 outbound resolver endpoint. The IpAddresses object includes values for SubnetId but not for Ip. This causes Route 53 Resolver to automatically choose an IP address from among the available IP addresses in the specified subnet.

JSON

{ "Type" : "AWS::Route53Resolver::ResolverEndpoint", "Properties" : { "Direction" : "Outbound", "IpAddresses" : [ { "SubnetId": "subnet-0bca4d363dexample" }, { "SubnetId": "subnet-0cdb5e474dexample" } ], "Name" : "MyOutboundEndpoint", "SecurityGroupIds" : [ "sg-071b99f42example" ], "Tags" : [ "Key": "LineOfBusiness", "Value": "Engineering" ] } }

YAML

Type : AWS::Route53Resolver::ResolverEndpoint Properties : Direction : Outbound IpAddresses : - SubnetId: subnet-0bca4d363dexample - SubnetId: subnet-0cdb5e474dexample Name : MyOutboundEndpoint SecurityGroupIds : - sg-071b99f42example Tags : - Key: LineOfBusiness Value: Engineering

See Also