AWS::Route53Resolver::ResolverEndpoint - AWS CloudFormation
SyntaxPropertiesReturn valuesExamplesSee also

AWS::Route53Resolver::ResolverEndpoint

Creates a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound:

  • An inbound Resolver endpoint forwards DNS queries to the DNS service for a VPC from your network.

  • An outbound Resolver endpoint forwards DNS queries from the DNS service for a VPC to your network.

Important

  • You cannot update ResolverEndpointType and IpAddresses in the same request.

  • When you update a dual-stack IP address, you must update both IP addresses. You can’t update only an IPv4 or IPv6 and keep an existing IP address.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Route53Resolver::ResolverEndpoint",
  "Properties" : {
      "Direction" : String,
      "IpAddresses" : [ IpAddressRequest, ... ],
      "Name" : String,
      "ResolverEndpointType" : String,
      "SecurityGroupIds" : [ String, ... ],
      "Tags" : [ Tag, ... ]
    }
}

YAML

Type: AWS::Route53Resolver::ResolverEndpoint
Properties: 
  Direction: String
  IpAddresses: 
    - IpAddressRequest
  Name: String
  ResolverEndpointType: String
  SecurityGroupIds: 
    - String
  Tags: 
    - Tag

Properties

Direction

Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:

  • INBOUND: allows DNS queries to your VPC from your network

  • OUTBOUND: allows DNS queries from your VPC to your network

Required: Yes

Type: String

Allowed values: INBOUND | OUTBOUND

Update requires: Replacement

IpAddresses

The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC.

Required: Yes

Type: List of IpAddressRequest

Maximum: 20

Update requires: No interruption

Name

A friendly name that lets you easily find a configuration in the Resolver dashboard in the Route 53 console.

Required: No

Type: String

Maximum: 64

Pattern: (?!^[0-9]+$)([a-zA-Z0-9\-_' ']+)

Update requires: No interruption

ResolverEndpointType

The Resolver endpoint IP address type.

Required: No

Type: String

Allowed values: DUALSTACK | IPV4 | IPV6

Update requires: No interruption

SecurityGroupIds

The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

Required: Yes

Type: List of String

Update requires: Replacement

Tags

Route 53 Resolver doesn't support updating tags through CloudFormation.

Required: No

Type: List of Tag

Maximum: 200

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ResolverEndpoint object.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name (ARN) of the resolver endpoint, such as arn:aws:route53resolver:us-east-1:123456789012:resolver-endpoint/resolver-endpoint-a1bzhi.

Direction

Indicates whether the resolver endpoint allows inbound or outbound DNS queries.

HostVPCId

The ID of the VPC that you want to create the resolver endpoint in.

IpAddressCount

The number of IP addresses that the resolver endpoint can use for DNS queries.

Name

The name that you assigned to the resolver endpoint when you created the endpoint.

ResolverEndpointId

The ID of the resolver endpoint.

ResolverEndpointType

For the endpoint type you can choose either IPv4, IPv6. or dual-stack. A dual-stack endpoint means that it will resolve via both IPv4 and IPv6. If you choose either IPv4 or IPv6, this endpoint type is applied to all IP addresses.

Examples

Create Resolver endpoint

The following example creates an Amazon Route 53 outbound resolver endpoint. The IpAddresses object includes values for SubnetId but not for Ip. This causes Route 53 Resolver to automatically choose an IP address from among the available IP addresses in the specified subnet.

JSON

{
  "Type" : "AWS::Route53Resolver::ResolverEndpoint",
  "Properties" : {
    "Direction" : "Outbound",
    "IpAddresses" : [ 
      {
        "SubnetId": "subnet-0bca4d363dexample"
      },
      {
        "SubnetId": "subnet-0cdb5e474dexample"
      }
    ],
    "Name" : "MyOutboundEndpoint",
    "SecurityGroupIds" : [ 
      "sg-071b99f42example"
    ],
    "Tags" : [
      "Key": "LineOfBusiness",
      "Value": "Engineering"
    ]
  }
}

YAML

Type : AWS::Route53Resolver::ResolverEndpoint
Properties :
  Direction : Outbound
  IpAddresses : 
    - SubnetId: subnet-0bca4d363dexample
    - SubnetId: subnet-0cdb5e474dexample
  Name : MyOutboundEndpoint
  SecurityGroupIds : 
    - sg-071b99f42example
  Tags : 
    - 
      Key: LineOfBusiness
      Value: Engineering

See also