BatchUpdateFirewallRule
Updates multiple DNS Firewall rules in the specified rule group.
Request Syntax
{
"UpdateFirewallRuleEntries": [
{
"Action": "string",
"BlockOverrideDnsType": "string",
"BlockOverrideDomain": "string",
"BlockOverrideTtl": number,
"BlockResponse": "string",
"ConfidenceThreshold": "string",
"DnsThreatProtection": "string",
"FirewallDomainListId": "string",
"FirewallDomainRedirectionAction": "string",
"FirewallRuleGroupId": "string",
"FirewallRuleType": {
"DnsThreatProtection": {
"ConfidenceThreshold": "string",
"Value": "string"
},
"FirewallAdvancedContentCategory": {
"Category": "string"
},
"FirewallAdvancedThreatCategory": {
"Category": "string"
}
},
"FirewallThreatProtectionId": "string",
"Name": "string",
"Priority": number,
"Qtype": "string"
}
]
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- UpdateFirewallRuleEntries
-
The list of firewall rules to update.
Type: Array of UpdateFirewallRuleEntry objects
Required: Yes
Response Syntax
{
"UpdatedFirewallRules": [
{
"Action": "string",
"BlockOverrideDnsType": "string",
"BlockOverrideDomain": "string",
"BlockOverrideTtl": number,
"BlockResponse": "string",
"ConfidenceThreshold": "string",
"CreationTime": "string",
"CreatorRequestId": "string",
"DnsThreatProtection": "string",
"FirewallDomainListId": "string",
"FirewallDomainRedirectionAction": "string",
"FirewallRuleGroupId": "string",
"FirewallRuleType": {
"DnsThreatProtection": {
"ConfidenceThreshold": "string",
"Value": "string"
},
"FirewallAdvancedContentCategory": {
"Category": "string"
},
"FirewallAdvancedThreatCategory": {
"Category": "string"
}
},
"FirewallThreatProtectionId": "string",
"ModificationTime": "string",
"Name": "string",
"Priority": number,
"Qtype": "string"
}
],
"UpdateErrors": [
{
"Code": "string",
"FirewallRule": {
"Action": "string",
"BlockOverrideDnsType": "string",
"BlockOverrideDomain": "string",
"BlockOverrideTtl": number,
"BlockResponse": "string",
"ConfidenceThreshold": "string",
"DnsThreatProtection": "string",
"FirewallDomainListId": "string",
"FirewallDomainRedirectionAction": "string",
"FirewallRuleGroupId": "string",
"FirewallRuleType": {
"DnsThreatProtection": {
"ConfidenceThreshold": "string",
"Value": "string"
},
"FirewallAdvancedContentCategory": {
"Category": "string"
},
"FirewallAdvancedThreatCategory": {
"Category": "string"
}
},
"FirewallThreatProtectionId": "string",
"Name": "string",
"Priority": number,
"Qtype": "string"
},
"Message": "string"
}
]
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- UpdatedFirewallRules
-
The firewall rules that were successfully updated by the request.
Type: Array of FirewallRule objects
- UpdateErrors
-
A list of errors that occurred while updating the firewall rules.
Type: Array of BatchUpdateFirewallRuleError objects
Errors
For information about the errors that are common to all actions, see Common Error Types.
- AccessDeniedException
-
The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
This error can also be thrown when a customer has reached the 5120 character limit for a resource policy for CloudWatch Logs.
HTTP Status Code: 400
- InternalServiceErrorException
-
We encountered an unknown error. Try again in a few minutes.
HTTP Status Code: 400
- LimitExceededException
-
The request caused one or more limits to be exceeded.
- ResourceType
-
For a
LimitExceededExceptionerror, the type of resource that exceeded the current limit.
HTTP Status Code: 400
- ThrottlingException
-
The request was throttled. Try again in a few minutes.
HTTP Status Code: 400
- ValidationException
-
You have provided an invalid command. If you ran the
UpdateFirewallDomainsrequest. supported values areADD,REMOVE, orREPLACEa domain.HTTP Status Code: 400
Examples
BatchUpdateFirewallRule Example
This example illustrates one usage of BatchUpdateFirewallRule.
Sample Request
POST / HTTP/1.1
Host: route53resolver.us-east-1.amazonaws.com
Accept-Encoding: identity
Content-Length: 312
X-Amz-Target: Route53Resolver.BatchUpdateFirewallRule
X-Amz-Date: 20260420T120000Z
User-Agent: aws-cli/2.15.0 Python/3.11.6
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256
Credential=AKIAJJ2SONIPEXAMPLE/20260420/us-east-1/route53resolver/aws4_request,
SignedHeaders=content-type;host;x-amz-date;x-amz-target,
Signature=[calculated-signature]
{
"UpdateFirewallRuleEntries": [
{
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-9e956e9bfexample",
"Priority": 150,
"Action": "BLOCK",
"BlockResponse": "NXDOMAIN",
"Name": "block-bad-domains-updated"
}
]
}Sample Response
HTTP/1.1 200 OK
Date: Sun, 20 Apr 2026 12:00:02 GMT
Content-Type: application/x-amz-json-1.1
Content-Length: 520
x-amzn-RequestId: 5c3b2d4e-6f7a-8b9c-0d1e-2f3a4example
Connection: keep-alive
{
"UpdatedFirewallRules": [
{
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-9e956e9bfexample",
"Name": "block-bad-domains-updated",
"Priority": 150,
"Action": "BLOCK",
"BlockResponse": "NXDOMAIN",
"CreatorRequestId": "batch-create-rule-1",
"CreationTime": "2026-04-20T12:00:01.000Z",
"ModificationTime": "2026-04-20T12:00:02.000Z"
}
],
"UpdateErrors": []
}See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
