Managing rule groups and rules in DNS Firewall
To manage rule groups and rules in the console, follow the guidance in this topic.
When you make changes to DNS Firewall entities, like rules and domain lists, DNS Firewall propagates the changes everywhere that the entities are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you add a domain to a domain list that's referenced by a blocking rule, the new domain might briefly be blocked in one area of your VPC while still allowed in another. This temporary inconsistency can occur when you first configure your rule group and VPC associations and when you change existing settings. Generally, any inconsistencies of this type last only a few seconds.
Creating a rule group and rules
To create a rule group and its rules
-
Sign in to the AWS Management Console and open the Route 53 console at https://console.aws.amazon.com/route53/
. Choose DNS Firewall in the navigation pane to open the DNS Firewall Rule groups page on the Amazon VPC console. Continue to step 3.
- OR -
Sign in to the AWS Management Console and open the
the Amazon VPC console under https://console.aws.amazon.com/vpc/
. -
In the navigation pane, under DNS Firewall, choose Rule groups.
-
On the navigation bar, choose the Region for the rule group.
-
Choose Add rule group, then follow the wizard guidance to specify your rule group and rule settings.
For information about the values for rule groups, see Rule group settings in DNS Firewall.
For information about the values for rules, see Rule settings in DNS Firewall.
Viewing and updating a rule group and rules
To view and update a rule group
-
Sign in to the AWS Management Console and open the Route 53 console at https://console.aws.amazon.com/route53/
. Choose DNS Firewall in the navigation pane to open the DNS Firewall Rule groups page on the Amazon VPC console. Continue to step 3.
- OR -
Sign in to the AWS Management Console and open the
the Amazon VPC console under https://console.aws.amazon.com/vpc/
. -
In the navigation pane, under DNS Firewall, choose Rule groups.
-
On the navigation bar, choose the Region for the rule group.
-
Select the rule group that you want to view or edit, then choose View details.
-
In the rule group's page, you can view and edit settings.
For information about the values for rule groups, see Rule group settings in DNS Firewall.
For information about the values for rules, see Rule settings in DNS Firewall.
Deleting a rule group
To delete a rule group, perform the following procedure.
Important
If you delete a rule group that's associated with a VPC, DNS Firewall removes the association and stops the protections that the rule group was providing to the VPC.
Deleting DNS Firewall entities
When you delete an entity that you can use in DNS Firewall, like a domain list that might be in use in a rule group, or a rule group that might be associated with a VPC, DNS Firewall checks to see if the entity is currently being used. If it finds that it is in use, DNS Firewall warns you. DNS Firewall is almost always able to determine if an entity is in use. However, in rare cases it might not be able to do so. If you need to be sure that nothing is currently using the entity, check for it in your DNS Firewall configurations before deleting it. If the entity is a referenced domain list, check that no rule groups are using it. If the entity is a rule group, check that it is not associated with any VPCs.
To delete a rule group
-
Sign in to the AWS Management Console and open the Route 53 console at https://console.aws.amazon.com/route53/
. Choose DNS Firewall in the navigation pane to open the DNS Firewall Rule groups page on the Amazon VPC console. Continue to step 3.
- OR -
Sign in to the AWS Management Console and open the
the Amazon VPC console under https://console.aws.amazon.com/vpc/
. -
In the navigation pane, under DNS Firewall, choose Rule groups.
-
On the navigation bar, choose the Region for the rule group.
-
Select the rule group that you want to delete, then choose Delete, and confirm the deletion.
