CreateResolverEndpointCommand

Suggest an Edit

Creates a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound:

  • An inbound Resolver endpoint forwards DNS queries to the DNS service for a VPC from your network.

  • An outbound Resolver endpoint forwards DNS queries from the DNS service for a VPC to your network.

Example Syntax

Use a bare-bones client and the command you need to make an API call.

import { Route53ResolverClient, CreateResolverEndpointCommand } from "@aws-sdk/client-route53resolver"; // ES Modules import
// const { Route53ResolverClient, CreateResolverEndpointCommand } = require("@aws-sdk/client-route53resolver"); // CommonJS import
const client = new Route53ResolverClient(config);
const input = { // CreateResolverEndpointRequest
  CreatorRequestId: "STRING_VALUE", // required
  Name: "STRING_VALUE",
  SecurityGroupIds: [ // SecurityGroupIds // required
    "STRING_VALUE",
  ],
  Direction: "INBOUND" || "OUTBOUND", // required
  IpAddresses: [ // IpAddressesRequest // required
    { // IpAddressRequest
      SubnetId: "STRING_VALUE", // required
      Ip: "STRING_VALUE",
      Ipv6: "STRING_VALUE",
    },
  ],
  OutpostArn: "STRING_VALUE",
  PreferredInstanceType: "STRING_VALUE",
  Tags: [ // TagList
    { // Tag
      Key: "STRING_VALUE", // required
      Value: "STRING_VALUE", // required
    },
  ],
  ResolverEndpointType: "IPV6" || "IPV4" || "DUALSTACK",
  Protocols: [ // ProtocolList
    "DoH" || "Do53" || "DoH-FIPS",
  ],
};
const command = new CreateResolverEndpointCommand(input);
const response = await client.send(command);
// { // CreateResolverEndpointResponse
//   ResolverEndpoint: { // ResolverEndpoint
//     Id: "STRING_VALUE",
//     CreatorRequestId: "STRING_VALUE",
//     Arn: "STRING_VALUE",
//     Name: "STRING_VALUE",
//     SecurityGroupIds: [ // SecurityGroupIds
//       "STRING_VALUE",
//     ],
//     Direction: "INBOUND" || "OUTBOUND",
//     IpAddressCount: Number("int"),
//     HostVPCId: "STRING_VALUE",
//     Status: "CREATING" || "OPERATIONAL" || "UPDATING" || "AUTO_RECOVERING" || "ACTION_NEEDED" || "DELETING",
//     StatusMessage: "STRING_VALUE",
//     CreationTime: "STRING_VALUE",
//     ModificationTime: "STRING_VALUE",
//     OutpostArn: "STRING_VALUE",
//     PreferredInstanceType: "STRING_VALUE",
//     ResolverEndpointType: "IPV6" || "IPV4" || "DUALSTACK",
//     Protocols: [ // ProtocolList
//       "DoH" || "Do53" || "DoH-FIPS",
//     ],
//   },
// };

CreateResolverEndpointCommand Input

See CreateResolverEndpointCommandInput for more details

Parameter
Type
Description
CreatorRequestId
Required
string | undefined

A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp.

Direction
Required
ResolverEndpointDirection | undefined

Specify the applicable value:

  • INBOUND: Resolver forwards DNS queries to the DNS service for a VPC from your network

  • OUTBOUND: Resolver forwards DNS queries from the DNS service for a VPC to your network

IpAddresses
Required
IpAddressRequest[] | undefined

The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC.

Even though the minimum is 1, Route 53 requires that you create at least two.

SecurityGroupIds
Required
string[] | undefined

The ID of one or more security groups that you want to use to control access to this VPC. The security group that you specify must include one or more inbound rules (for inbound Resolver endpoints) or outbound rules (for outbound Resolver endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

Some security group rules will cause your connection to be tracked. For outbound resolver endpoint, it can potentially impact the maximum queries per second from outbound endpoint to your target name server. For inbound resolver endpoint, it can bring down the overall maximum queries per second per IP address to as low as 1500. To avoid connection tracking caused by security group, see Untracked connections .

Name
string | undefined

A friendly name that lets you easily find a configuration in the Resolver dashboard in the Route 53 console.

OutpostArn
string | undefined

The Amazon Resource Name (ARN) of the Outpost. If you specify this, you must also specify a value for the PreferredInstanceType.

PreferredInstanceType
string | undefined

The instance type. If you specify this, you must also specify a value for the OutpostArn.

Protocols
Protocol[] | undefined

The protocols you want to use for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

For an inbound endpoint you can apply the protocols as follows:

  • Do53 and DoH in combination.

  • Do53 and DoH-FIPS in combination.

  • Do53 alone.

  • DoH alone.

  • DoH-FIPS alone.

  • None, which is treated as Do53.

For an outbound endpoint you can apply the protocols as follows:

  • Do53 and DoH in combination.

  • Do53 alone.

  • DoH alone.

  • None, which is treated as Do53.

ResolverEndpointType
ResolverEndpointType | undefined

For the endpoint type you can choose either IPv4, IPv6, or dual-stack. A dual-stack endpoint means that it will resolve via both IPv4 and IPv6. This endpoint type is applied to all IP addresses.

Tags
Tag[] | undefined

A list of the tag keys and values that you want to associate with the endpoint.

CreateResolverEndpointCommand Output

See CreateResolverEndpointCommandOutput for details

Parameter
Type
Description
$metadata
Required
ResponseMetadata
Metadata pertaining to this request.
ResolverEndpoint
ResolverEndpoint | undefined

Information about the CreateResolverEndpoint request, including the status of the request.

Throws

Name
Fault
Details
AccessDeniedException
client

The current account doesn't have the IAM permissions required to perform the specified Resolver operation.

This error can also be thrown when a customer has reached the 5120 character limit for a resource policy for CloudWatch Logs.

InternalServiceErrorException
client

We encountered an unknown error. Try again in a few minutes.

InvalidParameterException
client

One or more parameters in this request are not valid.

InvalidRequestException
client

The request is invalid.

LimitExceededException
client

The request caused one or more limits to be exceeded.

ResourceExistsException
client

The resource that you tried to create already exists.

ResourceNotFoundException
client

The specified resource doesn't exist.

ThrottlingException
client

The request was throttled. Try again in a few minutes.

Route53ResolverServiceException
Base exception class for all service exceptions from Route53Resolver service.