Navigation Guide
You are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.

UpdateFirewallConfigCommand

Updates the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC).

Example Syntax

Use a bare-bones client and the command you need to make an API call.

import { Route53ResolverClient, UpdateFirewallConfigCommand } from "@aws-sdk/client-route53resolver"; // ES Modules import
// const { Route53ResolverClient, UpdateFirewallConfigCommand } = require("@aws-sdk/client-route53resolver"); // CommonJS import
const client = new Route53ResolverClient(config);
const input = { // UpdateFirewallConfigRequest
  ResourceId: "STRING_VALUE", // required
  FirewallFailOpen: "ENABLED" || "DISABLED" || "USE_LOCAL_RESOURCE_SETTING", // required
};
const command = new UpdateFirewallConfigCommand(input);
const response = await client.send(command);
// { // UpdateFirewallConfigResponse
//   FirewallConfig: { // FirewallConfig
//     Id: "STRING_VALUE",
//     ResourceId: "STRING_VALUE",
//     OwnerId: "STRING_VALUE",
//     FirewallFailOpen: "ENABLED" || "DISABLED" || "USE_LOCAL_RESOURCE_SETTING",
//   },
// };

UpdateFirewallConfigCommand Input

See UpdateFirewallConfigCommandInput for more details

Parameter	Type	Description
`FirewallFailOpen` Required	`FirewallFailOpenStatus \| undefined`	Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly. If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them. This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association.
`ResourceId` Required	`string \| undefined`	The ID of the VPC that the configuration is for.

UpdateFirewallConfigCommand Output

See UpdateFirewallConfigCommandOutput for details

Parameter	Type	Description
`$metadata` Required	`ResponseMetadata`	Metadata pertaining to this request.
`FirewallConfig`	`FirewallConfig \| undefined`	Configuration of the firewall behavior provided by DNS Firewall for a single VPC.

Throws

Name	Fault	Details
AccessDeniedException	client	The current account doesn't have the IAM permissions required to perform the specified Resolver operation. This error can also be thrown when a customer has reached the 5120 character limit for a resource policy for CloudWatch Logs.
InternalServiceErrorException	client	We encountered an unknown error. Try again in a few minutes.
ResourceNotFoundException	client	The specified resource doesn't exist.
ThrottlingException	client	The request was throttled. Try again in a few minutes.
ValidationException	client	You have provided an invalid command. If you ran the `UpdateFirewallDomains` request. supported values are `ADD`, `REMOVE`, or `REPLACE` a domain.
Route53ResolverServiceException		Base exception class for all service exceptions from Route53Resolver service.

Getting Started

References

UpdateFirewallConfigCommand

Example Syntax

UpdateFirewallConfigCommand Input

UpdateFirewallConfigCommand Output

Throws

Table of Contents

Search