使用路線 53 解析器範例 AWS CLI - AWS Command Line Interface

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

使用路線 53 解析器範例 AWS CLI

下列程式碼範例會示範如何使用 AWS Command Line Interface 與 Route 53 解析器來執行動作及實作常見案例。

Actions 是大型程式的程式碼摘錄,必須在內容中執行。雖然動作會告訴您如何呼叫個別服務函數,但您可以在其相關情境和跨服務範例中查看內容中的動作。

Scenarios (案例) 是向您展示如何呼叫相同服務中的多個函數來完成特定任務的程式碼範例。

每個範例都包含一個連結 GitHub,您可以在其中找到如何在內容中設定和執行程式碼的指示。

主題

動作

下列程式碼範例會示範如何使用associate-firewall-rule-group

AWS CLI

將防火牆規則群組與 VPC 建立關聯

下列associate-firewall-rule-group範例會將 DNS 防火牆規則群組與 Amazon VPC 產生關聯。

aws route53resolver associate-firewall-rule-group \ --name test-association \ --firewall-rule-group-id rslvr-frg-47f93271fexample \ --vpc-id vpc-31e92222 \ --priority 101

輸出:

{ "FirewallRuleGroupAssociation": { "Id": "rslvr-frgassoc-57e8873d7example", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example", "FirewallRuleGroupId": "rslvr-frg-47f93271fexample", "VpcId": "vpc-31e92222", "Name": "test-association", "Priority": 101, "MutationProtection": "DISABLED", "Status": "UPDATING", "StatusMessage": "Creating Firewall Rule Group Association", "CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111", "CreationTime": "2021-05-25T21:47:48.755768Z", "ModificationTime": "2021-05-25T21:47:48.755768Z" } }

如需詳細資訊,請參閱 Amazon Route 53 Route 53 開發人員指南中的管理 VPC 和 Route 53 解析器 DNS 防火牆規則群組之間的關聯

下列程式碼範例會示範如何使用associate-resolver-endpoint-ip-address

AWS CLI

將另一個 IP 位址與解析器端點建立關聯

下列associate-resolver-endpoint-ip-address範例會將另一個 IP 位址與輸入解析器端點建立關聯。如果您僅指定子網路 ID 並省略--ip-address參數中的 IP 位址,則解析器會從指定子網路中的可用 IP 位址中為您選擇 IP 位址。

aws route53resolver associate-resolver-endpoint-ip-address \ --resolver-endpoint-id rslvr-in-497098ad5example \ --ip-address="SubnetId=subnet-12d8exam,Ip=192.0.2.118"

輸出:

{ "ResolverEndpoint": { "Id": "rslvr-in-497098ad5example", "CreatorRequestId": "AWSConsole.25.0123456789", "Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-497098ad5example", "Name": "my-inbound-endpoint", "SecurityGroupIds": [ "sg-05cd7b25d6example" ], "Direction": "INBOUND", "IpAddressCount": 3, "HostVPCId": "vpc-304bexam", "Status": "UPDATING", "StatusMessage": "Updating the Resolver Endpoint", "CreationTime": "2020-01-02T23:25:45.538Z", "ModificationTime": "2020-01-02T23:25:45.538Z" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的建立或編輯傳入端點時指定的值。

下列程式碼範例會示範如何使用associate-resolver-rule

AWS CLI

將解析器規則與 VPC 產生關聯

下列associate-resolver-rule範例會將解析器規則與 Amazon VPC 產生關聯。執行命令之後,解析程式會根據規則中的設定 (例如轉寄的查詢的網域名稱) 開始將 DNS 查詢轉送至您的網路。

aws route53resolver associate-resolver-rule \ --name my-resolver-rule-association \ --resolver-rule-id rslvr-rr-42b60677c0example \ --vpc-id vpc-304bexam

輸出:

{ "ResolverRuleAssociation": { "Id": "rslvr-rrassoc-d61cbb2c8bexample", "ResolverRuleId": "rslvr-rr-42b60677c0example", "Name": "my-resolver-rule-association", "VPCId": "vpc-304bexam", "Status": "CREATING", "StatusMessage": "[Trace id: 1-5dc5a8fa-ec2cc480d2ef07617example] Creating the association." } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的將輸出 DNS 查詢轉發到您的網路

下列程式碼範例會示範如何使用create-firewall-domain-list

AWS CLI

若要建立 Route 53 解析程式 DNS 防火牆網域清單

下列create-firewall-domain-list範例會在您 AWS 的帳戶中建立 Route 53 解析器 DNS 防火牆網域清單 (名為 test)。

aws route53resolver create-firewall-domain-list \ --creator-request-id my-request-id \ --name test

輸出:

{ "FirewallDomainList": { "Id": "rslvr-fdl-d61cbb2cbexample", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-domain-list/rslvr-fdl-d61cbb2cbexample", "Name": "test", "DomainCount": 0, "Status": "COMPLETE", "StatusMessage": "Created Firewall Domain List", "CreatorRequestId": "my-request-id", "CreationTime": "2021-05-25T15:55:51.115365Z", "ModificationTime": "2021-05-25T15:55:51.115365Z" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南的管理您自己的網域清單

下列程式碼範例會示範如何使用create-firewall-rule-group

AWS CLI

建立防火牆規則群組

下列create-firewall-rule-group範例會建立 DNS 防火牆規則群組。

aws route53resolver create-firewall-rule-group \ --creator-request-id my-request-id \ --name test

輸出:

{ "FirewallRuleGroup": { "Id": "rslvr-frg-47f93271fexample", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group/rslvr-frg-47f93271fexample", "Name": "test", "RuleCount": 0, "Status": "COMPLETE", "StatusMessage": "Created Firewall Rule Group", "OwnerId": "123456789012", "CreatorRequestId": "my-request-id", "ShareStatus": "NOT_SHARED", "CreationTime": "2021-05-25T18:59:26.490017Z", "ModificationTime": "2021-05-25T18:59:26.490017Z" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的「管理 DNS 防火牆中的規則群組和規則」。

下列程式碼範例會示範如何使用create-firewall-rule

AWS CLI

建立防火牆規則

下列create-firewall-rule範例會針對 DNS 防火牆網域清單中列出的網域,在 DNS 防火牆規則中建立防火牆規則。

aws route53resolver create-firewall-rule \ --name allow-rule \ --firewall-rule-group-id rslvr-frg-47f93271fexample \ --firewall-domain-list-id rslvr-fdl-9e956e9ffexample \ --priority 101 \ --action ALLOW

輸出:

{ "FirewallRule": { "FirewallRuleGroupId": "rslvr-frg-47f93271fexample", "FirewallDomainListId": "rslvr-fdl-9e956e9ffexample", "Name": "allow-rule", "Priority": 101, "Action": "ALLOW", "CreatorRequestId": "d81e3fb7-020b-415e-939f-EXAMPLE11111", "CreationTime": "2021-05-25T21:44:00.346093Z", "ModificationTime": "2021-05-25T21:44:00.346093Z" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的「管理 DNS 防火牆中的規則群組和規則」。

下列程式碼範例會示範如何使用create-resolver-endpoint

AWS CLI

若要建立輸入解析程式端點

下列create-resolver-endpoint範例會建立入埠解析程式端點。您可以使用相同的命令來建立輸入端點和輸出端點。

AWS 路線 53 解析器 my-inbound-endpoint - create-resolver-endpoint 名稱-名稱----security-group-ids 「SG-f62 英寸」-方向輸入-IP 地址 = 子creator-request-id 網考試, 一個 = 子網 -0.2.2.255 = 子網 -12d8 考試, 一個 = SubnetId SubnetId

輸出:

{ "ResolverEndpoint": { "Id": "rslvr-in-f9ab8a03f1example", "CreatorRequestId": "2020-01-01-18:47", "Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-f9ab8a03f1example", "Name": "my-inbound-endpoint", "SecurityGroupIds": [ "sg-f62bexam" ], "Direction": "INBOUND", "IpAddressCount": 2, "HostVPCId": "vpc-304examp", "Status": "CREATING", "StatusMessage": "[Trace id: 1-5dc1ff84-f3477826e4a190025example] Creating the Resolver Endpoint", "CreationTime": "2020-01-01T23:02:29.583Z", "ModificationTime": "2020-01-01T23:02:29.583Z" } }

若要建立輸出解析程式端點

下列create-resolver-endpoint範例會使用 JSON 格式文件中的值來建立輸出解析程式端點。create-outbound-resolver-endpoint.json

aws route53resolver create-resolver-endpoint \ --cli-input-json file://c:\temp\create-outbound-resolver-endpoint.json

create-outbound-resolver-endpoint.json 的內容:

{ "CreatorRequestId": "2020-01-01-18:47", "Direction": "OUTBOUND", "IpAddresses": [ { "Ip": "192.0.2.255", "SubnetId": "subnet-ba47exam" }, { "Ip": "192.0.2.254", "SubnetId": "subnet-12d8exam" } ], "Name": "my-outbound-endpoint", "SecurityGroupIds": [ "sg-05cd7b25d6example" ], "Tags": [ { "Key": "my-key-name", "Value": "my-key-value" } ] }

如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》中的在 VPC 和網路之間解析 DNS 查詢

下列程式碼範例會示範如何使用create-resolver-rule

AWS CLI

建立解析器規則的步驟

下列create-resolver-rule範例會建立解析器轉送規則。此規則會使用輸出端點 rslvr-out-d 5e5920e37 範例,將的 DNS 查詢轉寄至 IP 位址 10.24.8.75 和 10.24.8.156。example.com

aws route53resolver create-resolver-rule \ --creator-request-id 2020-01-02-18:47 \ --domain-name example.com \ --name my-rule \ --resolver-endpoint-id rslvr-out-d5e5920e37example \ --rule-type FORWARD \ --target-ips "Ip=10.24.8.75" "Ip=10.24.8.156"

輸出:

{ "ResolverRule": { "Status": "COMPLETE", "RuleType": "FORWARD", "ResolverEndpointId": "rslvr-out-d5e5920e37example", "Name": "my-rule", "DomainName": "example.com.", "CreationTime": "2022-05-10T21:35:30.923187Z", "TargetIps": [ { "Ip": "10.24.8.75", "Port": 53 }, { "Ip": "10.24.8.156", "Port": 53 } ], "CreatorRequestId": "2022-05-10-16:33", "ModificationTime": "2022-05-10T21:35:30.923187Z", "ShareStatus": "NOT_SHARED", "Arn": "arn:aws:route53resolver:us-east-1:111117012054:resolver-rule/rslvr-rr-b1e0b905e93611111", "OwnerId": "111111111111", "Id": "rslvr-rr-rslvr-rr-b1e0b905e93611111", "StatusMessage": "[Trace id: 1-22222222-3e56afcc71a3724664f22e24] Successfully created Resolver Rule." } }

下列程式碼範例會示範如何使用delete-firewall-domain-list

AWS CLI

若要刪除 Route 53 解析程式 DNS 防火牆網域清單

下列delete-firewall-domain-list範例會刪除您 AWS 帳戶中的 Route 53 解析器 DNS 防火牆網域清單 (名為 test)。

aws route53resolver delete-firewall-domain-list \ --firewall-domain-list-id rslvr-fdl-9e956e9ffexample

輸出:

{ "FirewallDomainList": { "Id": "rslvr-fdl-9e956e9ffexample", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-domain-list/rslvr-fdl-9e956e9ffexample", "Name": "test", "DomainCount": 6, "Status": "DELETING", "StatusMessage": "Deleting the Firewall Domain List", "CreatorRequestId": "my-request-id", "CreationTime": "2021-05-25T15:55:51.115365Z", "ModificationTime": "2021-05-25T18:58:05.588024Z" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南的管理您自己的網域清單

下列程式碼範例會示範如何使用delete-firewall-rule-group

AWS CLI

刪除防火牆規則群組

下列delete-firewall-rule-group範例會刪除防火牆規則群組。

aws route53resolver delete-firewall-rule-group \ --firewall-rule-group-id rslvr-frg-47f93271fexample

輸出:

{ "FirewallRuleGroup": { "Id": "rslvr-frg-47f93271fexample", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group/rslvr-frg-47f93271fexample", "Name": "test", "RuleCount": 0, "Status": "UPDATING", "StatusMessage": "Updating Firewall Rule Group", "OwnerId": "123456789012", "CreatorRequestId": "my-request-id", "ShareStatus": "NOT_SHARED", "CreationTime": "2021-05-25T18:59:26.490017Z", "ModificationTime": "2021-05-25T21:51:53.028688Z" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的「管理 DNS 防火牆中的規則群組和規則」。

下列程式碼範例會示範如何使用delete-firewall-rule

AWS CLI

刪除防火牆規則

下列delete-firewall-rule範例會刪除指定的防火牆規則。

aws route53resolver delete-firewall-rule \ --firewall-rule-group-id rslvr-frg-47f93271fexample \ --firewall-domain-list-id rslvr-fdl-9e956e9ffexample

輸出:

{ "FirewallRule": { "FirewallRuleGroupId": "rslvr-frg-47f93271fexample", "FirewallDomainListId": "rslvr-fdl-9e956e9ffexample", "Name": "allow-rule", "Priority": 102, "Action": "ALLOW", "CreatorRequestId": "d81e3fb7-020b-415e-939f-EXAMPLE11111", "CreationTime": "2021-05-25T21:44:00.346093Z", "ModificationTime": "2021-05-25T21:45:59.611600Z" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的「管理 DNS 防火牆中的規則群組和規則」。

下列程式碼範例會示範如何使用delete-resolver-endpoint

AWS CLI

刪除解析器端點

下列delete-resolver-endpoint範例會刪除指定的端點。

重要事項:如果刪除輸入端點,則來自網路的 DNS 查詢將不再轉送到您在端點中指定的 VPC 中的解析器。如果您刪除傳出端點,則針對指定已刪除傳出端點的那些規則,Resolver 會停止將 DNS 查詢從您的 VPC 轉送到您的網路。

aws route53resolver delete-resolver-endpoint \ --resolver-endpoint-id rslvr-in-497098ad59example

輸出:

{ "ResolverEndpoint": { "Id": "rslvr-in-497098ad59example", "CreatorRequestId": "AWSConsole.25.157290example", "Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-497098ad59example", "Name": "my-inbound-endpoint", "SecurityGroupIds": [ "sg-05cd7b25d6example" ], "Direction": "INBOUND", "IpAddressCount": 5, "HostVPCId": "vpc-304bexam", "Status": "DELETING", "StatusMessage": "[Trace id: 1-5dc5b658-811b5be0922bbc382example] Deleting ResolverEndpoint.", "CreationTime": "2020-01-01T23:25:45.538Z", "ModificationTime": "2020-01-02T23:25:45.538Z" } }

下列程式碼範例會示範如何使用delete-resolver-rule

AWS CLI

刪除解析器規則的步驟

下列delete-resolver-rule範例會刪除指定的規則。

注意如果規則與任何 VPC 相關聯,您必須先取消規則與 VPC 的關聯,然後才能刪除該規則。

aws route53resolver delete-resolver-rule \ --resolver-rule-id rslvr-rr-5b3809426bexample

輸出:

{ "ResolverRule": { "Id": "rslvr-rr-5b3809426bexample", "CreatorRequestId": "2020-01-03-18:47", "Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-5b3809426bexample", "DomainName": "zenith.example.com.", "Status": "DELETING", "StatusMessage": "[Trace id: 1-5dc5e05b-602e67b052cb74f05example] Deleting Resolver Rule.", "RuleType": "FORWARD", "Name": "my-resolver-rule", "TargetIps": [ { "Ip": "192.0.2.50", "Port": 53 } ], "ResolverEndpointId": "rslvr-out-d5e5920e3example", "OwnerId": "111122223333", "ShareStatus": "NOT_SHARED" } }

下列程式碼範例會示範如何使用disassociate-firewall-rule-group

AWS CLI

取消防火牆規則群組與 VPC 的關聯

下列disassociate-firewall-rule-group範例會取消 DNS 防火牆規則群組與 Amazon VPC 的關聯。

aws route53resolver disassociate-firewall-rule-group \ --firewall-rule-group-association-id rslvr-frgassoc-57e8873d7example

輸出:

{ "FirewallRuleGroupAssociation": { "Id": "rslvr-frgassoc-57e8873d7example", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example", "FirewallRuleGroupId": "rslvr-frg-47f93271fexample", "VpcId": "vpc-31e92222", "Name": "test-association", "Priority": 103, "MutationProtection": "DISABLED", "Status": "DELETING", "StatusMessage": "Deleting the Firewall Rule Group Association", "CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111", "CreationTime": "2021-05-25T21:47:48.755768Z", "ModificationTime": "2021-05-25T21:51:02.377887Z" } }

如需詳細資訊,請參閱 Amazon Route 53 Route 53 開發人員指南中的管理 VPC 和 Route 53 解析器 DNS 防火牆規則群組之間的關聯

下列程式碼範例會示範如何使用disassociate-resolver-endpoint-ip-address

AWS CLI

取消 IP 位址與解析器端點的關聯

下列disassociate-resolver-endpoint-ip-address範例會從指定的解析器輸入或輸出端點移除 IP 位址。

注意端點必須至少有兩個 IP 位址。如果端點目前只有兩個 IP 位址,而您想要用另一個位址取代一個位址,則必須先使用 associate-resolver-endpoint-ip-address 來建立新 IP 位址的關聯。然後,您可以取消其中一個原始 IP 位址與端點的關聯。

aws route53resolver disassociate-resolver-endpoint-ip-address \ --resolver-endpoint-id rslvr-in-f9ab8a03f1example \ --ip-address="SubnetId=subnet-12d8a459,Ip=172.31.40.121"

輸出:

{ "ResolverEndpoint": { "Id": "rslvr-in-f9ab8a03f1example", "CreatorRequestId": "2020-01-01-18:47", "Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-f9ab8a03f1example", "Name": "my-inbound-endpoint", "SecurityGroupIds": [ "sg-f62bexam" ], "Direction": "INBOUND", "IpAddressCount": 3, "HostVPCId": "vpc-304bexam", "Status": "UPDATING", "StatusMessage": "Updating the Resolver Endpoint", "CreationTime": "2020-01-01T23:02:29.583Z", "ModificationTime": "2020-01-05T23:02:29.583Z" } }

下列程式碼範例會示範如何使用disassociate-resolver-rule

AWS CLI

取消解析器規則與 Amazon VPC 的關聯

下列disassociate-resolver-rule範例會移除指定的解析程式規則與指定 VPC 之間的關聯。在下列情況下,您可以取消規則與 VPC 的關聯:

對於源自此 VPC 的 DNS 查詢,您希望 Resolver 停止將規則中指定之網域名稱的查詢轉送至您的網路。您想要刪除轉送規則。如果規則目前與一或多個 VPC 相關聯,您必須先取消規則與所有 VPC 的關聯,才能刪除規則。

aws route53resolver disassociate-resolver-rule \ --resolver-rule-id rslvr-rr-4955cb98ceexample \ --vpc-id vpc-304bexam

輸出:

{ "ResolverRuleAssociation": { "Id": "rslvr-rrassoc-322f4e8b9cexample", "ResolverRuleId": "rslvr-rr-4955cb98ceexample", "Name": "my-resolver-rule-association", "VPCId": "vpc-304bexam", "Status": "DELETING", "StatusMessage": "[Trace id: 1-5dc5ffa2-a26c38004c1f94006example] Deleting Association" } }

下列程式碼範例會示範如何使用get-firewall-config

AWS CLI

取得 VPC 的防火牆設定

下列get-firewall-config範例會擷取指定 VPC 的 DNS 防火牆行為。

aws route53resolver get-firewall-config \ --resource-id vpc-31e92222

輸出:

{ "FirewallConfig": { "Id": "rslvr-fc-86016850cexample", "ResourceId": "vpc-31e9222", "OwnerId": "123456789012", "FirewallFailOpen": "DISABLED" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的 DNS 防火牆 VPC 人雲端組態

下列程式碼範例會示範如何使用get-firewall-domain-list

AWS CLI

若要取得 Route 53 解析程式 DNS 防火牆網域清單

下列get-firewall-domain-list範例會使用您指定的 ID 擷取網域清單。

aws route53resolver get-firewall-domain-list \ --firewall-domain-list-id rslvr-fdl-42b60677cexample

輸出:

{ "FirewallDomainList": { "Id": "rslvr-fdl-9e956e9ffexample", "Arn": "arn:aws:route53resolver:us-west-2:123457689012:firewall-domain-list/rslvr-fdl-42b60677cexample", "Name": "test", "DomainCount": 0, "Status": "COMPLETE", "StatusMessage": "Created Firewall Domain List", "CreatorRequestId": "my-request-id", "CreationTime": "2021-05-25T15:55:51.115365Z", "ModificationTime": "2021-05-25T15:55:51.115365Z" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南的管理您自己的網域清單

下列程式碼範例會示範如何使用get-firewall-rule-group-association

AWS CLI

取得防火牆規則群組關聯

下列get-firewall-rule-group-association範例會擷取防火牆規則群組關聯。

aws route53resolver get-firewall-rule-group-association \ --firewall-rule-group-association-id rslvr-frgassoc-57e8873d7example

輸出:

{ "FirewallRuleGroupAssociation": { "Id": "rslvr-frgassoc-57e8873d7example", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example", "FirewallRuleGroupId": "rslvr-frg-47f93271fexample", "VpcId": "vpc-31e92222", "Name": "test-association", "Priority": 101, "MutationProtection": "DISABLED", "Status": "COMPLETE", "StatusMessage": "Finished rule group association update", "CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111", "CreationTime": "2021-05-25T21:47:48.755768Z", "ModificationTime": "2021-05-25T21:47:48.755768Z" } }

如需詳細資訊,請參閱 Amazon Route 53 Route 53 開發人員指南中的管理 VPC 和 Route 53 解析器 DNS 防火牆規則群組之間的關聯

下列程式碼範例會示範如何使用get-firewall-rule-group-policy

AWS CLI

若要取得 AWS IAM 政策

下列get-firewall-rule-group-policy範例會取得共用指定規則群組的 AWS Identity and Access Management (AWS IAM) 政策。

aws route53resolver get-firewall-rule-group-policy \ --arn arn:aws:route53resolver:us-west-2:AWS_ACCOUNT_ID:firewall-rule-group/rslvr-frg-47f93271fexample

輸出:

{ "FirewallRuleGroupPolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"test\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::AWS_ACCOUNT_ID:root\"},\"Action\":[\"route53resolver:GetFirewallRuleGroup\",\"route53resolver:ListFirewallRuleGroups\"],\"Resource\":\"arn:aws:route53resolver:us-east-1:AWS_ACCOUNT_ID:firewall-rule-group/rslvr-frg-47f93271fexample\"}]}" }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的「管理 DNS 防火牆中的規則群組和規則」。

下列程式碼範例會示範如何使用get-firewall-rule-group

AWS CLI

取得防火牆規則群組

下列get-firewall-rule-group範例會使用您提供的識別碼擷取 DNS 防火牆規則群組的相關資訊。

aws route53resolver get-firewall-rule-group \ --firewall-rule-group-id rslvr-frg-47f93271fexample

輸出:

{ "FirewallRuleGroup": { "Id": "rslvr-frg-47f93271fexample", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group/rslvr-frg-47f93271fexample", "Name": "test", "RuleCount": 0, "Status": "COMPLETE", "StatusMessage": "Created Firewall Rule Group", "OwnerId": "123456789012", "CreatorRequestId": "my-request-id", "ShareStatus": "NOT_SHARED", "CreationTime": "2021-05-25T18:59:26.490017Z", "ModificationTime": "2021-05-25T18:59:26.490017Z" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的「管理 DNS 防火牆中的規則群組和規則」。

下列程式碼範例會示範如何使用get-resolver-endpoint

AWS CLI

取得解析器端點的相關資訊

下列get-resolver-endpoint範例顯示輸出指定端點的詳細資訊。您可以指定get-resolver-endpoint適用的端點 ID,同時用於輸入端點和輸出端點。

aws route53resolver get-resolver-endpoint \ --resolver-endpoint-id rslvr-out-d5e5920e37example

輸出:

{ "ResolverEndpoint": { "Id": "rslvr-out-d5e5920e37example", "CreatorRequestId": "2020-01-01-18:47", "Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-out-d5e5920e37example", "Name": "my-outbound-endpoint", "SecurityGroupIds": [ "sg-05cd7b25d6example" ], "Direction": "OUTBOUND", "IpAddressCount": 2, "HostVPCId": "vpc-304bexam", "Status": "OPERATIONAL", "StatusMessage": "This Resolver Endpoint is operational.", "CreationTime": "2020-01-01T23:50:50.979Z", "ModificationTime": "2020-01-02T23:50:50.979Z" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的建立或編輯傳入端點時指定的值。

下列程式碼範例會示範如何使用get-resolver-rule-association

AWS CLI

取得有關解析程式規則與 VPC 之間關聯的資訊

下列get-resolver-rule-association範例顯示有關指定解析器規則與 VPC 之間關聯的詳細資訊。您可以使用將解析器規則與 VPC 相關聯。associate-resolver-rule

aws route53resolver get-resolver-rule-association \ --resolver-rule-association-id rslvr-rrassoc-d61cbb2c8bexample

輸出:

{ "ResolverRuleAssociation": { "Id": "rslvr-rrassoc-d61cbb2c8bexample", "ResolverRuleId": "rslvr-rr-42b60677c0example", "Name": "my-resolver-rule-association", "VPCId": "vpc-304bexam", "Status": "COMPLETE", "StatusMessage": "" } }

下列程式碼範例會示範如何使用get-resolver-rule

AWS CLI

取得有關解析器規則的資訊

下列get-resolver-rule範例會顯示有關指定解析器規則的詳細資訊,例如規則轉送 DNS 查詢的網域名稱,以及與規則相關聯的輸出解析程式端點識別碼。

aws route53resolver get-resolver-rule \ --resolver-rule-id rslvr-rr-42b60677c0example

輸出:

{ "ResolverRule": { "Id": "rslvr-rr-42b60677c0example", "CreatorRequestId": "2020-01-01-18:47", "Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0example", "DomainName": "example.com.", "Status": "COMPLETE", "StatusMessage": "[Trace id: 1-5dc4b177-ff1d9d001a0f80005example] Successfully created Resolver Rule.", "RuleType": "FORWARD", "Name": "my-rule", "TargetIps": [ { "Ip": "192.0.2.45", "Port": 53 } ], "ResolverEndpointId": "rslvr-out-d5e5920e37example", "OwnerId": "111122223333", "ShareStatus": "NOT_SHARED" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的建立或編輯規則時指定的值。

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考GetResolverRule中的。

下列程式碼範例會示範如何使用import-firewall-domains

AWS CLI

將網域匯入網域清單

下列import-firewall-domains範例會將一組網域從檔案匯入您指定的 DNS 防火牆網域清單。

aws route53resolver import-firewall-domains \ --firewall-domain-list-id rslvr-fdl-d61cbb2cbexample \ --operation REPLACE \ --domain-file-url s3://PATH/TO/YOUR/FILE

輸出:

{ "Id": "rslvr-fdl-d61cbb2cbexample", "Name": "test", "Status": "IMPORTING", "StatusMessage": "Importing domains from provided file." }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南的管理您自己的網域清單

下列程式碼範例會示範如何使用list-firewall-configs

AWS CLI

列出防火牆組態

下列list-firewall-configs範例會列出您的 DNS 防火牆組態。

aws route53resolver list-firewall-configs

輸出:

{ "FirewallConfigs": [ { "Id": "rslvr-fc-86016850cexample", "ResourceId": "vpc-31e92222", "OwnerId": "123456789012", "FirewallFailOpen": "DISABLED" } ] }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的 DNS 防火牆 VPC 人雲端組態

下列程式碼範例會示範如何使用list-firewall-domain-lists

AWS CLI

若要列出所有 Route 53 解析程式 DNS 防火牆網域清單

下面的list-firewall-domain-lists例子列出了所有域列表。

aws route53resolver list-firewall-domain-lists

輸出:

{ "FirewallDomainLists": [ { "Id": "rslvr-fdl-2c46f2ecfexample", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-domain-list/rslvr-fdl-2c46f2ecfexample", "Name": "AWSManagedDomainsMalwareDomainList", "CreatorRequestId": "AWSManagedDomainsMalwareDomainList", "ManagedOwnerName": "Route 53 Resolver DNS Firewall" }, { "Id": "rslvr-fdl-aa970e9e1example", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-domain-list/rslvr-fdl-aa970e9e1example", "Name": "AWSManagedDomainsBotnetCommandandControl", "CreatorRequestId": "AWSManagedDomainsBotnetCommandandControl", "ManagedOwnerName": "Route 53 Resolver DNS Firewall" }, { "Id": "rslvr-fdl-42b60677cexample", "Arn": "arn:aws:route53resolver:us-west-2:123456789111:firewall-domain-list/rslvr-fdl-42b60677cexample", "Name": "test", "CreatorRequestId": "my-request-id" } ] }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的 Route 53 解析器 DNS 防火牆網域清單

下列程式碼範例會示範如何使用list-firewall-domains

AWS CLI

若要列出網域清單中的網域

下列list-firewall-domains範例會列出您指定之 DNS 防火牆網域清單中的網域。

aws route53resolver list-firewall-domains \ --firewall-domain-list-id rslvr-fdl-d61cbb2cbexample

輸出:

{ "Domains": [ "test1.com.", "test2.com.", "test3.com." ] }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南的管理您自己的網域清單

下列程式碼範例會示範如何使用list-firewall-rule-group-associations

AWS CLI

列出 DNS 防火牆規則群組關聯

下列list-firewall-rule-group-associations範例列出您與 Amazon VPC 之間的 DNS 防火牆規則群組關聯。

aws route53resolver list-firewall-rule-group-associations

輸出:

{ "FirewallRuleGroupAssociations": [ { "Id": "rslvr-frgassoc-57e8873d7example", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example", "FirewallRuleGroupId": "rslvr-frg-47f93271fexample", "VpcId": "vpc-31e92222", "Name": "test-association", "Priority": 101, "MutationProtection": "DISABLED", "Status": "UPDATING", "StatusMessage": "Creating Firewall Rule Group Association", "CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111", "CreationTime": "2021-05-25T21:47:48.755768Z", "ModificationTime": "2021-05-25T21:47:48.755768Z" } ] }

如需詳細資訊,請參閱 Amazon Route 53 Route 53 開發人員指南中的管理 VPC 和 Route 53 解析器 DNS 防火牆規則群組之間的關聯

下列程式碼範例會示範如何使用list-firewall-rule-groups

AWS CLI

取得防火牆規則群組清單

下列list-firewall-rule-groups範例會列出您的 DNS 防火牆規則群組。

aws route53resolver list-firewall-rule-groups

輸出:

{ "FirewallRuleGroups": [ { "Id": "rslvr-frg-47f93271fexample", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group/rslvr-frg-47f93271fexample", "Name": "test", "OwnerId": "123456789012", "CreatorRequestId": "my-request-id", "ShareStatus": "NOT_SHARED" } ] }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的「管理 DNS 防火牆中的規則群組和規則」。

下列程式碼範例會示範如何使用list-firewall-rules

AWS CLI

列出防火牆規則

下列list-firewall-rules範例會列出防火牆規則群組中的所有 DNS 防火牆規則。

aws route53resolver list-firewall-rules \ --firewall-rule-group-id rslvr-frg-47f93271fexample

輸出:

{ "FirewallRules": [ { "FirewallRuleGroupId": "rslvr-frg-47f93271fexample", "FirewallDomainListId": "rslvr-fdl-9e956e9ffexample", "Name": "allow-rule", "Priority": 101, "Action": "ALLOW", "CreatorRequestId": "d81e3fb7-020b-415e-939f-EXAMPLE11111", "CreationTime": "2021-05-25T21:44:00.346093Z", "ModificationTime": "2021-05-25T21:44:00.346093Z" } ] }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的「管理 DNS 防火牆中的規則群組和規則」。

下列程式碼範例會示範如何使用list-resolver-endpoint-ip-addresses

AWS CLI

列出指定輸入或輸出端點的 IP 位址

下列list-resolver-endpoint-ip-addresses範例會列出與輸入端點相關聯之 IP 位址的相關資訊rslvr-in-f9ab8a03f1example。您也可以透過指定list-resolver-endpoint-ip-addresses適用的端點 ID 來用於輸出端點。

aws route53resolver list-resolver-endpoint-ip-addresses \ --resolver-endpoint-id rslvr-in-f9ab8a03f1example

輸出:

{ "MaxResults": 10, "IpAddresses": [ { "IpId": "rni-1de60cdbfeexample", "SubnetId": "subnet-ba47exam", "Ip": "192.0.2.44", "Status": "ATTACHED", "StatusMessage": "This IP address is operational.", "CreationTime": "2020-01-03T23:02:29.587Z", "ModificationTime": "2020-01-03T23:03:05.555Z" }, { "IpId": "rni-aac7085e38example", "SubnetId": "subnet-12d8exam", "Ip": "192.0.2.45", "Status": "ATTACHED", "StatusMessage": "This IP address is operational.", "CreationTime": "2020-01-03T23:02:29.593Z", "ModificationTime": "2020-01-03T23:02:55.060Z" } ] }

如需有關輸出中值的詳細資訊,請參閱 Amazon Route 53 開發人員指南中的建立或編輯傳入端點時指定的值,以及您在建立或編輯輸出端點時指定的值。

下列程式碼範例會示範如何使用list-resolver-endpoints

AWS CLI

列出區域中的解析器端點 AWS

下列list-resolver-endpoints範例列出目前帳戶中存在的輸入和輸出解析器端點。

aws route53resolver list-resolver-endpoints

輸出:

{ "MaxResults": 10, "ResolverEndpoints": [ { "Id": "rslvr-in-497098ad59example", "CreatorRequestId": "2020-01-01-18:47", "Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-497098ad59example", "Name": "my-inbound-endpoint", "SecurityGroupIds": [ "sg-05cd7b25d6example" ], "Direction": "INBOUND", "IpAddressCount": 2, "HostVPCId": "vpc-304bexam", "Status": "OPERATIONAL", "StatusMessage": "This Resolver Endpoint is operational.", "CreationTime": "2020-01-01T23:25:45.538Z", "ModificationTime": "2020-01-01T23:25:45.538Z" }, { "Id": "rslvr-out-d5e5920e37example", "CreatorRequestId": "2020-01-01-18:48", "Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-out-d5e5920e37example", "Name": "my-outbound-endpoint", "SecurityGroupIds": [ "sg-05cd7b25d6example" ], "Direction": "OUTBOUND", "IpAddressCount": 2, "HostVPCId": "vpc-304bexam", "Status": "OPERATIONAL", "StatusMessage": "This Resolver Endpoint is operational.", "CreationTime": "2020-01-01T23:50:50.979Z", "ModificationTime": "2020-01-01T23:50:50.979Z" } ] }

下列程式碼範例會示範如何使用list-resolver-rule-associations

AWS CLI

列出解析器規則與 VPC 之間的關聯

下列list-resolver-rule-associations範例列出目前帳戶中解析程式規則與 VPC 之間的關聯。 AWS

aws route53resolver list-resolver-rule-associations

輸出:

{ "MaxResults": 30, "ResolverRuleAssociations": [ { "Id": "rslvr-autodefined-assoc-vpc-304bexam-internet-resolver", "ResolverRuleId": "rslvr-autodefined-rr-internet-resolver", "Name": "System Rule Association", "VPCId": "vpc-304bexam", "Status": "COMPLETE", "StatusMessage": "" }, { "Id": "rslvr-rrassoc-d61cbb2c8bexample", "ResolverRuleId": "rslvr-rr-42b60677c0example", "Name": "my-resolver-rule-association", "VPCId": "vpc-304bexam", "Status": "COMPLETE", "StatusMessage": "" } ] }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的 Route 53 解析器如何將 VPC 中的 DNS 查詢轉送至您的網路

下列程式碼範例會示範如何使用list-resolver-rules

AWS CLI

列出解析器規則

下列list-resolver-rules範例會列出目前 AWS 帳戶中的所有解析器規則。

aws route53resolver list-resolver-rules

輸出:

{ "MaxResults": 30, "ResolverRules": [ { "Id": "rslvr-autodefined-rr-internet-resolver", "CreatorRequestId": "", "Arn": "arn:aws:route53resolver:us-west-2::autodefined-rule/rslvr-autodefined-rr-internet-resolver", "DomainName": ".", "Status": "COMPLETE", "RuleType": "RECURSIVE", "Name": "Internet Resolver", "OwnerId": "Route 53 Resolver", "ShareStatus": "NOT_SHARED" }, { "Id": "rslvr-rr-42b60677c0example", "CreatorRequestId": "2020-01-01-18:47", "Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0bc4e299", "DomainName": "example.com.", "Status": "COMPLETE", "StatusMessage": "[Trace id: 1-5dc4b177-ff1d9d001a0f80005example] Successfully created Resolver Rule.", "RuleType": "FORWARD", "Name": "my-rule", "TargetIps": [ { "Ip": "192.0.2.45", "Port": 53 } ], "ResolverEndpointId": "rslvr-out-d5e5920e37example", "OwnerId": "111122223333", "ShareStatus": "NOT_SHARED" } ] }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的 Route 53 解析器如何將 VPC 中的 DNS 查詢轉送至您的網路

下列程式碼範例會示範如何使用list-tags-for-resource

AWS CLI

列出解析器資源標籤的步驟

下列list-tags-for-resource範例會列出指派給指定解析器規則的標籤。

aws route53resolver list-tags-for-resource \ --resource-arn "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0example"

輸出:

{ "Tags": [ { "Key": "my-key-1", "Value": "my-value-1" }, { "Key": "my-key-2", "Value": "my-value-2" } ] }

如需使用標籤進行成本分配的相關資訊,請參閱AWS 帳單與成本管理使用者指南中的使用成本配置標籤

下列程式碼範例會示範如何使用put-firewall-rule-group-policy

AWS CLI

附加 AWS IAM 政策以共用防火牆規則群組原則

下列put-firewall-rule-group-policy範例會附加 I AWS dentity and Access Management (AWS IAM) 政策,以共用規則群組。

aws route53resolver put-firewall-rule-group-policy \ --firewall-rule-group-policy "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"test\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::AWS_ACCOUNT_ID:root\"},\"Action\":[\"route53resolver:GetFirewallRuleGroup\",\"route53resolver:ListFirewallRuleGroups\"],\"Resource\":\"arn:aws:route53resolver:us-east-1:AWS_ACCOUNT_ID:firewall-rule-group/rslvr-frg-47f93271fexample\"}]}"

輸出:

{ "ReturnValue": true }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的「管理 DNS 防火牆中的規則群組和規則」。

下列程式碼範例會示範如何使用put-resolver-rule-policy

AWS CLI

與其他帳戶共用解析器規則 AWS

下列put-resolver-rule-policy範例會指定您要與其他 AWS 帳戶共用的 Resolver 規則、您要共用規則的帳戶,以及您希望帳戶能夠對規則執行的規則相關作業。

注意您必須使用來自建立規則的相同帳戶的認證來執行此命令。

aws route53resolver put-resolver-rule-policy \ --region us-east-1 \ --arn "arn:aws:route53resolver:us-east-1:111122223333:resolver-rule/rslvr-rr-42b60677c0example" \ --resolver-rule-policy "{\"Version\": \"2012-10-17\", \ \"Statement\": [ { \ \"Effect\" : \"Allow\", \ \"Principal\" : {\"AWS\" : \"444455556666\" }, \ \"Action\" : [ \ \"route53resolver:GetResolverRule\", \ \"route53resolver:AssociateResolverRule\", \ \"route53resolver:DisassociateResolverRule\", \ \"route53resolver:ListResolverRules\", \ \"route53resolver:ListResolverRuleAssociations\" ], \ \"Resource\" : [ \"arn:aws:route53resolver:us-east-1:111122223333:resolver-rule/rslvr-rr-42b60677c0example\" ] } ] }"

輸出:

{ "ReturnValue": true }

執行之後put-resolver-rule-policy,您可以執行下列兩個 Resource Access Manager (RAM) 命令。您必須使用要與之共用規則的帳戶:

get-resource-share-invitations返回值resourceShareInvitationArn。您需要此值才能接受使用共用規則的邀請。 accept-resource-share-invitation接受使用共用規則的邀請。

如需詳細資訊,請參閱下列 文件:

get-resource-share-invitationsaccept-resource-share-invitations與其他 AWS 帳戶共用轉送規則,並在 Amazon Route 53 開發人員指南中使用共用規

下列程式碼範例會示範如何使用tag-resource

AWS CLI

將標籤與解析器資源相關聯

下列tag-resource範例會將兩個標籤鍵/值配對與指定的解析器規則產生關聯。

aws route53resolver tag-resource \ --resource-arn "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0example" \ --tags "Key=my-key-1,Value=my-value-1" "Key=my-key-2,Value=my-value-2"

此命令不會產生輸出。

如需使用標籤進行成本分配的相關資訊,請參閱AWS 帳單與成本管理使用者指南中的使用成本配置標籤

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考TagResource中的。

下列程式碼範例會示範如何使用untag-resource

AWS CLI

從解析器資源中移除標籤

下列untag-resource範例會從指定的解析器規則中移除兩個標籤。

aws route53resolver untag-resource \ --resource-arn "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0example" \ --tag-keys my-key-1 my-key-2

此命令不會產生輸出。若要確認已移除標籤,您可以使用list-tags-for-resource

如需使用標籤進行成本分配的相關資訊,請參閱AWS 帳單與成本管理使用者指南中的使用成本配置標籤

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考UntagResource中的。

下列程式碼範例會示範如何使用update-firewall-config

AWS CLI

更新防火牆組態

下列update-firewall-config範例會更新 DNS 防火牆組態。

aws route53resolver update-firewall-config \ --resource-id vpc-31e92222 \ --firewall-fail-open DISABLED

輸出:

{ "FirewallConfig": { "Id": "rslvr-fc-86016850cexample", "ResourceId": "vpc-31e92222", "OwnerId": "123456789012", "FirewallFailOpen": "DISABLED" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的 DNS 防火牆 VPC 人雲端組態

下列程式碼範例會示範如何使用update-firewall-domains

AWS CLI

若要更新網域清單

下列update-firewall-domains範例會使用您提供的 ID,將網域新增至網域清單。

aws route53resolver update-firewall-domains \ --firewall-domain-list-id rslvr-fdl-42b60677cexampleb \ --operation ADD \ --domains test1.com test2.com test3.com

輸出:

{ "Id": "rslvr-fdl-42b60677cexample", "Name": "test", "Status": "UPDATING", "StatusMessage": "Updating the Firewall Domain List" }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南的管理您自己的網域清單

下列程式碼範例會示範如何使用update-firewall-rule-group-association

AWS CLI

更新防火牆規則群組關聯

下列update-firewall-rule-group-association範例會更新防火牆規則群組關聯。

aws route53resolver update-firewall-rule-group-association \ --firewall-rule-group-association-id rslvr-frgassoc-57e8873d7example \ --priority 103

輸出:

{ "FirewallRuleGroupAssociation": { "Id": "rslvr-frgassoc-57e8873d7example", "Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example", "FirewallRuleGroupId": "rslvr-frg-47f93271fexample", "VpcId": "vpc-31e92222", "Name": "test-association", "Priority": 103, "MutationProtection": "DISABLED", "Status": "UPDATING", "StatusMessage": "Updating the Firewall Rule Group Association Attributes", "CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111", "CreationTime": "2021-05-25T21:47:48.755768Z", "ModificationTime": "2021-05-25T21:50:09.272569Z" } }

如需詳細資訊,請參閱 Amazon Route 53 Route 53 開發人員指南中的管理 VPC 和 Route 53 解析器 DNS 防火牆規則群組之間的關聯

下列程式碼範例會示範如何使用update-firewall-rule

AWS CLI

更新防火牆規則

下列update-firewall-rule範例會使用您指定的參數更新防火牆規則。

aws route53resolver update-firewall-rule \ --firewall-rule-group-id rslvr-frg-47f93271fexample \ --firewall-domain-list-id rslvr-fdl-9e956e9ffexample \ --priority 102

輸出:

{ "FirewallRule": { "FirewallRuleGroupId": "rslvr-frg-47f93271fexample", "FirewallDomainListId": "rslvr-fdl-9e956e9ffexample", "Name": "allow-rule", "Priority": 102, "Action": "ALLOW", "CreatorRequestId": "d81e3fb7-020b-415e-939f-EXAMPLE11111", "CreationTime": "2021-05-25T21:44:00.346093Z", "ModificationTime": "2021-05-25T21:45:59.611600Z" } }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的「管理 DNS 防火牆中的規則群組和規則」。

下列程式碼範例會示範如何使用update-resolver-endpoint

AWS CLI

更新解析器端點的名稱

下列update-resolver-endpoint範例會更新解析器端點的名稱。不支援更新其他值。

aws route53resolver update-resolver-endpoint \ --resolver-endpoint-id rslvr-in-b5d45e32bdc445f09 \ --name my-renamed-inbound-endpoint

輸出:

{ "ResolverEndpoint": { "Id": "rslvr-in-b5d45e32bdexample", "CreatorRequestId": "2020-01-02-18:48", "Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-b5d45e32bdexample", "Name": "my-renamed-inbound-endpoint", "SecurityGroupIds": [ "sg-f62bexam" ], "Direction": "INBOUND", "IpAddressCount": 2, "HostVPCId": "vpc-304bexam", "Status": "OPERATIONAL", "StatusMessage": "This Resolver Endpoint is operational.", "CreationTime": "2020-01-01T18:33:59.265Z", "ModificationTime": "2020-01-08T18:33:59.265Z" } }

下列程式碼範例會示範如何使用update-resolver-rule

AWS CLI

範例 1:更新設定解析程式端點

下列update-resolver-rule範例會更新規則的名稱、將 DNS 查詢轉寄到的內部部署網路上的 IP 位址,以及您用來將查詢轉寄至網路的輸出 Resolver 端點識別碼。

注意會覆寫的TargetIps現有值,因此您必須指定在更新之後規則具有的所有 IP 位址。

aws route53resolver update-resolver-rule \ --resolver-rule-id rslvr-rr-1247fa64f3example \ --config Name="my-2nd-rule",TargetIps=[{Ip=192.0.2.45,Port=53},{Ip=192.0.2.46,Port=53}],ResolverEndpointId=rslvr-out-7b89ed0d25example

輸出:

{ "ResolverRule": { "Id": "rslvr-rr-1247fa64f3example", "CreatorRequestId": "2020-01-02-18:47", "Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-1247fa64f3example", "DomainName": "www.example.com.", "Status": "COMPLETE", "StatusMessage": "[Trace id: 1-5dcc90b9-8a8ee860aba1ebd89example] Successfully updated Resolver Rule.", "RuleType": "FORWARD", "Name": "my-2nd-rule", "TargetIps": [ { "Ip": "192.0.2.45", "Port": 53 }, { "Ip": "192.0.2.46", "Port": 53 } ], "ResolverEndpointId": "rslvr-out-7b89ed0d25example", "OwnerId": "111122223333", "ShareStatus": "NOT_SHARED" } }

示例 2:使用「配置」設置的文件更新設置解析器端點

您也可以在 JSON 檔案中包含這些config設定,然後在呼叫時指定該檔案update-resolver-rule

aws route53resolver update-resolver-rule \ --resolver-rule-id rslvr-rr-1247fa64f3example \ --config file://c:\temp\update-resolver-rule.json

update-resolver-rule.json 的內容。

{ "Name": "my-2nd-rule", "TargetIps": [ { "Ip": "192.0.2.45", "Port": 53 }, { "Ip": "192.0.2.46", "Port": 53 } ], "ResolverEndpointId": "rslvr-out-7b89ed0d25example" }

如需詳細資訊,請參閱 Amazon Route 53 開發人員指南中的建立或編輯規則時指定的值。