/
types.go
994 lines (786 loc) · 42.3 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
// Code generated by smithy-go-codegen DO NOT EDIT.
package types
import (
smithydocument "github.com/aws/smithy-go/document"
)
// For Resolver list operations ( ListResolverEndpoints (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html)
// , ListResolverRules (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html)
// , ListResolverRuleAssociations (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html)
// , ListResolverQueryLogConfigs (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigs.html)
// , ListResolverQueryLogConfigAssociations (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigAssociations.html)
// ), and ListResolverDnssecConfigs (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverDnssecConfigs.html)
// ), an optional specification to return a subset of objects. To filter objects,
// such as Resolver endpoints or Resolver rules, you specify Name and Values . For
// example, to list only inbound Resolver endpoints, specify Direction for Name
// and specify INBOUND for Values .
type Filter struct {
// The name of the parameter that you want to use to filter objects. The valid
// values for Name depend on the action that you're including the filter in,
// ListResolverEndpoints (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html)
// , ListResolverRules (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html)
// , ListResolverRuleAssociations (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html)
// , ListResolverQueryLogConfigs (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigs.html)
// , or ListResolverQueryLogConfigAssociations (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigAssociations.html)
// . In early versions of Resolver, values for Name were listed as uppercase, with
// underscore (_) delimiters. For example, CreatorRequestId was originally listed
// as CREATOR_REQUEST_ID . Uppercase values for Name are still supported.
// ListResolverEndpoints Valid values for Name include the following:
// - CreatorRequestId : The value that you specified when you created the
// Resolver endpoint.
// - Direction : Whether you want to return inbound or outbound Resolver
// endpoints. If you specify DIRECTION for Name , specify INBOUND or OUTBOUND for
// Values .
// - HostVPCId : The ID of the VPC that inbound DNS queries pass through on the
// way from your network to your VPCs in a region, or the VPC that outbound queries
// pass through on the way from your VPCs to your network. In a
// CreateResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html)
// request, SubnetId indirectly identifies the VPC. In a GetResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html)
// request, the VPC ID for a Resolver endpoint is returned in the HostVPCId
// element.
// - IpAddressCount : The number of IP addresses that you have associated with
// the Resolver endpoint.
// - Name : The name of the Resolver endpoint.
// - SecurityGroupIds : The IDs of the VPC security groups that you specified
// when you created the Resolver endpoint.
// - Status : The status of the Resolver endpoint. If you specify Status for Name
// , specify one of the following status codes for Values : CREATING ,
// OPERATIONAL , UPDATING , AUTO_RECOVERING , ACTION_NEEDED , or DELETING . For
// more information, see Status in ResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ResolverEndpoint.html)
// .
// ListResolverRules Valid values for Name include the following:
// - CreatorRequestId : The value that you specified when you created the
// Resolver rule.
// - DomainName : The domain name for which Resolver is forwarding DNS queries to
// your network. In the value that you specify for Values , include a trailing
// dot (.) after the domain name. For example, if the domain name is example.com,
// specify the following value. Note the "." after com : example.com.
// - Name : The name of the Resolver rule.
// - ResolverEndpointId : The ID of the Resolver endpoint that the Resolver rule
// is associated with. You can filter on the Resolver endpoint only for rules that
// have a value of FORWARD for RuleType .
// - Status : The status of the Resolver rule. If you specify Status for Name ,
// specify one of the following status codes for Values : COMPLETE , DELETING ,
// UPDATING , or FAILED .
// - Type : The type of the Resolver rule. If you specify TYPE for Name , specify
// FORWARD or SYSTEM for Values .
// ListResolverRuleAssociations Valid values for Name include the following:
// - Name : The name of the Resolver rule association.
// - ResolverRuleId : The ID of the Resolver rule that is associated with one or
// more VPCs.
// - Status : The status of the Resolver rule association. If you specify Status
// for Name , specify one of the following status codes for Values : CREATING ,
// COMPLETE , DELETING , or FAILED .
// - VPCId : The ID of the VPC that the Resolver rule is associated with.
// ListResolverQueryLogConfigs Valid values for Name include the following:
// - Arn : The ARN for the query logging configuration.
// - AssociationCount : The number of VPCs that are associated with the query
// logging configuration.
// - CreationTime : The date and time that the query logging configuration was
// created, in Unix time format and Coordinated Universal Time (UTC).
// - CreatorRequestId : A unique string that identifies the request that created
// the query logging configuration.
// - Destination : The Amazon Web Services service that you want to forward query
// logs to. Valid values include the following:
// - S3
// - CloudWatchLogs
// - KinesisFirehose
// - DestinationArn : The ARN of the location that Resolver is sending query logs
// to. This value can be the ARN for an S3 bucket, a CloudWatch Logs log group, or
// a Kinesis Data Firehose delivery stream.
// - Id : The ID of the query logging configuration
// - Name : The name of the query logging configuration
// - OwnerId : The Amazon Web Services account ID for the account that created
// the query logging configuration.
// - ShareStatus : An indication of whether the query logging configuration is
// shared with other Amazon Web Services accounts, or was shared with the current
// account by another Amazon Web Services account. Valid values include:
// NOT_SHARED , SHARED_WITH_ME , or SHARED_BY_ME .
// - Status : The status of the query logging configuration. If you specify
// Status for Name , specify the applicable status code for Values : CREATING ,
// CREATED , DELETING , or FAILED . For more information, see Status (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ResolverQueryLogConfig.html#Route53Resolver-Type-route53resolver_ResolverQueryLogConfig-Status)
// .
// ListResolverQueryLogConfigAssociations Valid values for Name include the
// following:
// - CreationTime : The date and time that the VPC was associated with the query
// logging configuration, in Unix time format and Coordinated Universal Time (UTC).
//
// - Error : If the value of Status is FAILED , specify the cause:
// DESTINATION_NOT_FOUND or ACCESS_DENIED .
// - Id : The ID of the query logging association.
// - ResolverQueryLogConfigId : The ID of the query logging configuration that a
// VPC is associated with.
// - ResourceId : The ID of the Amazon VPC that is associated with the query
// logging configuration.
// - Status : The status of the query logging association. If you specify Status
// for Name , specify the applicable status code for Values : CREATING , CREATED
// , DELETING , or FAILED . For more information, see Status (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ResolverQueryLogConfigAssociation.html#Route53Resolver-Type-route53resolver_ResolverQueryLogConfigAssociation-Status)
// .
Name *string
// When you're using a List operation and you want the operation to return a
// subset of objects, such as Resolver endpoints or Resolver rules, the value of
// the parameter that you want to use to filter objects. For example, to list only
// inbound Resolver endpoints, specify Direction for Name and specify INBOUND for
// Values .
Values []string
noSmithyDocumentSerde
}
// Configuration of the firewall behavior provided by DNS Firewall for a single
// VPC from Amazon Virtual Private Cloud (Amazon VPC).
type FirewallConfig struct {
// Determines how DNS Firewall operates during failures, for example when all
// traffic that is sent to DNS Firewall fails to receive a reply.
// - By default, fail open is disabled, which means the failure mode is closed.
// This approach favors security over availability. DNS Firewall returns a failure
// error when it is unable to properly evaluate a query.
// - If you enable this option, the failure mode is open. This approach favors
// availability over security. DNS Firewall allows queries to proceed if it is
// unable to properly evaluate them.
// This behavior is only enforced for VPCs that have at least one DNS Firewall
// rule group association.
FirewallFailOpen FirewallFailOpenStatus
// The ID of the firewall configuration.
Id *string
// The Amazon Web Services account ID of the owner of the VPC that this firewall
// configuration applies to.
OwnerId *string
// The ID of the VPC that this firewall configuration applies to.
ResourceId *string
noSmithyDocumentSerde
}
// High-level information about a list of firewall domains for use in a
// FirewallRule . This is returned by GetFirewallDomainList . To retrieve the
// domains that are defined for this domain list, call ListFirewallDomains .
type FirewallDomainList struct {
// The Amazon Resource Name (ARN) of the firewall domain list.
Arn *string
// The date and time that the domain list was created, in Unix time format and
// Coordinated Universal Time (UTC).
CreationTime *string
// A unique string defined by you to identify the request. This allows you to
// retry failed requests without the risk of running the operation twice. This can
// be any unique string, for example, a timestamp.
CreatorRequestId *string
// The number of domain names that are specified in the domain list.
DomainCount *int32
// The ID of the domain list.
Id *string
// The owner of the list, used only for lists that are not managed by you. For
// example, the managed domain list AWSManagedDomainsMalwareDomainList has the
// managed owner name Route 53 Resolver DNS Firewall .
ManagedOwnerName *string
// The date and time that the domain list was last modified, in Unix time format
// and Coordinated Universal Time (UTC).
ModificationTime *string
// The name of the domain list.
Name *string
// The status of the domain list.
Status FirewallDomainListStatus
// Additional information about the status of the list, if available.
StatusMessage *string
noSmithyDocumentSerde
}
// Minimal high-level information for a firewall domain list. The action
// ListFirewallDomainLists returns an array of these objects. To retrieve full
// information for a firewall domain list, call GetFirewallDomainList and
// ListFirewallDomains .
type FirewallDomainListMetadata struct {
// The Amazon Resource Name (ARN) of the firewall domain list metadata.
Arn *string
// A unique string defined by you to identify the request. This allows you to
// retry failed requests without the risk of running the operation twice. This can
// be any unique string, for example, a timestamp.
CreatorRequestId *string
// The ID of the domain list.
Id *string
// The owner of the list, used only for lists that are not managed by you. For
// example, the managed domain list AWSManagedDomainsMalwareDomainList has the
// managed owner name Route 53 Resolver DNS Firewall .
ManagedOwnerName *string
// The name of the domain list.
Name *string
noSmithyDocumentSerde
}
// A single firewall rule in a rule group.
type FirewallRule struct {
// The action that DNS Firewall should take on a DNS query when it matches one of
// the domains in the rule's domain list:
// - ALLOW - Permit the request to go through.
// - ALERT - Permit the request to go through but send an alert to the logs.
// - BLOCK - Disallow the request. If this is specified, additional handling
// details are provided in the rule's BlockResponse setting.
Action Action
// The DNS record's type. This determines the format of the record value that you
// provided in BlockOverrideDomain . Used for the rule action BLOCK with a
// BlockResponse setting of OVERRIDE .
BlockOverrideDnsType BlockOverrideDnsType
// The custom DNS record to send back in response to the query. Used for the rule
// action BLOCK with a BlockResponse setting of OVERRIDE .
BlockOverrideDomain *string
// The recommended amount of time, in seconds, for the DNS resolver or web browser
// to cache the provided override record. Used for the rule action BLOCK with a
// BlockResponse setting of OVERRIDE .
BlockOverrideTtl *int32
// The way that you want DNS Firewall to block the request. Used for the rule
// action setting BLOCK .
// - NODATA - Respond indicating that the query was successful, but no response
// is available for it.
// - NXDOMAIN - Respond indicating that the domain name that's in the query
// doesn't exist.
// - OVERRIDE - Provide a custom override in the response. This option requires
// custom handling details in the rule's BlockOverride* settings.
BlockResponse BlockResponse
// The date and time that the rule was created, in Unix time format and
// Coordinated Universal Time (UTC).
CreationTime *string
// A unique string defined by you to identify the request. This allows you to
// retry failed requests without the risk of executing the operation twice. This
// can be any unique string, for example, a timestamp.
CreatorRequestId *string
// The ID of the domain list that's used in the rule.
FirewallDomainListId *string
// The unique identifier of the firewall rule group of the rule.
FirewallRuleGroupId *string
// The date and time that the rule was last modified, in Unix time format and
// Coordinated Universal Time (UTC).
ModificationTime *string
// The name of the rule.
Name *string
// The priority of the rule in the rule group. This value must be unique within
// the rule group. DNS Firewall processes the rules in a rule group by order of
// priority, starting from the lowest setting.
Priority *int32
noSmithyDocumentSerde
}
// High-level information for a firewall rule group. A firewall rule group is a
// collection of rules that DNS Firewall uses to filter DNS network traffic for a
// VPC. To retrieve the rules for the rule group, call ListFirewallRules .
type FirewallRuleGroup struct {
// The ARN (Amazon Resource Name) of the rule group.
Arn *string
// The date and time that the rule group was created, in Unix time format and
// Coordinated Universal Time (UTC).
CreationTime *string
// A unique string defined by you to identify the request. This allows you to
// retry failed requests without the risk of running the operation twice. This can
// be any unique string, for example, a timestamp.
CreatorRequestId *string
// The ID of the rule group.
Id *string
// The date and time that the rule group was last modified, in Unix time format
// and Coordinated Universal Time (UTC).
ModificationTime *string
// The name of the rule group.
Name *string
// The Amazon Web Services account ID for the account that created the rule group.
// When a rule group is shared with your account, this is the account that has
// shared the rule group with you.
OwnerId *string
// The number of rules in the rule group.
RuleCount *int32
// Whether the rule group is shared with other Amazon Web Services accounts, or
// was shared with the current account by another Amazon Web Services account.
// Sharing is configured through Resource Access Manager (RAM).
ShareStatus ShareStatus
// The status of the domain list.
Status FirewallRuleGroupStatus
// Additional information about the status of the rule group, if available.
StatusMessage *string
noSmithyDocumentSerde
}
// An association between a firewall rule group and a VPC, which enables DNS
// filtering for the VPC.
type FirewallRuleGroupAssociation struct {
// The Amazon Resource Name (ARN) of the firewall rule group association.
Arn *string
// The date and time that the association was created, in Unix time format and
// Coordinated Universal Time (UTC).
CreationTime *string
// A unique string defined by you to identify the request. This allows you to
// retry failed requests without the risk of running the operation twice. This can
// be any unique string, for example, a timestamp.
CreatorRequestId *string
// The unique identifier of the firewall rule group.
FirewallRuleGroupId *string
// The identifier for the association.
Id *string
// The owner of the association, used only for associations that are not managed
// by you. If you use Firewall Manager to manage your DNS Firewalls, then this
// reports Firewall Manager as the managed owner.
ManagedOwnerName *string
// The date and time that the association was last modified, in Unix time format
// and Coordinated Universal Time (UTC).
ModificationTime *string
// If enabled, this setting disallows modification or removal of the association,
// to help prevent against accidentally altering DNS firewall protections.
MutationProtection MutationProtectionStatus
// The name of the association.
Name *string
// The setting that determines the processing order of the rule group among the
// rule groups that are associated with a single VPC. DNS Firewall filters VPC
// traffic starting from rule group with the lowest numeric priority setting.
Priority *int32
// The current status of the association.
Status FirewallRuleGroupAssociationStatus
// Additional information about the status of the response, if available.
StatusMessage *string
// The unique identifier of the VPC that is associated with the rule group.
VpcId *string
noSmithyDocumentSerde
}
// Minimal high-level information for a firewall rule group. The action
// ListFirewallRuleGroups returns an array of these objects. To retrieve full
// information for a firewall rule group, call GetFirewallRuleGroup and
// ListFirewallRules .
type FirewallRuleGroupMetadata struct {
// The ARN (Amazon Resource Name) of the rule group.
Arn *string
// A unique string defined by you to identify the request. This allows you to
// retry failed requests without the risk of running the operation twice. This can
// be any unique string, for example, a timestamp.
CreatorRequestId *string
// The ID of the rule group.
Id *string
// The name of the rule group.
Name *string
// The Amazon Web Services account ID for the account that created the rule group.
// When a rule group is shared with your account, this is the account that has
// shared the rule group with you.
OwnerId *string
// Whether the rule group is shared with other Amazon Web Services accounts, or
// was shared with the current account by another Amazon Web Services account.
// Sharing is configured through Resource Access Manager (RAM).
ShareStatus ShareStatus
noSmithyDocumentSerde
}
// In a CreateResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html)
// request, the IP address that DNS queries originate from (for outbound endpoints)
// or that you forward DNS queries to (for inbound endpoints). IpAddressRequest
// also includes the ID of the subnet that contains the IP address.
type IpAddressRequest struct {
// The ID of the subnet that contains the IP address.
//
// This member is required.
SubnetId *string
// The IPv4 address that you want to use for DNS queries.
Ip *string
// The IPv6 address that you want to use for DNS queries.
Ipv6 *string
noSmithyDocumentSerde
}
// In the response to a GetResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html)
// request, information about the IP addresses that the Resolver endpoint uses for
// DNS queries.
type IpAddressResponse struct {
// The date and time that the IP address was created, in Unix time format and
// Coordinated Universal Time (UTC).
CreationTime *string
// One IPv4 address that the Resolver endpoint uses for DNS queries.
Ip *string
// The ID of one IP address.
IpId *string
// One IPv6 address that the Resolver endpoint uses for DNS queries.
Ipv6 *string
// The date and time that the IP address was last modified, in Unix time format
// and Coordinated Universal Time (UTC).
ModificationTime *string
// A status code that gives the current status of the request.
Status IpAddressStatus
// A message that provides additional information about the status of the request.
StatusMessage *string
// The ID of one subnet.
SubnetId *string
noSmithyDocumentSerde
}
// In an UpdateResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_UpdateResolverEndpoint.html)
// request, information about an IP address to update.
type IpAddressUpdate struct {
// The new IPv4 address.
Ip *string
// Only when removing an IP address from a Resolver endpoint: The ID of the IP
// address that you want to remove. To get this ID, use GetResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html)
// .
IpId *string
// The new IPv6 address.
Ipv6 *string
// The ID of the subnet that includes the IP address that you want to update. To
// get this ID, use GetResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html)
// .
SubnetId *string
noSmithyDocumentSerde
}
// A complex type that contains settings for an existing Resolver on an Outpost.
type OutpostResolver struct {
// The ARN (Amazon Resource Name) for the Resolver on an Outpost.
Arn *string
// The date and time that the Outpost Resolver was created, in Unix time format
// and Coordinated Universal Time (UTC).
CreationTime *string
// A unique string that identifies the request that created the Resolver endpoint.
// The CreatorRequestId allows failed requests to be retried without the risk of
// running the operation twice.
CreatorRequestId *string
// The ID of the Resolver on Outpost.
Id *string
// Amazon EC2 instance count for the Resolver on the Outpost.
InstanceCount *int32
// The date and time that the Outpost Resolver was modified, in Unix time format
// and Coordinated Universal Time (UTC).
ModificationTime *string
// Name of the Resolver.
Name *string
// The ARN (Amazon Resource Name) for the Outpost.
OutpostArn *string
// The Amazon EC2 instance type.
PreferredInstanceType *string
// Status of the Resolver.
Status OutpostResolverStatus
// A detailed description of the Resolver.
StatusMessage *string
noSmithyDocumentSerde
}
// A complex type that contains information about a Resolver configuration for a
// VPC.
type ResolverConfig struct {
// The status of whether or not the Resolver will create autodefined rules for
// reverse DNS lookups. This is enabled by default. The status can be one of
// following:
// - ENABLING: Autodefined rules for reverse DNS lookups are being enabled but
// are not complete.
// - ENABLED: Autodefined rules for reverse DNS lookups are enabled.
// - DISABLING: Autodefined rules for reverse DNS lookups are being disabled but
// are not complete.
// - DISABLED: Autodefined rules for reverse DNS lookups are disabled.
AutodefinedReverse ResolverAutodefinedReverseStatus
// ID for the Resolver configuration.
Id *string
// The owner account ID of the Amazon Virtual Private Cloud VPC.
OwnerId *string
// The ID of the Amazon Virtual Private Cloud VPC that you're configuring Resolver
// for.
ResourceId *string
noSmithyDocumentSerde
}
// A complex type that contains information about a configuration for DNSSEC
// validation.
type ResolverDnssecConfig struct {
// The ID for a configuration for DNSSEC validation.
Id *string
// The owner account ID of the virtual private cloud (VPC) for a configuration for
// DNSSEC validation.
OwnerId *string
// The ID of the virtual private cloud (VPC) that you're configuring the DNSSEC
// validation status for.
ResourceId *string
// The validation status for a DNSSEC configuration. The status can be one of the
// following:
// - ENABLING: DNSSEC validation is being enabled but is not complete.
// - ENABLED: DNSSEC validation is enabled.
// - DISABLING: DNSSEC validation is being disabled but is not complete.
// - DISABLED DNSSEC validation is disabled.
ValidationStatus ResolverDNSSECValidationStatus
noSmithyDocumentSerde
}
// In the response to a CreateResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html)
// , DeleteResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DeleteResolverEndpoint.html)
// , GetResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html)
// , Updates the name, or ResolverEndpointType for an endpoint, or
// UpdateResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_UpdateResolverEndpoint.html)
// request, a complex type that contains settings for an existing inbound or
// outbound Resolver endpoint.
type ResolverEndpoint struct {
// The ARN (Amazon Resource Name) for the Resolver endpoint.
Arn *string
// The date and time that the endpoint was created, in Unix time format and
// Coordinated Universal Time (UTC).
CreationTime *string
// A unique string that identifies the request that created the Resolver endpoint.
// The CreatorRequestId allows failed requests to be retried without the risk of
// running the operation twice.
CreatorRequestId *string
// Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:
// - INBOUND : allows DNS queries to your VPC from your network
// - OUTBOUND : allows DNS queries from your VPC to your network
Direction ResolverEndpointDirection
// The ID of the VPC that you want to create the Resolver endpoint in.
HostVPCId *string
// The ID of the Resolver endpoint.
Id *string
// The number of IP addresses that the Resolver endpoint can use for DNS queries.
IpAddressCount *int32
// The date and time that the endpoint was last modified, in Unix time format and
// Coordinated Universal Time (UTC).
ModificationTime *string
// The name that you assigned to the Resolver endpoint when you submitted a
// CreateResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html)
// request.
Name *string
// The ARN (Amazon Resource Name) for the Outpost.
OutpostArn *string
// The Amazon EC2 instance type.
PreferredInstanceType *string
// The Resolver endpoint IP address type.
ResolverEndpointType ResolverEndpointType
// The ID of one or more security groups that control access to this VPC. The
// security group must include one or more inbound rules (for inbound endpoints) or
// outbound rules (for outbound endpoints). Inbound and outbound rules must allow
// TCP and UDP access. For inbound access, open port 53. For outbound access, open
// the port that you're using for DNS queries on your network.
SecurityGroupIds []string
// A code that specifies the current status of the Resolver endpoint. Valid values
// include the following:
// - CREATING : Resolver is creating and configuring one or more Amazon VPC
// network interfaces for this endpoint.
// - OPERATIONAL : The Amazon VPC network interfaces for this endpoint are
// correctly configured and able to pass inbound or outbound DNS queries between
// your network and Resolver.
// - UPDATING : Resolver is associating or disassociating one or more network
// interfaces with this endpoint.
// - AUTO_RECOVERING : Resolver is trying to recover one or more of the network
// interfaces that are associated with this endpoint. During the recovery process,
// the endpoint functions with limited capacity because of the limit on the number
// of DNS queries per IP address (per network interface). For the current limit,
// see Limits on Route 53 Resolver (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-entities-resolver)
// .
// - ACTION_NEEDED : This endpoint is unhealthy, and Resolver can't automatically
// recover it. To resolve the problem, we recommend that you check each IP address
// that you associated with the endpoint. For each IP address that isn't available,
// add another IP address and then delete the IP address that isn't available. (An
// endpoint must always include at least two IP addresses.) A status of
// ACTION_NEEDED can have a variety of causes. Here are two common causes:
// - One or more of the network interfaces that are associated with the endpoint
// were deleted using Amazon VPC.
// - The network interface couldn't be created for some reason that's outside
// the control of Resolver.
// - DELETING : Resolver is deleting this endpoint and the associated network
// interfaces.
Status ResolverEndpointStatus
// A detailed description of the status of the Resolver endpoint.
StatusMessage *string
noSmithyDocumentSerde
}
// In the response to a CreateResolverQueryLogConfig (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverQueryLogConfig.html)
// , DeleteResolverQueryLogConfig (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DeleteResolverQueryLogConfig.html)
// , GetResolverQueryLogConfig (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverQueryLogConfig.html)
// , or ListResolverQueryLogConfigs (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigs.html)
// request, a complex type that contains settings for one query logging
// configuration.
type ResolverQueryLogConfig struct {
// The ARN for the query logging configuration.
Arn *string
// The number of VPCs that are associated with the query logging configuration.
AssociationCount int32
// The date and time that the query logging configuration was created, in Unix
// time format and Coordinated Universal Time (UTC).
CreationTime *string
// A unique string that identifies the request that created the query logging
// configuration. The CreatorRequestId allows failed requests to be retried
// without the risk of running the operation twice.
CreatorRequestId *string
// The ARN of the resource that you want Resolver to send query logs: an Amazon S3
// bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.
DestinationArn *string
// The ID for the query logging configuration.
Id *string
// The name of the query logging configuration.
Name *string
// The Amazon Web Services account ID for the account that created the query
// logging configuration.
OwnerId *string
// An indication of whether the query logging configuration is shared with other
// Amazon Web Services accounts, or was shared with the current account by another
// Amazon Web Services account. Sharing is configured through Resource Access
// Manager (RAM).
ShareStatus ShareStatus
// The status of the specified query logging configuration. Valid values include
// the following:
// - CREATING : Resolver is creating the query logging configuration.
// - CREATED : The query logging configuration was successfully created. Resolver
// is logging queries that originate in the specified VPC.
// - DELETING : Resolver is deleting this query logging configuration.
// - FAILED : Resolver can't deliver logs to the location that is specified in
// the query logging configuration. Here are two common causes:
// - The specified destination (for example, an Amazon S3 bucket) was deleted.
// - Permissions don't allow sending logs to the destination.
Status ResolverQueryLogConfigStatus
noSmithyDocumentSerde
}
// In the response to an AssociateResolverQueryLogConfig (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverQueryLogConfig.html)
// , DisassociateResolverQueryLogConfig (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DisassociateResolverQueryLogConfig.html)
// , GetResolverQueryLogConfigAssociation (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverQueryLogConfigAssociation.html)
// , or ListResolverQueryLogConfigAssociations (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigAssociations.html)
// , request, a complex type that contains settings for a specified association
// between an Amazon VPC and a query logging configuration.
type ResolverQueryLogConfigAssociation struct {
// The date and time that the VPC was associated with the query logging
// configuration, in Unix time format and Coordinated Universal Time (UTC).
CreationTime *string
// If the value of Status is FAILED , the value of Error indicates the cause:
// - DESTINATION_NOT_FOUND : The specified destination (for example, an Amazon S3
// bucket) was deleted.
// - ACCESS_DENIED : Permissions don't allow sending logs to the destination.
// If the value of Status is a value other than FAILED , Error is null.
Error ResolverQueryLogConfigAssociationError
// Contains additional information about the error. If the value or Error is null,
// the value of ErrorMessage also is null.
ErrorMessage *string
// The ID of the query logging association.
Id *string
// The ID of the query logging configuration that a VPC is associated with.
ResolverQueryLogConfigId *string
// The ID of the Amazon VPC that is associated with the query logging
// configuration.
ResourceId *string
// The status of the specified query logging association. Valid values include the
// following:
// - CREATING : Resolver is creating an association between an Amazon VPC and a
// query logging configuration.
// - CREATED : The association between an Amazon VPC and a query logging
// configuration was successfully created. Resolver is logging queries that
// originate in the specified VPC.
// - DELETING : Resolver is deleting this query logging association.
// - FAILED : Resolver either couldn't create or couldn't delete the query
// logging association.
Status ResolverQueryLogConfigAssociationStatus
noSmithyDocumentSerde
}
// For queries that originate in your VPC, detailed information about a Resolver
// rule, which specifies how to route DNS queries out of the VPC. The ResolverRule
// parameter appears in the response to a CreateResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverRule.html)
// , DeleteResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DeleteResolverRule.html)
// , GetResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRule.html)
// , ListResolverRules (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html)
// , or UpdateResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_UpdateResolverRule.html)
// request.
type ResolverRule struct {
// The ARN (Amazon Resource Name) for the Resolver rule specified by Id .
Arn *string
// The date and time that the Resolver rule was created, in Unix time format and
// Coordinated Universal Time (UTC).
CreationTime *string
// A unique string that you specified when you created the Resolver rule.
// CreatorRequestId identifies the request and allows failed requests to be retried
// without the risk of running the operation twice.
CreatorRequestId *string
// DNS queries for this domain name are forwarded to the IP addresses that are
// specified in TargetIps . If a query matches multiple Resolver rules (example.com
// and www.example.com), the query is routed using the Resolver rule that contains
// the most specific domain name (www.example.com).
DomainName *string
// The ID that Resolver assigned to the Resolver rule when you created it.
Id *string
// The date and time that the Resolver rule was last updated, in Unix time format
// and Coordinated Universal Time (UTC).
ModificationTime *string
// The name for the Resolver rule, which you specified when you created the
// Resolver rule.
Name *string
// When a rule is shared with another Amazon Web Services account, the account ID
// of the account that the rule is shared with.
OwnerId *string
// The ID of the endpoint that the rule is associated with.
ResolverEndpointId *string
// When you want to forward DNS queries for specified domain name to resolvers on
// your network, specify FORWARD . When you have a forwarding rule to forward DNS
// queries for a domain to your network and you want Resolver to process queries
// for a subdomain of that domain, specify SYSTEM . For example, to forward DNS
// queries for example.com to resolvers on your network, you create a rule and
// specify FORWARD for RuleType . To then have Resolver process queries for
// apex.example.com, you create a rule and specify SYSTEM for RuleType . Currently,
// only Resolver can create rules that have a value of RECURSIVE for RuleType .
RuleType RuleTypeOption
// Whether the rule is shared and, if so, whether the current account is sharing
// the rule with another account, or another account is sharing the rule with the
// current account.
ShareStatus ShareStatus
// A code that specifies the current status of the Resolver rule.
Status ResolverRuleStatus
// A detailed description of the status of a Resolver rule.
StatusMessage *string
// An array that contains the IP addresses and ports that an outbound endpoint
// forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers
// on your network.
TargetIps []TargetAddress
noSmithyDocumentSerde
}
// In the response to an AssociateResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html)
// , DisassociateResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DisassociateResolverRule.html)
// , or ListResolverRuleAssociations (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html)
// request, provides information about an association between a Resolver rule and a
// VPC. The association determines which DNS queries that originate in the VPC are
// forwarded to your network.
type ResolverRuleAssociation struct {
// The ID of the association between a Resolver rule and a VPC. Resolver assigns
// this value when you submit an AssociateResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html)
// request.
Id *string
// The name of an association between a Resolver rule and a VPC.
Name *string
// The ID of the Resolver rule that you associated with the VPC that is specified
// by VPCId .
ResolverRuleId *string
// A code that specifies the current status of the association between a Resolver
// rule and a VPC.
Status ResolverRuleAssociationStatus
// A detailed description of the status of the association between a Resolver rule
// and a VPC.
StatusMessage *string
// The ID of the VPC that you associated the Resolver rule with.
VPCId *string
noSmithyDocumentSerde
}
// In an UpdateResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_UpdateResolverRule.html)
// request, information about the changes that you want to make.
type ResolverRuleConfig struct {
// The new name for the Resolver rule. The name that you specify appears in the
// Resolver dashboard in the Route 53 console.
Name *string
// The ID of the new outbound Resolver endpoint that you want to use to route DNS
// queries to the IP addresses that you specify in TargetIps .
ResolverEndpointId *string
// For DNS queries that originate in your VPC, the new IP addresses that you want
// to route outbound DNS queries to.
TargetIps []TargetAddress
noSmithyDocumentSerde
}
// One tag that you want to add to the specified resource. A tag consists of a Key
// (a name for the tag) and a Value .
type Tag struct {
// The name for the tag. For example, if you want to associate Resolver resources
// with the account IDs of your customers for billing purposes, the value of Key
// might be account-id .
//
// This member is required.
Key *string
// The value for the tag. For example, if Key is account-id , then Value might be
// the ID of the customer account that you're creating the resource for.
//
// This member is required.
Value *string
noSmithyDocumentSerde
}
// In a CreateResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverRule.html)
// request, an array of the IPs that you want to forward DNS queries to.
type TargetAddress struct {
// One IPv4 address that you want to forward DNS queries to.
Ip *string
// One IPv6 address that you want to forward DNS queries to.
Ipv6 *string
// The port at Ip that you want to forward DNS queries to.
Port *int32
noSmithyDocumentSerde
}
// Provides information about the IP address type in response to
// UpdateResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_UpdateResolverEndpoint.html)
// .
type UpdateIpAddress struct {
// The ID of the IP address, specified by the ResolverEndpointId .
//
// This member is required.
IpId *string
// The IPv6 address that you want to use for DNS queries.
//
// This member is required.
Ipv6 *string
noSmithyDocumentSerde
}
type noSmithyDocumentSerde = smithydocument.NoSerde