Skip to content

Commit

Permalink
feat(client-route53resolver): This release adds support for query typ…
Browse files Browse the repository at this point in the history 
…e configuration on firewall rules that enables customers for granular action (ALLOW, ALERT, BLOCK) by DNS query type.
  • Loading branch information
awstools committed Jan 8, 2024
1 parent c62c9b2 commit e4f1a11
Show file tree
Hide file tree
Showing 7 changed files with 241 additions and 0 deletions.
2 changes: 2 additions & 0 deletions clients/client-route53resolver/src/commands/CreateFirewallRuleCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ export interface CreateFirewallRuleCommandOutput extends CreateFirewallRuleRespo
* BlockOverrideDnsType: "CNAME",
* BlockOverrideTtl: Number("int"),
* Name: "STRING_VALUE", // required
* Qtype: "STRING_VALUE",
* };
* const command = new CreateFirewallRuleCommand(input);
* const response = await client.send(command);
Expand All @@ -63,6 +64,7 @@ export interface CreateFirewallRuleCommandOutput extends CreateFirewallRuleRespo
* // CreatorRequestId: "STRING_VALUE",
* // CreationTime: "STRING_VALUE",
* // ModificationTime: "STRING_VALUE",
* // Qtype: "STRING_VALUE",
* // },
* // };
*
Expand Down
2 changes: 2 additions & 0 deletions clients/client-route53resolver/src/commands/DeleteFirewallRuleCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ export interface DeleteFirewallRuleCommandOutput extends DeleteFirewallRuleRespo
* const input = { // DeleteFirewallRuleRequest
* FirewallRuleGroupId: "STRING_VALUE", // required
* FirewallDomainListId: "STRING_VALUE", // required
* Qtype: "STRING_VALUE",
* };
* const command = new DeleteFirewallRuleCommand(input);
* const response = await client.send(command);
Expand All @@ -55,6 +56,7 @@ export interface DeleteFirewallRuleCommandOutput extends DeleteFirewallRuleRespo
* // CreatorRequestId: "STRING_VALUE",
* // CreationTime: "STRING_VALUE",
* // ModificationTime: "STRING_VALUE",
* // Qtype: "STRING_VALUE",
* // },
* // };
*
Expand Down
1 change: 1 addition & 0 deletions clients/client-route53resolver/src/commands/ListFirewallRulesCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ export interface ListFirewallRulesCommandOutput extends ListFirewallRulesRespons
* // CreatorRequestId: "STRING_VALUE",
* // CreationTime: "STRING_VALUE",
* // ModificationTime: "STRING_VALUE",
* // Qtype: "STRING_VALUE",
* // },
* // ],
* // };
Expand Down
2 changes: 2 additions & 0 deletions clients/client-route53resolver/src/commands/UpdateFirewallRuleCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ export interface UpdateFirewallRuleCommandOutput extends UpdateFirewallRuleRespo
* BlockOverrideDnsType: "CNAME",
* BlockOverrideTtl: Number("int"),
* Name: "STRING_VALUE",
* Qtype: "STRING_VALUE",
* };
* const command = new UpdateFirewallRuleCommand(input);
* const response = await client.send(command);
Expand All @@ -62,6 +63,7 @@ export interface UpdateFirewallRuleCommandOutput extends UpdateFirewallRuleRespo
* // CreatorRequestId: "STRING_VALUE",
* // CreationTime: "STRING_VALUE",
* // ModificationTime: "STRING_VALUE",
* // Qtype: "STRING_VALUE",
* // },
* // };
*
Expand Down
200 changes: 200 additions & 0 deletions clients/client-route53resolver/src/models/models_0.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1359,6 +1359,56 @@ export interface CreateFirewallRuleRequest {
* <p>A name that lets you identify the rule in the rule group.</p>
*/
Name: string | undefined;

/**
* @public
* <p>
* The DNS query type you want the rule to evaluate. Allowed values are;
* </p>
* <ul>
* <li>
* <p>
* A: Returns an IPv4 address.</p>
* </li>
* <li>
* <p>AAAA: Returns an Ipv6 address.</p>
* </li>
* <li>
* <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>
* </li>
* <li>
* <p>CNAME: Returns another domain name.</p>
* </li>
* <li>
* <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>
* </li>
* <li>
* <p>MX: Specifies mail servers.</p>
* </li>
* <li>
* <p>NAPTR: Regular-expression-based rewriting of domain names.</p>
* </li>
* <li>
* <p>NS: Authoritative name servers.</p>
* </li>
* <li>
* <p>PTR: Maps an IP address to a domain name.</p>
* </li>
* <li>
* <p>SOA: Start of authority record for the zone.</p>
* </li>
* <li>
* <p>SPF: Lists the servers authorized to send emails from a domain.</p>
* </li>
* <li>
* <p>SRV: Application specific values that identify servers.</p>
* </li>
* <li>
* <p>TXT: Verifies email senders and application-specific values.</p>
* </li>
* </ul>
*/
Qtype?: string;
}

/**
Expand Down Expand Up @@ -1466,6 +1516,56 @@ export interface FirewallRule {
* <p>The date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC).</p>
*/
ModificationTime?: string;

/**
* @public
* <p>
* The DNS query type you want the rule to evaluate. Allowed values are;
* </p>
* <ul>
* <li>
* <p>
* A: Returns an IPv4 address.</p>
* </li>
* <li>
* <p>AAAA: Returns an Ipv6 address.</p>
* </li>
* <li>
* <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>
* </li>
* <li>
* <p>CNAME: Returns another domain name.</p>
* </li>
* <li>
* <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>
* </li>
* <li>
* <p>MX: Specifies mail servers.</p>
* </li>
* <li>
* <p>NAPTR: Regular-expression-based rewriting of domain names.</p>
* </li>
* <li>
* <p>NS: Authoritative name servers.</p>
* </li>
* <li>
* <p>PTR: Maps an IP address to a domain name.</p>
* </li>
* <li>
* <p>SOA: Start of authority record for the zone.</p>
* </li>
* <li>
* <p>SPF: Lists the servers authorized to send emails from a domain.</p>
* </li>
* <li>
* <p>SRV: Application specific values that identify servers.</p>
* </li>
* <li>
* <p>TXT: Verifies email senders and application-specific values.</p>
* </li>
* </ul>
*/
Qtype?: string;
}

/**
Expand Down Expand Up @@ -2480,6 +2580,56 @@ export interface DeleteFirewallRuleRequest {
* <p>The ID of the domain list that's used in the rule. </p>
*/
FirewallDomainListId: string | undefined;

/**
* @public
* <p>
* The DNS query type that the rule you are deleting evaluates. Allowed values are;
* </p>
* <ul>
* <li>
* <p>
* A: Returns an IPv4 address.</p>
* </li>
* <li>
* <p>AAAA: Returns an Ipv6 address.</p>
* </li>
* <li>
* <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>
* </li>
* <li>
* <p>CNAME: Returns another domain name.</p>
* </li>
* <li>
* <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>
* </li>
* <li>
* <p>MX: Specifies mail servers.</p>
* </li>
* <li>
* <p>NAPTR: Regular-expression-based rewriting of domain names.</p>
* </li>
* <li>
* <p>NS: Authoritative name servers.</p>
* </li>
* <li>
* <p>PTR: Maps an IP address to a domain name.</p>
* </li>
* <li>
* <p>SOA: Start of authority record for the zone.</p>
* </li>
* <li>
* <p>SPF: Lists the servers authorized to send emails from a domain.</p>
* </li>
* <li>
* <p>SRV: Application specific values that identify servers.</p>
* </li>
* <li>
* <p>TXT: Verifies email senders and application-specific values.</p>
* </li>
* </ul>
*/
Qtype?: string;
}

/**
Expand Down Expand Up @@ -5425,6 +5575,56 @@ export interface UpdateFirewallRuleRequest {
* <p>The name of the rule.</p>
*/
Name?: string;

/**
* @public
* <p>
* The DNS query type you want the rule to evaluate. Allowed values are;
* </p>
* <ul>
* <li>
* <p>
* A: Returns an IPv4 address.</p>
* </li>
* <li>
* <p>AAAA: Returns an Ipv6 address.</p>
* </li>
* <li>
* <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>
* </li>
* <li>
* <p>CNAME: Returns another domain name.</p>
* </li>
* <li>
* <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>
* </li>
* <li>
* <p>MX: Specifies mail servers.</p>
* </li>
* <li>
* <p>NAPTR: Regular-expression-based rewriting of domain names.</p>
* </li>
* <li>
* <p>NS: Authoritative name servers.</p>
* </li>
* <li>
* <p>PTR: Maps an IP address to a domain name.</p>
* </li>
* <li>
* <p>SOA: Start of authority record for the zone.</p>
* </li>
* <li>
* <p>SPF: Lists the servers authorized to send emails from a domain.</p>
* </li>
* <li>
* <p>SRV: Application specific values that identify servers.</p>
* </li>
* <li>
* <p>TXT: Verifies email senders and application-specific values.</p>
* </li>
* </ul>
*/
Qtype?: string;
}

/**
Expand Down
1 change: 1 addition & 0 deletions clients/client-route53resolver/src/protocols/Aws_json1_1.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5626,6 +5626,7 @@ const se_CreateFirewallRuleRequest = (input: CreateFirewallRuleRequest, context:
FirewallRuleGroupId: [],
Name: [],
Priority: [],
Qtype: [],
});
};

Expand Down
33 changes: 33 additions & 0 deletions codegen/sdk-codegen/aws-models/route53resolver.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -756,6 +756,12 @@
"smithy.api#documentation": "<p>A name that lets you identify the rule in the rule group.</p>",
"smithy.api#required": {}
}
},
"Qtype": {
"target": "com.amazonaws.route53resolver#Qtype",
"traits": {
"smithy.api#documentation": "<p>\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t</p>\n <ul>\n <li>\n <p>\n\t\t\t\tA: Returns an IPv4 address.</p>\n </li>\n <li>\n <p>AAAA: Returns an Ipv6 address.</p>\n </li>\n <li>\n <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>\n </li>\n <li>\n <p>CNAME: Returns another domain name.</p>\n </li>\n <li>\n <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>\n </li>\n <li>\n <p>MX: Specifies mail servers.</p>\n </li>\n <li>\n <p>NAPTR: Regular-expression-based rewriting of domain names.</p>\n </li>\n <li>\n <p>NS: Authoritative name servers.</p>\n </li>\n <li>\n <p>PTR: Maps an IP address to a domain name.</p>\n </li>\n <li>\n <p>SOA: Start of authority record for the zone.</p>\n </li>\n <li>\n <p>SPF: Lists the servers authorized to send emails from a domain.</p>\n </li>\n <li>\n <p>SRV: Application specific values that identify servers.</p>\n </li>\n <li>\n <p>TXT: Verifies email senders and application-specific values.</p>\n </li>\n </ul>"
}
}
},
"traits": {
Expand Down Expand Up @@ -1359,6 +1365,12 @@
"smithy.api#documentation": "<p>The ID of the domain list that's used in the rule. </p>",
"smithy.api#required": {}
}
},
"Qtype": {
"target": "com.amazonaws.route53resolver#Qtype",
"traits": {
"smithy.api#documentation": "<p>\n\t\t\tThe DNS query type that the rule you are deleting evaluates. Allowed values are;\n\t\t</p>\n <ul>\n <li>\n <p>\n\t\t\t\tA: Returns an IPv4 address.</p>\n </li>\n <li>\n <p>AAAA: Returns an Ipv6 address.</p>\n </li>\n <li>\n <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>\n </li>\n <li>\n <p>CNAME: Returns another domain name.</p>\n </li>\n <li>\n <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>\n </li>\n <li>\n <p>MX: Specifies mail servers.</p>\n </li>\n <li>\n <p>NAPTR: Regular-expression-based rewriting of domain names.</p>\n </li>\n <li>\n <p>NS: Authoritative name servers.</p>\n </li>\n <li>\n <p>PTR: Maps an IP address to a domain name.</p>\n </li>\n <li>\n <p>SOA: Start of authority record for the zone.</p>\n </li>\n <li>\n <p>SPF: Lists the servers authorized to send emails from a domain.</p>\n </li>\n <li>\n <p>SRV: Application specific values that identify servers.</p>\n </li>\n <li>\n <p>TXT: Verifies email senders and application-specific values.</p>\n </li>\n </ul>"
}
}
},
"traits": {
Expand Down Expand Up @@ -2287,6 +2299,12 @@
"traits": {
"smithy.api#documentation": "<p>The date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC).</p>"
}
},
"Qtype": {
"target": "com.amazonaws.route53resolver#Qtype",
"traits": {
"smithy.api#documentation": "<p>\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t</p>\n <ul>\n <li>\n <p>\n\t\t\t\tA: Returns an IPv4 address.</p>\n </li>\n <li>\n <p>AAAA: Returns an Ipv6 address.</p>\n </li>\n <li>\n <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>\n </li>\n <li>\n <p>CNAME: Returns another domain name.</p>\n </li>\n <li>\n <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>\n </li>\n <li>\n <p>MX: Specifies mail servers.</p>\n </li>\n <li>\n <p>NAPTR: Regular-expression-based rewriting of domain names.</p>\n </li>\n <li>\n <p>NS: Authoritative name servers.</p>\n </li>\n <li>\n <p>PTR: Maps an IP address to a domain name.</p>\n </li>\n <li>\n <p>SOA: Start of authority record for the zone.</p>\n </li>\n <li>\n <p>SPF: Lists the servers authorized to send emails from a domain.</p>\n </li>\n <li>\n <p>SRV: Application specific values that identify servers.</p>\n </li>\n <li>\n <p>TXT: Verifies email senders and application-specific values.</p>\n </li>\n </ul>"
}
}
},
"traits": {
Expand Down Expand Up @@ -5728,6 +5746,15 @@
"smithy.api#output": {}
}
},
"com.amazonaws.route53resolver#Qtype": {
"type": "string",
"traits": {
"smithy.api#length": {
"min": 1,
"max": 16
}
}
},
"com.amazonaws.route53resolver#ResolverAutodefinedReverseStatus": {
"type": "enum",
"members": {
Expand Down Expand Up @@ -8569,6 +8596,12 @@
"traits": {
"smithy.api#documentation": "<p>The name of the rule.</p>"
}
},
"Qtype": {
"target": "com.amazonaws.route53resolver#Qtype",
"traits": {
"smithy.api#documentation": "<p>\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t</p>\n <ul>\n <li>\n <p>\n\t\t\t\tA: Returns an IPv4 address.</p>\n </li>\n <li>\n <p>AAAA: Returns an Ipv6 address.</p>\n </li>\n <li>\n <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>\n </li>\n <li>\n <p>CNAME: Returns another domain name.</p>\n </li>\n <li>\n <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>\n </li>\n <li>\n <p>MX: Specifies mail servers.</p>\n </li>\n <li>\n <p>NAPTR: Regular-expression-based rewriting of domain names.</p>\n </li>\n <li>\n <p>NS: Authoritative name servers.</p>\n </li>\n <li>\n <p>PTR: Maps an IP address to a domain name.</p>\n </li>\n <li>\n <p>SOA: Start of authority record for the zone.</p>\n </li>\n <li>\n <p>SPF: Lists the servers authorized to send emails from a domain.</p>\n </li>\n <li>\n <p>SRV: Application specific values that identify servers.</p>\n </li>\n <li>\n <p>TXT: Verifies email senders and application-specific values.</p>\n </li>\n </ul>"
}
}
},
"traits": {
Expand Down

0 comments on commit e4f1a11

Please sign in to comment.