Amazon Route 53 Resolver · JSON Structure

Amazon Route53 Resolver Openapi Firewall Config Structure

Configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC).

Type: object Properties: 4
DNSHybrid CloudNetworking

FirewallConfig is a JSON Structure definition published by Amazon Route 53 Resolver, describing 4 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

Id ResourceId OwnerId FirewallFailOpen

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-route53-resolver/refs/heads/main/json-structure/amazon-route53-resolver-openapi-firewall-config-structure.json",
  "description": "Configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC). ",
  "type": "object",
  "properties": {
    "Id": {
      "allOf": [
        {
          "$ref": "#/components/schemas/ResourceId"
        },
        {
          "description": "The ID of the firewall configuration."
        }
      ]
    },
    "ResourceId": {
      "allOf": [
        {
          "$ref": "#/components/schemas/ResourceId"
        },
        {
          "description": "The ID of the VPC that this firewall configuration applies to."
        }
      ]
    },
    "OwnerId": {
      "allOf": [
        {
          "$ref": "#/components/schemas/AccountId"
        },
        {
          "description": "The Amazon Web Services account ID of the owner of the VPC that this firewall configuration applies to."
        }
      ]
    },
    "FirewallFailOpen": {
      "allOf": [
        {
          "$ref": "#/components/schemas/FirewallFailOpenStatus"
        },
        {
          "description": "<p>Determines how DNS Firewall operates during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. </p> <ul> <li> <p>By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall returns a failure error when it is unable to properly evaluate a query. </p> </li> <li> <p>If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them. </p> </li> </ul> <p>This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association. </p>"
        }
      ]
    }
  },
  "name": "FirewallConfig"
}