This module creates following resources.
aws_route53_resolver_firewall_configaws_route53_resolver_firewall_rule_group_association (optional)
| Name |
Source |
Version |
| resource_group |
tedilabs/misc/aws//modules/resource-group |
~> 0.10.0 |
| Name |
Description |
Type |
Default |
Required |
| vpc_id |
(Required) The ID of the VPC which the firewall belongs to. |
string |
n/a |
yes |
| fail_open_enabled |
(Optional) Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly. If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them. |
bool |
false |
no |
| module_tags_enabled |
(Optional) Whether to create AWS Resource Tags for the module informations. |
bool |
true |
no |
| resource_group_description |
(Optional) The description of Resource Group. |
string |
"Managed by Terraform." |
no |
| resource_group_enabled |
(Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. |
bool |
true |
no |
| resource_group_name |
(Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws. |
string |
"" |
no |
| rule_groups |
(Optional) A list of rule groups associated with the firewall. Each value of rule_group block as defined below.
(Required) id - The ID of the firewall rule group.
(Required) priority - The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting.
(Optional) mutation_protection_enabled - If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections. |
list(object({
id = string
priority = number
mutation_protection_enabled = optional(bool, false)
})) |
[] |
no |
| tags |
(Optional) A map of tags to add to all resources. |
map(string) |
{} |
no |
| Name |
Description |
| fail_open_enabled |
Whether the Route53 Resolver handles queries during failures. |
| id |
The ID of the firewall configuration. |
| owner_id |
The AWS Account ID of the owner of the VPC that this firewall applies to. |
| rule_groups |
The configuration of rule groups associated with the firewall. |
| vpc_id |
The VPC ID which the firewall applies to. |