update_firewall_config

Route53Resolver.Client.update_firewall_config(**kwargs)

Updates the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC).

See also: AWS API Documentation

Request Syntax

response = client.update_firewall_config(
    ResourceId='string',
    FirewallFailOpen='ENABLED'|'DISABLED'|'USE_LOCAL_RESOURCE_SETTING'
)
Parameters
  • ResourceId (string) --

    [REQUIRED]

    The ID of the VPC that the configuration is for.

  • FirewallFailOpen (string) --

    [REQUIRED]

    Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply.

    • By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly.
    • If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them.

    This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association.

Return type

dict

Returns

Response Syntax

{
    'FirewallConfig': {
        'Id': 'string',
        'ResourceId': 'string',
        'OwnerId': 'string',
        'FirewallFailOpen': 'ENABLED'|'DISABLED'|'USE_LOCAL_RESOURCE_SETTING'
    }
}

Response Structure

  • (dict) --

    • FirewallConfig (dict) --

      Configuration of the firewall behavior provided by DNS Firewall for a single VPC.

      • Id (string) --

        The ID of the firewall configuration.

      • ResourceId (string) --

        The ID of the VPC that this firewall configuration applies to.

      • OwnerId (string) --

        The Amazon Web Services account ID of the owner of the VPC that this firewall configuration applies to.

      • FirewallFailOpen (string) --

        Determines how DNS Firewall operates during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply.

        • By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall returns a failure error when it is unable to properly evaluate a query.
        • If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them.

        This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association.

Exceptions

  • Route53Resolver.Client.exceptions.ValidationException
  • Route53Resolver.Client.exceptions.ResourceNotFoundException
  • Route53Resolver.Client.exceptions.AccessDeniedException
  • Route53Resolver.Client.exceptions.InternalServiceErrorException
  • Route53Resolver.Client.exceptions.ThrottlingException