feat(client-route53resolver): This release adds support for query type configuration on firewall rules that enables customers for granular action (ALLOW, ALERT, BLOCK) by DNS query type.

awstools · awstools · commit e4f1a11af770 · 2024-01-08T19:13:33.000Z
diff --git a/clients/client-route53resolver/src/commands/CreateFirewallRuleCommand.ts b/clients/client-route53resolver/src/commands/CreateFirewallRuleCommand.ts
@@ -46,6 +46,7 @@ export interface CreateFirewallRuleCommandOutput extends CreateFirewallRuleRespo
  *   BlockOverrideDnsType: "CNAME",
  *   BlockOverrideTtl: Number("int"),
  *   Name: "STRING_VALUE", // required
+ *   Qtype: "STRING_VALUE",
  * };
  * const command = new CreateFirewallRuleCommand(input);
  * const response = await client.send(command);
@@ -63,6 +64,7 @@ export interface CreateFirewallRuleCommandOutput extends CreateFirewallRuleRespo
  * //     CreatorRequestId: "STRING_VALUE",
  * //     CreationTime: "STRING_VALUE",
  * //     ModificationTime: "STRING_VALUE",
+ * //     Qtype: "STRING_VALUE",
  * //   },
  * // };
  *
diff --git a/clients/client-route53resolver/src/commands/DeleteFirewallRuleCommand.ts b/clients/client-route53resolver/src/commands/DeleteFirewallRuleCommand.ts
@@ -38,6 +38,7 @@ export interface DeleteFirewallRuleCommandOutput extends DeleteFirewallRuleRespo
  * const input = { // DeleteFirewallRuleRequest
  *   FirewallRuleGroupId: "STRING_VALUE", // required
  *   FirewallDomainListId: "STRING_VALUE", // required
+ *   Qtype: "STRING_VALUE",
  * };
  * const command = new DeleteFirewallRuleCommand(input);
  * const response = await client.send(command);
@@ -55,6 +56,7 @@ export interface DeleteFirewallRuleCommandOutput extends DeleteFirewallRuleRespo
  * //     CreatorRequestId: "STRING_VALUE",
  * //     CreationTime: "STRING_VALUE",
  * //     ModificationTime: "STRING_VALUE",
+ * //     Qtype: "STRING_VALUE",
  * //   },
  * // };
  *
diff --git a/clients/client-route53resolver/src/commands/ListFirewallRulesCommand.ts b/clients/client-route53resolver/src/commands/ListFirewallRulesCommand.ts
@@ -61,6 +61,7 @@ export interface ListFirewallRulesCommandOutput extends ListFirewallRulesRespons
  * //       CreatorRequestId: "STRING_VALUE",
  * //       CreationTime: "STRING_VALUE",
  * //       ModificationTime: "STRING_VALUE",
+ * //       Qtype: "STRING_VALUE",
  * //     },
  * //   ],
  * // };
diff --git a/clients/client-route53resolver/src/commands/UpdateFirewallRuleCommand.ts b/clients/client-route53resolver/src/commands/UpdateFirewallRuleCommand.ts
@@ -45,6 +45,7 @@ export interface UpdateFirewallRuleCommandOutput extends UpdateFirewallRuleRespo
  *   BlockOverrideDnsType: "CNAME",
  *   BlockOverrideTtl: Number("int"),
  *   Name: "STRING_VALUE",
+ *   Qtype: "STRING_VALUE",
  * };
  * const command = new UpdateFirewallRuleCommand(input);
  * const response = await client.send(command);
@@ -62,6 +63,7 @@ export interface UpdateFirewallRuleCommandOutput extends UpdateFirewallRuleRespo
  * //     CreatorRequestId: "STRING_VALUE",
  * //     CreationTime: "STRING_VALUE",
  * //     ModificationTime: "STRING_VALUE",
+ * //     Qtype: "STRING_VALUE",
  * //   },
  * // };
  *
diff --git a/clients/client-route53resolver/src/models/models_0.ts b/clients/client-route53resolver/src/models/models_0.ts
@@ -1359,6 +1359,56 @@ export interface CreateFirewallRuleRequest {
    * <p>A name that lets you identify the rule in the rule group.</p>
    */
   Name: string | undefined;
+
+  /**
+   * @public
+   * <p>
+   * 			The DNS query type you want the rule to evaluate. Allowed values are;
+   * 		</p>
+   *          <ul>
+   *             <li>
+   *                <p>
+   * 				A: Returns an IPv4 address.</p>
+   *             </li>
+   *             <li>
+   *                <p>AAAA: Returns an Ipv6 address.</p>
+   *             </li>
+   *             <li>
+   *                <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>
+   *             </li>
+   *             <li>
+   *                <p>CNAME: Returns another domain name.</p>
+   *             </li>
+   *             <li>
+   *                <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>
+   *             </li>
+   *             <li>
+   *                <p>MX: Specifies mail servers.</p>
+   *             </li>
+   *             <li>
+   *                <p>NAPTR: Regular-expression-based rewriting of domain names.</p>
+   *             </li>
+   *             <li>
+   *                <p>NS: Authoritative name servers.</p>
+   *             </li>
+   *             <li>
+   *                <p>PTR: Maps an IP address to a domain name.</p>
+   *             </li>
+   *             <li>
+   *                <p>SOA: Start of authority record for the zone.</p>
+   *             </li>
+   *             <li>
+   *                <p>SPF: Lists the servers authorized to send emails from a domain.</p>
+   *             </li>
+   *             <li>
+   *                <p>SRV: Application specific values that identify servers.</p>
+   *             </li>
+   *             <li>
+   *                <p>TXT: Verifies email senders and application-specific values.</p>
+   *             </li>
+   *          </ul>
+   */
+  Qtype?: string;
 }
 
 /**
@@ -1466,6 +1516,56 @@ export interface FirewallRule {
    * <p>The date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC).</p>
    */
   ModificationTime?: string;
+
+  /**
+   * @public
+   * <p>
+   * 			The DNS query type you want the rule to evaluate. Allowed values are;
+   * 		</p>
+   *          <ul>
+   *             <li>
+   *                <p>
+   * 				A: Returns an IPv4 address.</p>
+   *             </li>
+   *             <li>
+   *                <p>AAAA: Returns an Ipv6 address.</p>
+   *             </li>
+   *             <li>
+   *                <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>
+   *             </li>
+   *             <li>
+   *                <p>CNAME: Returns another domain name.</p>
+   *             </li>
+   *             <li>
+   *                <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>
+   *             </li>
+   *             <li>
+   *                <p>MX: Specifies mail servers.</p>
+   *             </li>
+   *             <li>
+   *                <p>NAPTR: Regular-expression-based rewriting of domain names.</p>
+   *             </li>
+   *             <li>
+   *                <p>NS: Authoritative name servers.</p>
+   *             </li>
+   *             <li>
+   *                <p>PTR: Maps an IP address to a domain name.</p>
+   *             </li>
+   *             <li>
+   *                <p>SOA: Start of authority record for the zone.</p>
+   *             </li>
+   *             <li>
+   *                <p>SPF: Lists the servers authorized to send emails from a domain.</p>
+   *             </li>
+   *             <li>
+   *                <p>SRV: Application specific values that identify servers.</p>
+   *             </li>
+   *             <li>
+   *                <p>TXT: Verifies email senders and application-specific values.</p>
+   *             </li>
+   *          </ul>
+   */
+  Qtype?: string;
 }
 
 /**
@@ -2480,6 +2580,56 @@ export interface DeleteFirewallRuleRequest {
    * <p>The ID of the domain list that's used in the rule.  </p>
    */
   FirewallDomainListId: string | undefined;
+
+  /**
+   * @public
+   * <p>
+   * 			The DNS query type that the rule you are deleting evaluates. Allowed values are;
+   * 		</p>
+   *          <ul>
+   *             <li>
+   *                <p>
+   * 				A: Returns an IPv4 address.</p>
+   *             </li>
+   *             <li>
+   *                <p>AAAA: Returns an Ipv6 address.</p>
+   *             </li>
+   *             <li>
+   *                <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>
+   *             </li>
+   *             <li>
+   *                <p>CNAME: Returns another domain name.</p>
+   *             </li>
+   *             <li>
+   *                <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>
+   *             </li>
+   *             <li>
+   *                <p>MX: Specifies mail servers.</p>
+   *             </li>
+   *             <li>
+   *                <p>NAPTR: Regular-expression-based rewriting of domain names.</p>
+   *             </li>
+   *             <li>
+   *                <p>NS: Authoritative name servers.</p>
+   *             </li>
+   *             <li>
+   *                <p>PTR: Maps an IP address to a domain name.</p>
+   *             </li>
+   *             <li>
+   *                <p>SOA: Start of authority record for the zone.</p>
+   *             </li>
+   *             <li>
+   *                <p>SPF: Lists the servers authorized to send emails from a domain.</p>
+   *             </li>
+   *             <li>
+   *                <p>SRV: Application specific values that identify servers.</p>
+   *             </li>
+   *             <li>
+   *                <p>TXT: Verifies email senders and application-specific values.</p>
+   *             </li>
+   *          </ul>
+   */
+  Qtype?: string;
 }
 
 /**
@@ -5425,6 +5575,56 @@ export interface UpdateFirewallRuleRequest {
    * <p>The name of the rule.</p>
    */
   Name?: string;
+
+  /**
+   * @public
+   * <p>
+   * 			The DNS query type you want the rule to evaluate. Allowed values are;
+   * 		</p>
+   *          <ul>
+   *             <li>
+   *                <p>
+   * 				A: Returns an IPv4 address.</p>
+   *             </li>
+   *             <li>
+   *                <p>AAAA: Returns an Ipv6 address.</p>
+   *             </li>
+   *             <li>
+   *                <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>
+   *             </li>
+   *             <li>
+   *                <p>CNAME: Returns another domain name.</p>
+   *             </li>
+   *             <li>
+   *                <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>
+   *             </li>
+   *             <li>
+   *                <p>MX: Specifies mail servers.</p>
+   *             </li>
+   *             <li>
+   *                <p>NAPTR: Regular-expression-based rewriting of domain names.</p>
+   *             </li>
+   *             <li>
+   *                <p>NS: Authoritative name servers.</p>
+   *             </li>
+   *             <li>
+   *                <p>PTR: Maps an IP address to a domain name.</p>
+   *             </li>
+   *             <li>
+   *                <p>SOA: Start of authority record for the zone.</p>
+   *             </li>
+   *             <li>
+   *                <p>SPF: Lists the servers authorized to send emails from a domain.</p>
+   *             </li>
+   *             <li>
+   *                <p>SRV: Application specific values that identify servers.</p>
+   *             </li>
+   *             <li>
+   *                <p>TXT: Verifies email senders and application-specific values.</p>
+   *             </li>
+   *          </ul>
+   */
+  Qtype?: string;
 }
 
 /**
diff --git a/clients/client-route53resolver/src/protocols/Aws_json1_1.ts b/clients/client-route53resolver/src/protocols/Aws_json1_1.ts
@@ -5626,6 +5626,7 @@ const se_CreateFirewallRuleRequest = (input: CreateFirewallRuleRequest, context:
     FirewallRuleGroupId: [],
     Name: [],
     Priority: [],
+    Qtype: [],
   });
 };
 
diff --git a/codegen/sdk-codegen/aws-models/route53resolver.json b/codegen/sdk-codegen/aws-models/route53resolver.json
@@ -756,6 +756,12 @@
             "smithy.api#documentation": "<p>A name that lets you identify the rule in the rule group.</p>",
             "smithy.api#required": {}
           }
+        },
+        "Qtype": {
+          "target": "com.amazonaws.route53resolver#Qtype",
+          "traits": {
+            "smithy.api#documentation": "<p>\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t</p>\n         <ul>\n            <li>\n               <p>\n\t\t\t\tA: Returns an IPv4 address.</p>\n            </li>\n            <li>\n               <p>AAAA: Returns an Ipv6 address.</p>\n            </li>\n            <li>\n               <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>\n            </li>\n            <li>\n               <p>CNAME: Returns another domain name.</p>\n            </li>\n            <li>\n               <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>\n            </li>\n            <li>\n               <p>MX: Specifies mail servers.</p>\n            </li>\n            <li>\n               <p>NAPTR: Regular-expression-based rewriting of domain names.</p>\n            </li>\n            <li>\n               <p>NS: Authoritative name servers.</p>\n            </li>\n            <li>\n               <p>PTR: Maps an IP address to a domain name.</p>\n            </li>\n            <li>\n               <p>SOA: Start of authority record for the zone.</p>\n            </li>\n            <li>\n               <p>SPF: Lists the servers authorized to send emails from a domain.</p>\n            </li>\n            <li>\n               <p>SRV: Application specific values that identify servers.</p>\n            </li>\n            <li>\n               <p>TXT: Verifies email senders and application-specific values.</p>\n            </li>\n         </ul>"
+          }
         }
       },
       "traits": {
@@ -1359,6 +1365,12 @@
             "smithy.api#documentation": "<p>The ID of the domain list that's used in the rule.  </p>",
             "smithy.api#required": {}
           }
+        },
+        "Qtype": {
+          "target": "com.amazonaws.route53resolver#Qtype",
+          "traits": {
+            "smithy.api#documentation": "<p>\n\t\t\tThe DNS query type that the rule you are deleting evaluates. Allowed values are;\n\t\t</p>\n         <ul>\n            <li>\n               <p>\n\t\t\t\tA: Returns an IPv4 address.</p>\n            </li>\n            <li>\n               <p>AAAA: Returns an Ipv6 address.</p>\n            </li>\n            <li>\n               <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>\n            </li>\n            <li>\n               <p>CNAME: Returns another domain name.</p>\n            </li>\n            <li>\n               <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>\n            </li>\n            <li>\n               <p>MX: Specifies mail servers.</p>\n            </li>\n            <li>\n               <p>NAPTR: Regular-expression-based rewriting of domain names.</p>\n            </li>\n            <li>\n               <p>NS: Authoritative name servers.</p>\n            </li>\n            <li>\n               <p>PTR: Maps an IP address to a domain name.</p>\n            </li>\n            <li>\n               <p>SOA: Start of authority record for the zone.</p>\n            </li>\n            <li>\n               <p>SPF: Lists the servers authorized to send emails from a domain.</p>\n            </li>\n            <li>\n               <p>SRV: Application specific values that identify servers.</p>\n            </li>\n            <li>\n               <p>TXT: Verifies email senders and application-specific values.</p>\n            </li>\n         </ul>"
+          }
         }
       },
       "traits": {
@@ -2287,6 +2299,12 @@
           "traits": {
             "smithy.api#documentation": "<p>The date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC).</p>"
           }
+        },
+        "Qtype": {
+          "target": "com.amazonaws.route53resolver#Qtype",
+          "traits": {
+            "smithy.api#documentation": "<p>\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t</p>\n         <ul>\n            <li>\n               <p>\n\t\t\t\tA: Returns an IPv4 address.</p>\n            </li>\n            <li>\n               <p>AAAA: Returns an Ipv6 address.</p>\n            </li>\n            <li>\n               <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>\n            </li>\n            <li>\n               <p>CNAME: Returns another domain name.</p>\n            </li>\n            <li>\n               <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>\n            </li>\n            <li>\n               <p>MX: Specifies mail servers.</p>\n            </li>\n            <li>\n               <p>NAPTR: Regular-expression-based rewriting of domain names.</p>\n            </li>\n            <li>\n               <p>NS: Authoritative name servers.</p>\n            </li>\n            <li>\n               <p>PTR: Maps an IP address to a domain name.</p>\n            </li>\n            <li>\n               <p>SOA: Start of authority record for the zone.</p>\n            </li>\n            <li>\n               <p>SPF: Lists the servers authorized to send emails from a domain.</p>\n            </li>\n            <li>\n               <p>SRV: Application specific values that identify servers.</p>\n            </li>\n            <li>\n               <p>TXT: Verifies email senders and application-specific values.</p>\n            </li>\n         </ul>"
+          }
         }
       },
       "traits": {
@@ -5728,6 +5746,15 @@
         "smithy.api#output": {}
       }
     },
+    "com.amazonaws.route53resolver#Qtype": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 1,
+          "max": 16
+        }
+      }
+    },
     "com.amazonaws.route53resolver#ResolverAutodefinedReverseStatus": {
       "type": "enum",
       "members": {
@@ -8569,6 +8596,12 @@
           "traits": {
             "smithy.api#documentation": "<p>The name of the rule.</p>"
           }
+        },
+        "Qtype": {
+          "target": "com.amazonaws.route53resolver#Qtype",
+          "traits": {
+            "smithy.api#documentation": "<p>\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t</p>\n         <ul>\n            <li>\n               <p>\n\t\t\t\tA: Returns an IPv4 address.</p>\n            </li>\n            <li>\n               <p>AAAA: Returns an Ipv6 address.</p>\n            </li>\n            <li>\n               <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>\n            </li>\n            <li>\n               <p>CNAME: Returns another domain name.</p>\n            </li>\n            <li>\n               <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>\n            </li>\n            <li>\n               <p>MX: Specifies mail servers.</p>\n            </li>\n            <li>\n               <p>NAPTR: Regular-expression-based rewriting of domain names.</p>\n            </li>\n            <li>\n               <p>NS: Authoritative name servers.</p>\n            </li>\n            <li>\n               <p>PTR: Maps an IP address to a domain name.</p>\n            </li>\n            <li>\n               <p>SOA: Start of authority record for the zone.</p>\n            </li>\n            <li>\n               <p>SPF: Lists the servers authorized to send emails from a domain.</p>\n            </li>\n            <li>\n               <p>SRV: Application specific values that identify servers.</p>\n            </li>\n            <li>\n               <p>TXT: Verifies email senders and application-specific values.</p>\n            </li>\n         </ul>"
+          }
         }
       },
       "traits": {
