Route53Resolver / Client / get_firewall_config

get_firewall_config¶

Route53Resolver.Client.get_firewall_config(**kwargs)¶

Retrieves the configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC).

Request Syntax

response = client.get_firewall_config(
    ResourceId='string'
)

Parameters:

ResourceId (string) –

[REQUIRED]

The ID of the VPC from Amazon VPC that the configuration is for.

Return type:

dict

Returns:

Response Syntax

{
    'FirewallConfig': {
        'Id': 'string',
        'ResourceId': 'string',
        'OwnerId': 'string',
        'FirewallFailOpen': 'ENABLED'|'DISABLED'|'USE_LOCAL_RESOURCE_SETTING'
    }
}

Response Structure

(dict) –
- FirewallConfig (dict) –
  
  Configuration of the firewall behavior provided by DNS Firewall for a single VPC from AmazonVPC.
  - Id (string) –
    
    The ID of the firewall configuration.
  - ResourceId (string) –
    
    The ID of the VPC that this firewall configuration applies to.
  - OwnerId (string) –
    
    The Amazon Web Services account ID of the owner of the VPC that this firewall configuration applies to.
  - FirewallFailOpen (string) –
    
    Determines how DNS Firewall operates during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply.
    - By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall returns a failure error when it is unable to properly evaluate a query.
    - If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them.
    This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association.

get_firewall_config¶

Request Syntax

Response Syntax

Response Structure

Exceptions