# Creating Route 53 Profiles
To create Route 53 Profiles, follow the guidance in this topic. Choose a tab to create a Route 53 Profile by using the Route 53 console, or AWS CLI.
+ [Console](#profile_create_console)
+ [CLI](#profile_create_CLI)
------
#### [ Console ]
**To create a Route 53 Profile**
1. Sign in to the AWS Management Console and open the Route 53 console at [https://console.aws.amazon.com/route53/](https://console.aws.amazon.com/route53/).
1. In the navigation pane, choose **Profiles**.
1. On the navigation bar, choose the Region where you want to create the Profile.
1. Enter a name for the Profile, optionally add tags, and choose **Create Profile**.
This creates an empty Profile with default configurations to which you can associate resources. After you associate resources to the Profile, you can associate it to a number of VPCs and edit the how some of the Resolver configurations apply to the VPCs.
------
#### [ CLI ]
You can create a Profile by running a AWS CLI command like the following and using your own value for `name`.
`aws route53profiles create-profile --name test`
The following is an example output after you run the command:
```
{
"Profile": {
"Arn": "arn:aws:route53profiles:us-east-1:123456789012:profile/rp-6ffe47d5example",
"ClientToken": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111",
"CreationTime": 1710850903.578,
"Id": "rp-6ffe47d5example",
"ModificationTime": 1710850903.578,
"Name": "test",
"OwnerId": "123456789012",
"ShareStatus": "NOT_SHARED",
"Status": "COMPLETE",
"StatusMessage": "Created Profile"
}
}
```
------
To associate your Profiles with different resources and edit the VPC configurations for the Profile, see the following procedures:
**Topics**
+ [Associate DNS Firewall rule groups to a Route 53 Profile](profile-associate-dns-firewall.md)
+ [Associate private hosted zones to a Route 53 Profile](profile-associate-private-hz.md)
+ [Associate Resolver rules to a Route 53 Profile](profile-associate-resolver-rules.md)
+ [Associate interface VPC endpoints to a Route 53 Profile](profile-associate-vpc-endpoints.md)
+ [Associate VPC Resolver query logging configurations to a Route 53 Profile](profile-associate-query-logging.md)
+ [Edit Route 53 Profile configurations](profile-edit-configurations.md)
+ [Associate a Route 53 Profile to VPCs](profile-associate-vpcs.md)
# Associate DNS Firewall rule groups to a Route 53 Profile
For instructions for creating a rule group, see [Creating a rule group and rules](resolver-dns-firewall-rule-group-adding.md), and then choose a tab to associate DNS Firewall rule groups to a Route 53 Profile by using the Route 53 console, or AWS CLI.
+ [Console](#profile-rule-group-console)
+ [CLI](#profile-rule-group-CLI)
------
#### [ Console ]
**To associate DNS Firewall rule groups**
1. Sign in to the AWS Management Console and open the Route 53 console at [https://console.aws.amazon.com/route53/](https://console.aws.amazon.com/route53/).
1. On the navigation bar, choose the Region where you created the Profile.
1. In the navigation pane, choose **Profiles** and on the **Profiles** table, choose the linked name of the Profile you want to work with.
1. On the **** page, choose the **DNS Firewall rule groups** tab and then **Associate**.
1. In the **DNS Firewall rule groups** section you can select up to 10 rule groups you have previously created. If you want to associate more than 10 rule groups, use the APIs. For more information, see [AssociateResourceToProfile](https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53profiles_AssociateResourceToProfile.html).
To create new rule groups, see [Creating a rule group and rules](resolver-dns-firewall-rule-group-adding.md).
1. Choose **Next**.
1. On the **Define priority** page you can set the order in which the rule groups are processed by clicking the pre-assigned priority number and typing in a new one. The allowed values for the priority are between 100 and 9900.
The rule groups are evaluated starting with the lowest numeric priority setting and going up. You can change a rule group's priority at any time, for example to change the order of processing or make space for other rule groups.
Choose **Submit**.
1. The association progress is displayed in the **Status** column in the **DNS Firewall** rule groups dialog box.
------
#### [ CLI ]
You can associate rule group to a Profile by running a AWS CLI command like the following and using your own values for `name` `profile-id`, `resource-arn`, and `priority`:
`aws route53profiles associate-resource-to-profile --name test-resource-association --profile-id rp-4987774726example --resource-arn arn:aws:route53resolver:us-east-1:123456789012:firewall-rule-group/rslvr-frg-cfe7f72example --resource-properties "{\"priority\": 102}"`
The following is an example output after you run the command:
```
{
"ProfileResourceAssociation": {
"CreationTime": 1710851216.613,
"Id": "rpr-001913120a7example",
"ModificationTime": 1710851216.613,
"Name": "test-resource-association",
"OwnerId": "123456789012",
"ProfileId": "rp-4987774726example",
"ResourceArn": "arn:aws:route53resolver:us-east-1:123456789012:firewall-rule-group/rslvr-frg-cfe7f72example",
"ResourceProperties": "{\"priority\":102}",
"ResourceType": "FIREWALL_RULE_GROUP",
"Status": "UPDATING",
"StatusMessage": "Updating the Profile to DNS Firewall rule group association"
}
}
```
------
# Associate private hosted zones to a Route 53 Profile
For intructions for how to create a private hosted zone, see [Creating a private hosted zone](hosted-zone-private-creating.md), and then follow the steps in this procedure to associate a private hosted zone to a Profile.
**To associate private hosted zones**
1. Sign in to the AWS Management Console and open the Route 53 console at [https://console.aws.amazon.com/route53/](https://console.aws.amazon.com/route53/).
1. On the navigation bar, choose the Region where you created the Profile.
1. In the navigation pane, choose **Profiles** and on the **Profiles** table, choose the linked name of the Profile you want to work with.
1. On the **** page, choose the **Private hosted zones** tab, and then **Associate**.
1. On the **Associate private hosted zones** page you can select up to 10 private hosted zones you have previously created. If you want to associate more than 10 private hosted zones, use the APIs. For more information, see [AssociateResourceToProfile](https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53profiles_AssociateResourceToProfile.html).
To create private hosted zones, see [Creating a private hosted zone](hosted-zone-private-creating.md).
1. Choose **Associate**
1. The association progress is displayed in the **Status** column on the **Private hosted zones** tab.
# Associate Resolver rules to a Route 53 Profile
For instructions for how to create a Resolver rule, see [Creating forwarding rules](resolver-rules-managing.md#resolver-rules-managing-creating-rules), and then follow the steps in this procedure to associate Resolver rules to a Profile.
**To associate VPC Resolver rules**
1. Sign in to the AWS Management Console and open the Route 53 console at [https://console.aws.amazon.com/route53/](https://console.aws.amazon.com/route53/).
1. On the navigation bar, choose the Region where you created the Profile.
1. On the **** page, choose the **Resolver rules** tab, and then **Associate**.
1. On the **Associate Resolver rules** page, in the **Resolver rules** table you can select up to 10 Resolver rules you have previously created. If you want to associate more than 10 resolver rules, use the APIs. For more information, see [AssociateResourceToProfile](https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53profiles_AssociateResourceToProfile.html).
To create Resolver rules, see [Creating forwarding rules](resolver-rules-managing.md#resolver-rules-managing-creating-rules).
1. Choose **Associate**
1. The association progress is displayed in the **Status** column on the **Resolver rules** tab.
# Associate interface VPC endpoints to a Route 53 Profile
For instructions on how to create a interface VPC endpoint, see [Create a VPC endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html#create-interface-endpoint-aws) in the *VPC User Guide.* and then follow the steps in this procedure to associate a VPC endpoint to a Profile.
**To associate VPC endpoints**
1. Sign in to the AWS Management Console and open the Route 53 console at [https://console.aws.amazon.com/route53/](https://console.aws.amazon.com/route53/).
1. On the navigation bar, choose the Region where you created the Profile.
1. On the **** page, choose the **VPC endpoints** tab, and then **Associate**.
1. On the **Associate VPC endpoints** page, in the **VPC endpoints** table you can select up to 10 endpoints you have previously created. If you want to associate more than 10 endpoints, use the APIs. For more information, see [AssociateResourceToProfile](https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53profiles_AssociateResourceToProfile.html).
To create Resolver rules, see [Creating forwarding rules](resolver-rules-managing.md#resolver-rules-managing-creating-rules).
1. Choose **Associate**
1. The association progress is displayed in the **Status** column on the **VPC endpoints** tab.
# Associate VPC Resolver query logging configurations to a Route 53 Profile
For instructions on how to create a VPC Resolver query logging configuration, see [Configuring (VPC Resolver query logging)](resolver-query-logging-configurations-managing.md#resolver-query-logs-configuring), and then choose a tab to associate VPC Resolver configuration to a Route 53 Profile by using the Route 53 console, or AWS CLI.
+ [Console](#profile-query-log-config-console)
+ [CLI](#profile-query-log-config-CLI)
------
#### [ Console ]
**To associate query logging configurations**
1. Sign in to the AWS Management Console and open the Route 53 console at [https://console.aws.amazon.com/route53/](https://console.aws.amazon.com/route53/).
1. On the navigation bar, choose the Region where you created the Profile.
1. On the **Profile name** page, choose the **Resolver query log configurations** tab, and then **Associate**.
1. On the **Associate query logging configurations** page, in the **Resolver query log configurations** table, you can select up to three configurations that you previously created. If you want to associate more than three query logging configurations, use the API. For more information, see [AssociateResourceToProfile](https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53profiles_AssociateResourceToProfile.html).
1. To create new VPC Resolver query logging configurations, see [Configuring (VPC Resolver query logging)](resolver-query-logging-configurations-managing.md#resolver-query-logs-configuring).
1. Choose **Associate**
1. The association progress is displayed in the **Status** column on the **Resolver query log configurations** tab.
------
#### [ CLI ]
You can associate a query log configuration to a Profile by running a AWS CLI command like the following and using your own values for `name` `profile-id` and `resource-arn`.
`aws route53profiles associate-resource-to-profile --name test-resource-association --profile-id rp-4987774726example --resource-arn arn:aws:route53resolver:us-east-1:123456789012:resolver-query-log-config/rqlc-cfe7f72example `
The following is an example output after you run the command:
```
{
"ProfileResourceAssociation": {
"CreationTime": 1710851226.613,
"Id": "rpr-001913120b8example",
"ModificationTime": 1710851226.613,
"Name": "test-resource-association",
"OwnerId": "123456789012",
"ProfileId": "rp-4987774726example",
"ResourceArn": "arn:aws:route53resolver:us-east-1:123456789012:resolver-query-log-config/rqlc-cfe7f72example",
"ResourceType": "RESOLVER_QUERY_LOG_CONFIG",
"Status": "CREATING",
"StatusMessage": "Creating rp-4987774726example to rqlc-cfe7f72example association"
}
}
```
------
# Edit Route 53 Profile configurations
After you associate resources to a Profile, you can edit the default VPC configurations to decide how they are applied to the VPCs.
**To edit Profile configurations**
1. Sign in to the AWS Management Console and open the Route 53 console at [https://console.aws.amazon.com/route53/](https://console.aws.amazon.com/route53/).
1. On the navigation bar, choose the Region where you created the Profile.
1. In the navigation pane, choose **Profiles** and on the **Profiles** table, choose the linked name of the Profile you want to work with.
1. On the **** page, choose the **Configuration** tab and then **Edit**.
1. On the **Edit Configuration** page, choose one of the values for the VPC DNSSEC configuration, Resolver reverse DNS lookup configuration, and DNS Firewall failure mode configuration.
For more information about the values, see [Configuration settings for Route 53 Profile](values-for-profile-configuration.md).
1. Choose **Update**.
# Configuration settings for Route 53 Profile
When you edit a Route 53 Profile configuration, you specify the following values:
**DNSSEC configuration**
Choose one of the following values:
+ **Use local VPC DNSSEC configuration - default**
Choose this option to have all the VPCs associated to this Profile keep their local DNSSEC validation configuration.
+ **Enable DNSSEC validation**
Choose this option to enable DNSSEC validation in all the VPCs associated to this Profile.
+ **Disable DNSSEC validation**
Choose this option to disable DNSSEC validation in all VPCs that are associated to this Profile.
**Resolver reverse DNS lookup configuration**
Choose one of the following values:
+ **Enable**
Choose this option to create auto defined rules for reverse DNS look up in all the associated VPCs.
+ **Not enabled**
Choose this option to not create auto defined rules for reverse DNS look up in all the associated VPCs.
+ **Use local auto defined rules - default**
Choose this option to use the local VPC settings for reverse DNS lookup for the associated VPCs.
**DNS Firewall failure mode configuration**
Choose one of the following values:
+ **Disable**
Choose this option to close the DNS Firewall failure mode for the associated VPCs. With this option, DNS Firewall will block all queries it can't properly evaluate.
+ **Enabled**
Choose this option to keep the DNS Firewall failure mode open for all the associated VPCs. With this option, DNS Firewall will allow queries to proceed if it's unable to properly evaluate them.
+ **Use local failure mode settings - default**
Choose this option to use the local VPC DNS Firewall failure mode settings.
For more information about the configurations, see
+ [Enabling DNSSEC validation in Amazon Route 53](resolver-dnssec-validation.md)
+ [Forwarding rules for reverse DNS queries in VPC Resolver](resolver-rules-managing.md#resolver-automatic-forwarding-rules-reverse-dns)
+ [DNS Firewall VPC configuration](resolver-dns-firewall-vpc-configuration.md)
# Associate a Route 53 Profile to VPCs
To associate a Route 53 Profile to a VPC, follow the guidance in this topic. Choose a tab to associate a Route 53 Profile to a VPC by using the Route 53 console, or AWS CLI.
+ [Console](#profile-associate-vpcs-console)
+ [CLI](#profile-associate-vpcs-CLI)
------
#### [ Console ]
**To associate VPCs**
1. Sign in to the AWS Management Console and open the Route 53 console at [https://console.aws.amazon.com/route53/](https://console.aws.amazon.com/route53/).
1. On the navigation bar, choose the Region where you created the Profile.
1. On the **** page, choose the **VPCs** tab, and then **Associate**.
1. On the **Associate VPCs** page you can select up to 10 VPCs you have previously created. If you want to associate more than 10 VPCs, use the APIs. For more information, see [AssociateProfile](https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53profiles_AssociateProfile.html).
1. Choose **Associate**
1. The association progress is displayed in the **Status** column on the **VPCs** page.
------
#### [ CLI ]
You can list the Profiles by running a AWS CLI command like the following and using your own values for `name`, `profile-id`, and `resource-id`:
`aws route53profiles associate-profile --name test-association --profile-id rp-4987774726example --resource-id vpc-0af3b96b3example`
The following is an example output after you run the command:
```
{
"ProfileResourceAssociation": {
"CreationTime": 1710851216.613,
"Id": "rpr-001913120a7example",
"ModificationTime": 1710851216.613,
"Name": "test-resource-association",
"OwnerId": "123456789012",
"ProfileId": "rp-4987774726example",
"ResourceArn": "arn:aws:route53resolver:us-east-1:123456789012:firewall-rule-group/rslvr-frg-cfe7f72example",
"ResourceProperties": "{\"priority\":102}",
"ResourceType": "FIREWALL_RULE_GROUP",
"Status": "UPDATING",
"StatusMessage": "Updating the Profile to DNS Firewall rule group association"
}
}
```
------