# 使用 AWS CLI 的 Route 53 Resolver 示例
以下代码示例演示如何通过将 AWS Command Line Interface与 Route 53 Resolver 结合使用,来执行操作和实现常见场景。
*操作是大型程序的代码摘录*,必须在上下文中运行。您可以通过操作了解如何调用单个服务函数,还可以通过函数相关场景的上下文查看操作。
每个示例都包含一个指向完整源代码的链接,您可以从中找到有关如何在上下文中设置和运行代码的说明。
**Topics**
+ [操作](#actions)
## 操作
### `associate-firewall-rule-group`
以下代码示例演示了如何使用 `associate-firewall-rule-group`。
**AWS CLI**
**将防火墙规则组与 VPC 关联**
以下 `associate-firewall-rule-group` 示例将 DNS 防火墙规则组与 Amazon VPC 相关联。
```
aws route53resolver associate-firewall-rule-group \
--name test-association \
--firewall-rule-group-id rslvr-frg-47f93271fexample \
--vpc-id vpc-31e92222 \
--priority 101
```
输出:
```
{
"FirewallRuleGroupAssociation": {
"Id": "rslvr-frgassoc-57e8873d7example",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example",
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"VpcId": "vpc-31e92222",
"Name": "test-association",
"Priority": 101,
"MutationProtection": "DISABLED",
"Status": "UPDATING",
"StatusMessage": "Creating Firewall Rule Group Association",
"CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111",
"CreationTime": "2021-05-25T21:47:48.755768Z",
"ModificationTime": "2021-05-25T21:47:48.755768Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 VPC 与 Route 53 Resolver DNS Firewall 规则组之间的关联](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-associating-rule-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AssociateFirewallRuleGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/associate-firewall-rule-group.html)。
### `associate-resolver-endpoint-ip-address`
以下代码示例演示了如何使用 `associate-resolver-endpoint-ip-address`。
**AWS CLI**
**将另一个 IP 地址与 Resolver 端点相关联**
以下 `associate-resolver-endpoint-ip-address` 示例将另一个 IP 地址与入站 Resolver 端点相关联。如果您仅指定子网 ID,而 `--ip-address` 参数中省略了 IP 地址,Resolver 会从指定子网中的可用 IP 地址中选择一个 IP 地址。
```
aws route53resolver associate-resolver-endpoint-ip-address \
--resolver-endpoint-id rslvr-in-497098ad5example \
--ip-address="SubnetId=subnet-12d8exam,Ip=192.0.2.118"
```
输出:
```
{
"ResolverEndpoint": {
"Id": "rslvr-in-497098ad5example",
"CreatorRequestId": "AWSConsole.25.0123456789",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-497098ad5example",
"Name": "my-inbound-endpoint",
"SecurityGroupIds": [
"sg-05cd7b25d6example"
],
"Direction": "INBOUND",
"IpAddressCount": 3,
"HostVPCId": "vpc-304bexam",
"Status": "UPDATING",
"StatusMessage": "Updating the Resolver Endpoint",
"CreationTime": "2020-01-02T23:25:45.538Z",
"ModificationTime": "2020-01-02T23:25:45.538Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[创建或编辑入站端点时指定的值](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.html#resolver-forwarding-inbound-queries-values)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AssociateResolverEndpointIpAddress](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/associate-resolver-endpoint-ip-address.html)。
### `associate-resolver-rule`
以下代码示例演示了如何使用 `associate-resolver-rule`。
**AWS CLI**
**将 Resolver 规则与 VPC 关联**
以下 `associate-resolver-rule` 示例将 Resolver 规则组与 Amazon VPC 相关联。运行命令后,Resolver 开始根据规则中的设置(例如所转发查询的域名)将 DNS 查询转发到您的网络。
```
aws route53resolver associate-resolver-rule \
--name my-resolver-rule-association \
--resolver-rule-id rslvr-rr-42b60677c0example \
--vpc-id vpc-304bexam
```
输出:
```
{
"ResolverRuleAssociation": {
"Id": "rslvr-rrassoc-d61cbb2c8bexample",
"ResolverRuleId": "rslvr-rr-42b60677c0example",
"Name": "my-resolver-rule-association",
"VPCId": "vpc-304bexam",
"Status": "CREATING",
"StatusMessage": "[Trace id: 1-5dc5a8fa-ec2cc480d2ef07617example] Creating the association."
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[将出站 DNS 查询转发到您的网络](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AssociateResolverRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/associate-resolver-rule.html)。
### `create-firewall-domain-list`
以下代码示例演示了如何使用 `create-firewall-domain-list`。
**AWS CLI**
**创建 Route 53 Resolver DNS Firewall 域列表**
以下 `create-firewall-domain-list` 示例在您的 AWS 账户中创建名为 test 的 Route 53 Resolver DNS Firewall 域列表。
```
aws route53resolver create-firewall-domain-list \
--creator-request-id my-request-id \
--name test
```
输出:
```
{
"FirewallDomainList": {
"Id": "rslvr-fdl-d61cbb2cbexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-domain-list/rslvr-fdl-d61cbb2cbexample",
"Name": "test",
"DomainCount": 0,
"Status": "COMPLETE",
"StatusMessage": "Created Firewall Domain List",
"CreatorRequestId": "my-request-id",
"CreationTime": "2021-05-25T15:55:51.115365Z",
"ModificationTime": "2021-05-25T15:55:51.115365Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理您自己的域列表](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-user-managed-domain-lists.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateFirewallDomainList](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/create-firewall-domain-list.html)。
### `create-firewall-rule-group`
以下代码示例演示了如何使用 `create-firewall-rule-group`。
**AWS CLI**
**创建防火墙规则组**
以下 `create-firewall-rule-group` 示例创建了 DNS 防火墙规则组。
```
aws route53resolver create-firewall-rule-group \
--creator-request-id my-request-id \
--name test
```
输出:
```
{
"FirewallRuleGroup": {
"Id": "rslvr-frg-47f93271fexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group/rslvr-frg-47f93271fexample",
"Name": "test",
"RuleCount": 0,
"Status": "COMPLETE",
"StatusMessage": "Created Firewall Rule Group",
"OwnerId": "123456789012",
"CreatorRequestId": "my-request-id",
"ShareStatus": "NOT_SHARED",
"CreationTime": "2021-05-25T18:59:26.490017Z",
"ModificationTime": "2021-05-25T18:59:26.490017Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 DNS 防火墙中的规则组和规则](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateFirewallRuleGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/create-firewall-rule-group.html)。
### `create-firewall-rule`
以下代码示例演示了如何使用 `create-firewall-rule`。
**AWS CLI**
**创建防火墙规则**
以下 `create-firewall-rule` 示例在 DNS 防火墙规则中为 DNS 防火墙域列表中列出的域创建了防火墙规则。
```
aws route53resolver create-firewall-rule \
--name allow-rule \
--firewall-rule-group-id rslvr-frg-47f93271fexample \
--firewall-domain-list-id rslvr-fdl-9e956e9ffexample \
--priority 101 \
--action ALLOW
```
输出:
```
{
"FirewallRule": {
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-9e956e9ffexample",
"Name": "allow-rule",
"Priority": 101,
"Action": "ALLOW",
"CreatorRequestId": "d81e3fb7-020b-415e-939f-EXAMPLE11111",
"CreationTime": "2021-05-25T21:44:00.346093Z",
"ModificationTime": "2021-05-25T21:44:00.346093Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 DNS 防火墙中的规则组和规则](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateFirewallRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/create-firewall-rule.html)。
### `create-resolver-endpoint`
以下代码示例演示了如何使用 `create-resolver-endpoint`。
**AWS CLI**
**创建入站 Resolver 端点**
以下 `create-resolver-endpoint` 示例创建了入站 Resolver 端点。您可以使用相同的命令来创建入站和出站端点。
aws route53resolver create-resolver-endpoint --name my-inbound-endpoint --creator-request-id 2020-01-01-18:47 --security-group-ids "sg-f62bexam" --direction INBOUND --ip-addresses SubnetId=subnet-ba47exam,Ip=192.0.2.255 SubnetId=subnet-12d8exam,Ip=192.0.2.254
输出:
```
{
"ResolverEndpoint": {
"Id": "rslvr-in-f9ab8a03f1example",
"CreatorRequestId": "2020-01-01-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-f9ab8a03f1example",
"Name": "my-inbound-endpoint",
"SecurityGroupIds": [
"sg-f62bexam"
],
"Direction": "INBOUND",
"IpAddressCount": 2,
"HostVPCId": "vpc-304examp",
"Status": "CREATING",
"StatusMessage": "[Trace id: 1-5dc1ff84-f3477826e4a190025example] Creating the Resolver Endpoint",
"CreationTime": "2020-01-01T23:02:29.583Z",
"ModificationTime": "2020-01-01T23:02:29.583Z"
}
}
```
**创建出站 Resolver 端点**
以下 `create-resolver-endpoint` 示例使用 JSON 格式文档 `create-outbound-resolver-endpoint.json` 中的值创建出站 Resolver 端点。
```
aws route53resolver create-resolver-endpoint \
--cli-input-json file://c:\temp\create-outbound-resolver-endpoint.json
```
的内容`create-outbound-resolver-endpoint.json`:
```
{
"CreatorRequestId": "2020-01-01-18:47",
"Direction": "OUTBOUND",
"IpAddresses": [
{
"Ip": "192.0.2.255",
"SubnetId": "subnet-ba47exam"
},
{
"Ip": "192.0.2.254",
"SubnetId": "subnet-12d8exam"
}
],
"Name": "my-outbound-endpoint",
"SecurityGroupIds": [ "sg-05cd7b25d6example" ],
"Tags": [
{
"Key": "my-key-name",
"Value": "my-key-value"
}
]
}
```
有关更多信息,请参阅 *Amazon Route 53 Developer Guide* 中[解析 VPC 与您的网络之间的 DNS 查询](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateResolverEndpoint](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/create-resolver-endpoint.html)。
### `create-resolver-rule`
以下代码示例演示了如何使用 `create-resolver-rule`。
**AWS CLI**
**创建 Resolver 规则**
以下 `create-resolver-rule` 示例创建了 Resolver 转发规则。该规则使用出站端点 rslvr-out-d5e5920e37example 将 `example.com` 的 DNS 查询转发到 IP 地址 10.24.8.75 和 10.24.8.156。
```
aws route53resolver create-resolver-rule \
--creator-request-id 2020-01-02-18:47 \
--domain-name example.com \
--name my-rule \
--resolver-endpoint-id rslvr-out-d5e5920e37example \
--rule-type FORWARD \
--target-ips "Ip=10.24.8.75" "Ip=10.24.8.156"
```
输出:
```
{
"ResolverRule": {
"Status": "COMPLETE",
"RuleType": "FORWARD",
"ResolverEndpointId": "rslvr-out-d5e5920e37example",
"Name": "my-rule",
"DomainName": "example.com.",
"CreationTime": "2022-05-10T21:35:30.923187Z",
"TargetIps": [
{
"Ip": "10.24.8.75",
"Port": 53
},
{
"Ip": "10.24.8.156",
"Port": 53
}
],
"CreatorRequestId": "2022-05-10-16:33",
"ModificationTime": "2022-05-10T21:35:30.923187Z",
"ShareStatus": "NOT_SHARED",
"Arn": "arn:aws:route53resolver:us-east-1:111117012054:resolver-rule/rslvr-rr-b1e0b905e93611111",
"OwnerId": "111111111111",
"Id": "rslvr-rr-rslvr-rr-b1e0b905e93611111",
"StatusMessage": "[Trace id: 1-22222222-3e56afcc71a3724664f22e24] Successfully created Resolver Rule."
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateResolverRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/create-resolver-rule.html)。
### `delete-firewall-domain-list`
以下代码示例演示了如何使用 `delete-firewall-domain-list`。
**AWS CLI**
**删除 Route 53 Resolver DNS Firewall 域列表**
以下 `delete-firewall-domain-list` 示例在您的 AWS 账户中删除了名为 test 的 Route 53 Resolver DNS Firewall 域列表。
```
aws route53resolver delete-firewall-domain-list \
--firewall-domain-list-id rslvr-fdl-9e956e9ffexample
```
输出:
```
{
"FirewallDomainList": {
"Id": "rslvr-fdl-9e956e9ffexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-domain-list/rslvr-fdl-9e956e9ffexample",
"Name": "test",
"DomainCount": 6,
"Status": "DELETING",
"StatusMessage": "Deleting the Firewall Domain List",
"CreatorRequestId": "my-request-id",
"CreationTime": "2021-05-25T15:55:51.115365Z",
"ModificationTime": "2021-05-25T18:58:05.588024Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理您自己的域列表](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-user-managed-domain-lists.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteFirewallDomainList](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/delete-firewall-domain-list.html)。
### `delete-firewall-rule-group`
以下代码示例演示了如何使用 `delete-firewall-rule-group`。
**AWS CLI**
**删除防火墙规则组**
以下 `delete-firewall-rule-group` 示例创建了防火墙规则组。
```
aws route53resolver delete-firewall-rule-group \
--firewall-rule-group-id rslvr-frg-47f93271fexample
```
输出:
```
{
"FirewallRuleGroup": {
"Id": "rslvr-frg-47f93271fexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group/rslvr-frg-47f93271fexample",
"Name": "test",
"RuleCount": 0,
"Status": "UPDATING",
"StatusMessage": "Updating Firewall Rule Group",
"OwnerId": "123456789012",
"CreatorRequestId": "my-request-id",
"ShareStatus": "NOT_SHARED",
"CreationTime": "2021-05-25T18:59:26.490017Z",
"ModificationTime": "2021-05-25T21:51:53.028688Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 DNS 防火墙中的规则组和规则](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteFirewallRuleGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/delete-firewall-rule-group.html)。
### `delete-firewall-rule`
以下代码示例演示了如何使用 `delete-firewall-rule`。
**AWS CLI**
**删除防火墙规则**
以下 `delete-firewall-rule` 示例删除了防火墙规则组。
```
aws route53resolver delete-firewall-rule \
--firewall-rule-group-id rslvr-frg-47f93271fexample \
--firewall-domain-list-id rslvr-fdl-9e956e9ffexample
```
输出:
```
{
"FirewallRule": {
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-9e956e9ffexample",
"Name": "allow-rule",
"Priority": 102,
"Action": "ALLOW",
"CreatorRequestId": "d81e3fb7-020b-415e-939f-EXAMPLE11111",
"CreationTime": "2021-05-25T21:44:00.346093Z",
"ModificationTime": "2021-05-25T21:45:59.611600Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 DNS 防火墙中的规则组和规则](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteFirewallRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/delete-firewall-rule.html)。
### `delete-resolver-endpoint`
以下代码示例演示了如何使用 `delete-resolver-endpoint`。
**AWS CLI**
**删除 Resolver 端点**
以下 `delete-resolver-endpoint` 示例删除了指定的端点。
**重要提示**:如果您删除入站端点,来自您网络的 DNS 查询将不再转发到在该端点中指定的 VPC 中的 Resolver。如果您删除了出站端点,对于指定了所删除端点的规则,Resolver 会停止将 DNS 查询从您的 VPC 转发到您的网络。
```
aws route53resolver delete-resolver-endpoint \
--resolver-endpoint-id rslvr-in-497098ad59example
```
输出:
```
{
"ResolverEndpoint": {
"Id": "rslvr-in-497098ad59example",
"CreatorRequestId": "AWSConsole.25.157290example",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-497098ad59example",
"Name": "my-inbound-endpoint",
"SecurityGroupIds": [
"sg-05cd7b25d6example"
],
"Direction": "INBOUND",
"IpAddressCount": 5,
"HostVPCId": "vpc-304bexam",
"Status": "DELETING",
"StatusMessage": "[Trace id: 1-5dc5b658-811b5be0922bbc382example] Deleting ResolverEndpoint.",
"CreationTime": "2020-01-01T23:25:45.538Z",
"ModificationTime": "2020-01-02T23:25:45.538Z"
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteResolverEndpoint](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/delete-resolver-endpoint.html)。
### `delete-resolver-rule`
以下代码示例演示了如何使用 `delete-resolver-rule`。
**AWS CLI**
**删除 Resolver 规则**
以下 `delete-resolver-rule` 示例删除了指定规则。
**注意**:如果某个规则与任意 VPC 关联,您必须先从 VPC 上解除规则关联,然后才能删除规则。
```
aws route53resolver delete-resolver-rule \
--resolver-rule-id rslvr-rr-5b3809426bexample
```
输出:
```
{
"ResolverRule": {
"Id": "rslvr-rr-5b3809426bexample",
"CreatorRequestId": "2020-01-03-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-5b3809426bexample",
"DomainName": "zenith.example.com.",
"Status": "DELETING",
"StatusMessage": "[Trace id: 1-5dc5e05b-602e67b052cb74f05example] Deleting Resolver Rule.",
"RuleType": "FORWARD",
"Name": "my-resolver-rule",
"TargetIps": [
{
"Ip": "192.0.2.50",
"Port": 53
}
],
"ResolverEndpointId": "rslvr-out-d5e5920e3example",
"OwnerId": "111122223333",
"ShareStatus": "NOT_SHARED"
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteResolverRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/delete-resolver-rule.html)。
### `disassociate-firewall-rule-group`
以下代码示例演示了如何使用 `disassociate-firewall-rule-group`。
**AWS CLI**
**取消防火墙规则组与 VPC 的关联**
以下 `disassociate-firewall-rule-group` 示例取消了 DNS 防火墙规则组与 Amazon VPC 的关联。
```
aws route53resolver disassociate-firewall-rule-group \
--firewall-rule-group-association-id rslvr-frgassoc-57e8873d7example
```
输出:
```
{
"FirewallRuleGroupAssociation": {
"Id": "rslvr-frgassoc-57e8873d7example",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example",
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"VpcId": "vpc-31e92222",
"Name": "test-association",
"Priority": 103,
"MutationProtection": "DISABLED",
"Status": "DELETING",
"StatusMessage": "Deleting the Firewall Rule Group Association",
"CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111",
"CreationTime": "2021-05-25T21:47:48.755768Z",
"ModificationTime": "2021-05-25T21:51:02.377887Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 VPC 与 Route 53 Resolver DNS Firewall 规则组之间的关联](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-associating-rule-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DisassociateFirewallRuleGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/disassociate-firewall-rule-group.html)。
### `disassociate-resolver-endpoint-ip-address`
以下代码示例演示了如何使用 `disassociate-resolver-endpoint-ip-address`。
**AWS CLI**
**取消 IP 地址与 Resolver 端点的关联**
以下 `disassociate-resolver-endpoint-ip-address` 示例从指定的 Resolver 入站或出站端点中删除了 IP 地址。
**注意**:一个端点必须具有至少两个 IP 地址。如果一个端点当前只有两个 IP 地址,并且您希望将一个地址替换为另一个地址,则必须先使用 [associate-resolver-endpoint-ip-address](https://docs.aws.amazon.com/cli/latest/reference/route53resolver/associate-resolver-endpoint-ip-address.html) 来关联新的 IP 地址。然后,您可以取消其中一个原始 IP 地址与端点的关联。
```
aws route53resolver disassociate-resolver-endpoint-ip-address \
--resolver-endpoint-id rslvr-in-f9ab8a03f1example \
--ip-address="SubnetId=subnet-12d8a459,Ip=172.31.40.121"
```
输出:
```
{
"ResolverEndpoint": {
"Id": "rslvr-in-f9ab8a03f1example",
"CreatorRequestId": "2020-01-01-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-f9ab8a03f1example",
"Name": "my-inbound-endpoint",
"SecurityGroupIds": [
"sg-f62bexam"
],
"Direction": "INBOUND",
"IpAddressCount": 3,
"HostVPCId": "vpc-304bexam",
"Status": "UPDATING",
"StatusMessage": "Updating the Resolver Endpoint",
"CreationTime": "2020-01-01T23:02:29.583Z",
"ModificationTime": "2020-01-05T23:02:29.583Z"
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DisassociateResolverEndpointIpAddress](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/disassociate-resolver-endpoint-ip-address.html)。
### `disassociate-resolver-rule`
以下代码示例演示了如何使用 `disassociate-resolver-rule`。
**AWS CLI**
**取消 Resolver 规则与 Amazon VPC 的关联**
以下 `disassociate-resolver-rule` 示例删除了指定的 Resolver 规则与指定的 VPC 之间的关联。在下列情况下,您可以取消规则与 VPC 的关联:
对于源自此 VPC 中的 DNS 查询,您希望 Resolver 停止将对规则中指定域名的查询转发到您的网络。如果规则当前与一个或多个 VPC 关联,您必须先从所有 VPC 上解除规则的关联,然后才能删除规则。
```
aws route53resolver disassociate-resolver-rule \
--resolver-rule-id rslvr-rr-4955cb98ceexample \
--vpc-id vpc-304bexam
```
输出:
```
{
"ResolverRuleAssociation": {
"Id": "rslvr-rrassoc-322f4e8b9cexample",
"ResolverRuleId": "rslvr-rr-4955cb98ceexample",
"Name": "my-resolver-rule-association",
"VPCId": "vpc-304bexam",
"Status": "DELETING",
"StatusMessage": "[Trace id: 1-5dc5ffa2-a26c38004c1f94006example] Deleting Association"
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DisassociateResolverRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/disassociate-resolver-rule.html)。
### `get-firewall-config`
以下代码示例演示了如何使用 `get-firewall-config`。
**AWS CLI**
**获取 VPC 的防火墙配置**
以下 `get-firewall-config` 示例检索指定 VPC 的 DNS 防火墙行为。
```
aws route53resolver get-firewall-config \
--resource-id vpc-31e92222
```
输出:
```
{
"FirewallConfig": {
"Id": "rslvr-fc-86016850cexample",
"ResourceId": "vpc-31e9222",
"OwnerId": "123456789012",
"FirewallFailOpen": "DISABLED"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的 [DNS 防火墙 VPC 配置](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-configuration.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetFirewallConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-firewall-config.html)。
### `get-firewall-domain-list`
以下代码示例演示了如何使用 `get-firewall-domain-list`。
**AWS CLI**
**获取 Route 53 Resolver DNS Firewall 域列表**
以下 `get-firewall-domain-list` 示例使用您指定 ID 检索域列表。
```
aws route53resolver get-firewall-domain-list \
--firewall-domain-list-id rslvr-fdl-42b60677cexample
```
输出:
```
{
"FirewallDomainList": {
"Id": "rslvr-fdl-9e956e9ffexample",
"Arn": "arn:aws:route53resolver:us-west-2:123457689012:firewall-domain-list/rslvr-fdl-42b60677cexample",
"Name": "test",
"DomainCount": 0,
"Status": "COMPLETE",
"StatusMessage": "Created Firewall Domain List",
"CreatorRequestId": "my-request-id",
"CreationTime": "2021-05-25T15:55:51.115365Z",
"ModificationTime": "2021-05-25T15:55:51.115365Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理您自己的域列表](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-user-managed-domain-lists.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetFirewallDomainList](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-firewall-domain-list.html)。
### `get-firewall-rule-group-association`
以下代码示例演示了如何使用 `get-firewall-rule-group-association`。
**AWS CLI**
**获取防火墙规则组关联**
以下 `get-firewall-rule-group-association` 示例检索防火墙规则组关联。
```
aws route53resolver get-firewall-rule-group-association \
--firewall-rule-group-association-id rslvr-frgassoc-57e8873d7example
```
输出:
```
{
"FirewallRuleGroupAssociation": {
"Id": "rslvr-frgassoc-57e8873d7example",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example",
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"VpcId": "vpc-31e92222",
"Name": "test-association",
"Priority": 101,
"MutationProtection": "DISABLED",
"Status": "COMPLETE",
"StatusMessage": "Finished rule group association update",
"CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111",
"CreationTime": "2021-05-25T21:47:48.755768Z",
"ModificationTime": "2021-05-25T21:47:48.755768Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 VPC 与 Route 53 Resolver DNS Firewall 规则组之间的关联](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-associating-rule-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetFirewallRuleGroupAssociation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-firewall-rule-group-association.html)。
### `get-firewall-rule-group-policy`
以下代码示例演示了如何使用 `get-firewall-rule-group-policy`。
**AWS CLI**
**获取 AWS IAM 策略**
以下 `get-firewall-rule-group-policy` 示例获取了用于共享指定规则组的 AWS Identity and Access Management(AWS IAM)策略。
```
aws route53resolver get-firewall-rule-group-policy \
--arn arn:aws:route53resolver:us-west-2:AWS_ACCOUNT_ID:firewall-rule-group/rslvr-frg-47f93271fexample
```
输出:
```
{
"FirewallRuleGroupPolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"test\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::AWS_ACCOUNT_ID:root\"},\"Action\":[\"route53resolver:GetFirewallRuleGroup\",\"route53resolver:ListFirewallRuleGroups\"],\"Resource\":\"arn:aws:route53resolver:us-east-1:AWS_ACCOUNT_ID:firewall-rule-group/rslvr-frg-47f93271fexample\"}]}"
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 DNS 防火墙中的规则组和规则](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetFirewallRuleGroupPolicy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-firewall-rule-group-policy.html)。
### `get-firewall-rule-group`
以下代码示例演示了如何使用 `get-firewall-rule-group`。
**AWS CLI**
**获取防火墙规则组**
以下 `get-firewall-rule-group` 示例使用您提供的 ID 检索有关 DNS 防火墙规则组的信息。
```
aws route53resolver get-firewall-rule-group \
--firewall-rule-group-id rslvr-frg-47f93271fexample
```
输出:
```
{
"FirewallRuleGroup": {
"Id": "rslvr-frg-47f93271fexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group/rslvr-frg-47f93271fexample",
"Name": "test",
"RuleCount": 0,
"Status": "COMPLETE",
"StatusMessage": "Created Firewall Rule Group",
"OwnerId": "123456789012",
"CreatorRequestId": "my-request-id",
"ShareStatus": "NOT_SHARED",
"CreationTime": "2021-05-25T18:59:26.490017Z",
"ModificationTime": "2021-05-25T18:59:26.490017Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 DNS 防火墙中的规则组和规则](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetFirewallRuleGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-firewall-rule-group.html)。
### `get-resolver-endpoint`
以下代码示例演示了如何使用 `get-resolver-endpoint`。
**AWS CLI**
**获取有关 Resolver 端点的信息**
以下 `get-resolver-endpoint` 示例显示了指定出站端点的详细信息。通过指定适用的端点 ID,可同时对入站和出站端点使用 `get-resolver-endpoint`。
```
aws route53resolver get-resolver-endpoint \
--resolver-endpoint-id rslvr-out-d5e5920e37example
```
输出:
```
{
"ResolverEndpoint": {
"Id": "rslvr-out-d5e5920e37example",
"CreatorRequestId": "2020-01-01-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-out-d5e5920e37example",
"Name": "my-outbound-endpoint",
"SecurityGroupIds": [
"sg-05cd7b25d6example"
],
"Direction": "OUTBOUND",
"IpAddressCount": 2,
"HostVPCId": "vpc-304bexam",
"Status": "OPERATIONAL",
"StatusMessage": "This Resolver Endpoint is operational.",
"CreationTime": "2020-01-01T23:50:50.979Z",
"ModificationTime": "2020-01-02T23:50:50.979Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[创建或编辑入站端点时指定的值](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.html#resolver-forwarding-inbound-queries-values)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetResolverEndpoint](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-resolver-endpoint.html)。
### `get-resolver-rule-association`
以下代码示例演示了如何使用 `get-resolver-rule-association`。
**AWS CLI**
**获取有关 Resolver 规则与 VPC 之间的关联的信息**
以下 `get-resolver-rule-association` 示例显示有关指定 Resolver 规则与 VPC 之间的关联的详细信息。您可以使用 [associate-resolver-rule](https://docs.aws.amazon.com/cli/latest/reference/route53resolver/associate-resolver-rule.html) 将 Resolver 规则关联到 VPC。
```
aws route53resolver get-resolver-rule-association \
--resolver-rule-association-id rslvr-rrassoc-d61cbb2c8bexample
```
输出:
```
{
"ResolverRuleAssociation": {
"Id": "rslvr-rrassoc-d61cbb2c8bexample",
"ResolverRuleId": "rslvr-rr-42b60677c0example",
"Name": "my-resolver-rule-association",
"VPCId": "vpc-304bexam",
"Status": "COMPLETE",
"StatusMessage": ""
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetResolverRuleAssociation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-resolver-rule-association.html)。
### `get-resolver-rule`
以下代码示例演示了如何使用 `get-resolver-rule`。
**AWS CLI**
**获取有关 Resolver 规则的信息**
以下 `get-resolver-rule` 示例显示有关指定 Resolver 规则的详细信息,例如,规则为其转发 DNS 查询的域名以及与规则关联的 Resolver 出站端点的 ID。
```
aws route53resolver get-resolver-rule \
--resolver-rule-id rslvr-rr-42b60677c0example
```
输出:
```
{
"ResolverRule": {
"Id": "rslvr-rr-42b60677c0example",
"CreatorRequestId": "2020-01-01-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0example",
"DomainName": "example.com.",
"Status": "COMPLETE",
"StatusMessage": "[Trace id: 1-5dc4b177-ff1d9d001a0f80005example] Successfully created Resolver Rule.",
"RuleType": "FORWARD",
"Name": "my-rule",
"TargetIps": [
{
"Ip": "192.0.2.45",
"Port": 53
}
],
"ResolverEndpointId": "rslvr-out-d5e5920e37example",
"OwnerId": "111122223333",
"ShareStatus": "NOT_SHARED"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[创建或编辑规则时指定的值](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html#resolver-forwarding-outbound-queries-rule-values)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetResolverRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-resolver-rule.html)。
### `import-firewall-domains`
以下代码示例演示了如何使用 `import-firewall-domains`。
**AWS CLI**
**将域导入域列表**
以下 `import-firewall-domains` 示例将一组域从文件导入到您指定的 DNS 防火墙域列表中。
```
aws route53resolver import-firewall-domains \
--firewall-domain-list-id rslvr-fdl-d61cbb2cbexample \
--operation REPLACE \
--domain-file-url s3://PATH/TO/YOUR/FILE
```
输出:
```
{
"Id": "rslvr-fdl-d61cbb2cbexample",
"Name": "test",
"Status": "IMPORTING",
"StatusMessage": "Importing domains from provided file."
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理您自己的域列表](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-user-managed-domain-lists.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ImportFirewallDomains](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/import-firewall-domains.html)。
### `list-firewall-configs`
以下代码示例演示了如何使用 `list-firewall-configs`。
**AWS CLI**
**列出防火墙配置**
以下 `list-firewall-configs` 示例列出您的 DNS 防火墙配置。
```
aws route53resolver list-firewall-configs
```
输出:
```
{
"FirewallConfigs": [
{
"Id": "rslvr-fc-86016850cexample",
"ResourceId": "vpc-31e92222",
"OwnerId": "123456789012",
"FirewallFailOpen": "DISABLED"
}
]
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的 [DNS 防火墙 VPC 配置](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-configuration.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListFirewallConfigs](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-firewall-configs.html)。
### `list-firewall-domain-lists`
以下代码示例演示了如何使用 `list-firewall-domain-lists`。
**AWS CLI**
**列出所有 Route 53 Resolver DNS Firewall 域列表**
以下 `list-firewall-domain-lists` 示例列出了所有域列表。
```
aws route53resolver list-firewall-domain-lists
```
输出:
```
{
"FirewallDomainLists": [
{
"Id": "rslvr-fdl-2c46f2ecfexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-domain-list/rslvr-fdl-2c46f2ecfexample",
"Name": "AWSManagedDomainsMalwareDomainList",
"CreatorRequestId": "AWSManagedDomainsMalwareDomainList",
"ManagedOwnerName": "Route 53 Resolver DNS Firewall"
},
{
"Id": "rslvr-fdl-aa970e9e1example",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-domain-list/rslvr-fdl-aa970e9e1example",
"Name": "AWSManagedDomainsBotnetCommandandControl",
"CreatorRequestId": "AWSManagedDomainsBotnetCommandandControl",
"ManagedOwnerName": "Route 53 Resolver DNS Firewall"
},
{
"Id": "rslvr-fdl-42b60677cexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789111:firewall-domain-list/rslvr-fdl-42b60677cexample",
"Name": "test",
"CreatorRequestId": "my-request-id"
}
]
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的 [Route 53 Resolver DNS Firewall 域列表](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-domain-lists.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListFirewallDomainLists](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-firewall-domain-lists.html)。
### `list-firewall-domains`
以下代码示例演示了如何使用 `list-firewall-domains`。
**AWS CLI**
**在域列表中列出域**
以下 `list-firewall-domains` 示例列出了您指定的 DNS 防火墙域列表中的域。
```
aws route53resolver list-firewall-domains \
--firewall-domain-list-id rslvr-fdl-d61cbb2cbexample
```
输出:
```
{
"Domains": [
"test1.com.",
"test2.com.",
"test3.com."
]
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理您自己的域列表](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-user-managed-domain-lists.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListFirewallDomains](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-firewall-domains.html)。
### `list-firewall-rule-group-associations`
以下代码示例演示了如何使用 `list-firewall-rule-group-associations`。
**AWS CLI**
**列出 DNS 防火墙规则组关联**
以下 `list-firewall-rule-group-associations` 示例列出了 DNS 防火墙规则组与 Amazon VPC 的关联。
```
aws route53resolver list-firewall-rule-group-associations
```
输出:
```
{
"FirewallRuleGroupAssociations": [
{
"Id": "rslvr-frgassoc-57e8873d7example",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example",
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"VpcId": "vpc-31e92222",
"Name": "test-association",
"Priority": 101,
"MutationProtection": "DISABLED",
"Status": "UPDATING",
"StatusMessage": "Creating Firewall Rule Group Association",
"CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111",
"CreationTime": "2021-05-25T21:47:48.755768Z",
"ModificationTime": "2021-05-25T21:47:48.755768Z"
}
]
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 VPC 与 Route 53 Resolver DNS Firewall 规则组之间的关联](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-associating-rule-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListFirewallRuleGroupAssociations](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-firewall-rule-group-associations.html)。
### `list-firewall-rule-groups`
以下代码示例演示了如何使用 `list-firewall-rule-groups`。
**AWS CLI**
**获取您的防火墙规则组列表**
以下 `list-firewall-rule-groups` 示例列出了 DNS 防火墙规则组。
```
aws route53resolver list-firewall-rule-groups
```
输出:
```
{
"FirewallRuleGroups": [
{
"Id": "rslvr-frg-47f93271fexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group/rslvr-frg-47f93271fexample",
"Name": "test",
"OwnerId": "123456789012",
"CreatorRequestId": "my-request-id",
"ShareStatus": "NOT_SHARED"
}
]
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 DNS 防火墙中的规则组和规则](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListFirewallRuleGroups](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-firewall-rule-groups.html)。
### `list-firewall-rules`
以下代码示例演示了如何使用 `list-firewall-rules`。
**AWS CLI**
**列出防火墙规则**
以下 `list-firewall-rules` 示例列出了防火墙规则组中的所有 DNS 防火墙规则。
```
aws route53resolver list-firewall-rules \
--firewall-rule-group-id rslvr-frg-47f93271fexample
```
输出:
```
{
"FirewallRules": [
{
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-9e956e9ffexample",
"Name": "allow-rule",
"Priority": 101,
"Action": "ALLOW",
"CreatorRequestId": "d81e3fb7-020b-415e-939f-EXAMPLE11111",
"CreationTime": "2021-05-25T21:44:00.346093Z",
"ModificationTime": "2021-05-25T21:44:00.346093Z"
}
]
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 DNS 防火墙中的规则组和规则](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListFirewallRules](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-firewall-rules.html)。
### `list-resolver-endpoint-ip-addresses`
以下代码示例演示了如何使用 `list-resolver-endpoint-ip-addresses`。
**AWS CLI**
**列出指定入站或出站端点的 IP 地址**
以下 `list-resolver-endpoint-ip-addresses` 示例列出了与入站端点 `rslvr-in-f9ab8a03f1example` 关联的 IP 地址的相关信息。也可以通过指定适用的端点 ID,对出站端点使用 `list-resolver-endpoint-ip-addresses`。
```
aws route53resolver list-resolver-endpoint-ip-addresses \
--resolver-endpoint-id rslvr-in-f9ab8a03f1example
```
输出:
```
{
"MaxResults": 10,
"IpAddresses": [
{
"IpId": "rni-1de60cdbfeexample",
"SubnetId": "subnet-ba47exam",
"Ip": "192.0.2.44",
"Status": "ATTACHED",
"StatusMessage": "This IP address is operational.",
"CreationTime": "2020-01-03T23:02:29.587Z",
"ModificationTime": "2020-01-03T23:03:05.555Z"
},
{
"IpId": "rni-aac7085e38example",
"SubnetId": "subnet-12d8exam",
"Ip": "192.0.2.45",
"Status": "ATTACHED",
"StatusMessage": "This IP address is operational.",
"CreationTime": "2020-01-03T23:02:29.593Z",
"ModificationTime": "2020-01-03T23:02:55.060Z"
}
]
}
```
有关输出中值的更多信息,请参阅《Amazon Route 53 开发者指南》**中的[创建或编辑入站端点时指定的值](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.html#resolver-forwarding-inbound-queries-values)或[创建或编辑出站端点时指定的值](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html#resolver-forwarding-outbound-queries-endpoint-values)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListResolverEndpointIpAddresses](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-resolver-endpoint-ip-addresses.html)。
### `list-resolver-endpoints`
以下代码示例演示了如何使用 `list-resolver-endpoints`。
**AWS CLI**
**列出 AWS 区域中的 Resolver 端点**
以下 `list-resolver-endpoints` 示例列出了当前账户中存在的入站和出站 Resolver 端点。
```
aws route53resolver list-resolver-endpoints
```
输出:
```
{
"MaxResults": 10,
"ResolverEndpoints": [
{
"Id": "rslvr-in-497098ad59example",
"CreatorRequestId": "2020-01-01-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-497098ad59example",
"Name": "my-inbound-endpoint",
"SecurityGroupIds": [
"sg-05cd7b25d6example"
],
"Direction": "INBOUND",
"IpAddressCount": 2,
"HostVPCId": "vpc-304bexam",
"Status": "OPERATIONAL",
"StatusMessage": "This Resolver Endpoint is operational.",
"CreationTime": "2020-01-01T23:25:45.538Z",
"ModificationTime": "2020-01-01T23:25:45.538Z"
},
{
"Id": "rslvr-out-d5e5920e37example",
"CreatorRequestId": "2020-01-01-18:48",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-out-d5e5920e37example",
"Name": "my-outbound-endpoint",
"SecurityGroupIds": [
"sg-05cd7b25d6example"
],
"Direction": "OUTBOUND",
"IpAddressCount": 2,
"HostVPCId": "vpc-304bexam",
"Status": "OPERATIONAL",
"StatusMessage": "This Resolver Endpoint is operational.",
"CreationTime": "2020-01-01T23:50:50.979Z",
"ModificationTime": "2020-01-01T23:50:50.979Z"
}
]
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListResolverEndpoints](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-resolver-endpoints.html)。
### `list-resolver-rule-associations`
以下代码示例演示了如何使用 `list-resolver-rule-associations`。
**AWS CLI**
**列出 Resolver 规则与 VPC 之间的所有关联**
以下 `list-resolver-rule-associations` 示例列出了当前 AWS 账户中的 Resolver 规则与 VPC 之间的关联。
```
aws route53resolver list-resolver-rule-associations
```
输出:
```
{
"MaxResults": 30,
"ResolverRuleAssociations": [
{
"Id": "rslvr-autodefined-assoc-vpc-304bexam-internet-resolver",
"ResolverRuleId": "rslvr-autodefined-rr-internet-resolver",
"Name": "System Rule Association",
"VPCId": "vpc-304bexam",
"Status": "COMPLETE",
"StatusMessage": ""
},
{
"Id": "rslvr-rrassoc-d61cbb2c8bexample",
"ResolverRuleId": "rslvr-rr-42b60677c0example",
"Name": "my-resolver-rule-association",
"VPCId": "vpc-304bexam",
"Status": "COMPLETE",
"StatusMessage": ""
}
]
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的 [Route 53 Resolver 如何将 DNS 查询从您的 VPC 转发到您的网络](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html#resolver-overview-forward-vpc-to-network)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListResolverRuleAssociations](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-resolver-rule-associations.html)。
### `list-resolver-rules`
以下代码示例演示了如何使用 `list-resolver-rules`。
**AWS CLI**
**列出 Resolver 规则**
以下 `list-resolver-rules` 示例列出了当前 AWS 账户中的所有 Resolver 规则。
```
aws route53resolver list-resolver-rules
```
输出:
```
{
"MaxResults": 30,
"ResolverRules": [
{
"Id": "rslvr-autodefined-rr-internet-resolver",
"CreatorRequestId": "",
"Arn": "arn:aws:route53resolver:us-west-2::autodefined-rule/rslvr-autodefined-rr-internet-resolver",
"DomainName": ".",
"Status": "COMPLETE",
"RuleType": "RECURSIVE",
"Name": "Internet Resolver",
"OwnerId": "Route 53 Resolver",
"ShareStatus": "NOT_SHARED"
},
{
"Id": "rslvr-rr-42b60677c0example",
"CreatorRequestId": "2020-01-01-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0bc4e299",
"DomainName": "example.com.",
"Status": "COMPLETE",
"StatusMessage": "[Trace id: 1-5dc4b177-ff1d9d001a0f80005example] Successfully created Resolver Rule.",
"RuleType": "FORWARD",
"Name": "my-rule",
"TargetIps": [
{
"Ip": "192.0.2.45",
"Port": 53
}
],
"ResolverEndpointId": "rslvr-out-d5e5920e37example",
"OwnerId": "111122223333",
"ShareStatus": "NOT_SHARED"
}
]
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的 [Route 53 Resolver 如何将 DNS 查询从您的 VPC 转发到您的网络](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html#resolver-overview-forward-vpc-to-network)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListResolverRules](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-resolver-rules.html)。
### `list-tags-for-resource`
以下代码示例演示了如何使用 `list-tags-for-resource`。
**AWS CLI**
**列出 Resolver 资源的标签**
以下 `list-tags-for-resource` 示例列出分配给指定 Resolver 规则的标签。
```
aws route53resolver list-tags-for-resource \
--resource-arn "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0example"
```
输出:
```
{
"Tags": [
{
"Key": "my-key-1",
"Value": "my-value-1"
},
{
"Key": "my-key-2",
"Value": "my-value-2"
}
]
}
```
有关将标签用于成本分配的信息,请参阅《AWS 账单和成本管理用户指南**》中的[使用成本分配标签](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListTagsForResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-tags-for-resource.html)。
### `put-firewall-rule-group-policy`
以下代码示例演示了如何使用 `put-firewall-rule-group-policy`。
**AWS CLI**
**附加 AWS IAM 策略以共享防火墙规则组策略**
以下 `put-firewall-rule-group-policy` 示例附加用于共享指定规则组的 AWS Identity and Access Management(AWS IAM)策略。
```
aws route53resolver put-firewall-rule-group-policy \
--firewall-rule-group-policy "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"test\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::AWS_ACCOUNT_ID:root\"},\"Action\":[\"route53resolver:GetFirewallRuleGroup\",\"route53resolver:ListFirewallRuleGroups\"],\"Resource\":\"arn:aws:route53resolver:us-east-1:AWS_ACCOUNT_ID:firewall-rule-group/rslvr-frg-47f93271fexample\"}]}"
```
输出:
```
{
"ReturnValue": true
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 DNS 防火墙中的规则组和规则](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [PutFirewallRuleGroupPolicy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/put-firewall-rule-group-policy.html)。
### `put-resolver-rule-policy`
以下代码示例演示了如何使用 `put-resolver-rule-policy`。
**AWS CLI**
**与其他 AWS 账户共享 Resolver 规则**
以下 `put-resolver-rule-policy` 示例指定要与其他 AWS 账户共享的 Resolver 规则、要与之共享规则的账户,以及您希望该账户能够对规则执行的规则相关操作。
**注意**:您必须使用创建规则的同一账户的凭证运行此命令。
```
aws route53resolver put-resolver-rule-policy \
--region us-east-1 \
--arn "arn:aws:route53resolver:us-east-1:111122223333:resolver-rule/rslvr-rr-42b60677c0example" \
--resolver-rule-policy "{\"Version\": \"2012-10-17\", \
\"Statement\": [ { \
\"Effect\" : \"Allow\", \
\"Principal\" : {\"AWS\" : \"444455556666\" }, \
\"Action\" : [ \
\"route53resolver:GetResolverRule\", \
\"route53resolver:AssociateResolverRule\", \
\"route53resolver:DisassociateResolverRule\", \
\"route53resolver:ListResolverRules\", \
\"route53resolver:ListResolverRuleAssociations\" ], \
\"Resource\" : [ \"arn:aws:route53resolver:us-east-1:111122223333:resolver-rule/rslvr-rr-42b60677c0example\" ] } ] }"
```
输出:
```
{
"ReturnValue": true
}
```
运行 `put-resolver-rule-policy` 后,您可以运行以下两个 Resource Access Manager(RAM)命令。您必须使用要与之共享规则的账户:
`get-resource-share-invitations` 会返回值 `resourceShareInvitationArn`。您需要此值才能接受使用共享规则的邀请。`accept-resource-share-invitation` 将接受使用共享规则的邀请。
有关更多信息,请参阅以下文档:
[get-resource-share-invitations](https://docs.aws.amazon.com/cli/latest/reference/ram/get-resource-share-invitations.html)[accept-resource-share-invitations](https://docs.aws.amazon.com/cli/latest/reference/ram/accept-resource-share-invitation.html)《Amazon Route 53 开发人员指南》**中的[与其他 AWS 账户共享转发规则并使用共享规则](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-rules-managing.html#resolver-rules-managing-sharing)
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [PutResolverRulePolicy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/put-resolver-rule-policy.html)。
### `tag-resource`
以下代码示例演示了如何使用 `tag-resource`。
**AWS CLI**
**将标签与 Resolver 资源相关联**
以下 `tag-resource` 示例将两个标签键/值对与指定的 Resolver 规则相关联。
```
aws route53resolver tag-resource \
--resource-arn "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0example" \
--tags "Key=my-key-1,Value=my-value-1" "Key=my-key-2,Value=my-value-2"
```
此命令不生成任何输出。
有关将标签用于成本分配的信息,请参阅《AWS 账单和成本管理用户指南**》中的[使用成本分配标签](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [TagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/tag-resource.html)。
### `untag-resource`
以下代码示例演示了如何使用 `untag-resource`。
**AWS CLI**
**从 Resolver 资源中删除标签**
以下 `untag-resource` 示例从指定的 Resolver 规则中删除了两个标签。
```
aws route53resolver untag-resource \
--resource-arn "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0example" \
--tag-keys my-key-1 my-key-2
```
此命令不生成任何输出。要确认标签已被删除,可以使用 [list-tags-for-resource](https://docs.aws.amazon.com/cli/latest/reference/route53resolver/list-tags-for-resource.html)。
有关将标签用于成本分配的信息,请参阅《AWS 账单和成本管理用户指南**》中的[使用成本分配标签](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UntagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/untag-resource.html)。
### `update-firewall-config`
以下代码示例演示了如何使用 `update-firewall-config`。
**AWS CLI**
**更新防火墙配置**
以下 `update-firewall-config` 示例更新了 DNS 防火墙配置。
```
aws route53resolver update-firewall-config \
--resource-id vpc-31e92222 \
--firewall-fail-open DISABLED
```
输出:
```
{
"FirewallConfig": {
"Id": "rslvr-fc-86016850cexample",
"ResourceId": "vpc-31e92222",
"OwnerId": "123456789012",
"FirewallFailOpen": "DISABLED"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的 [DNS 防火墙 VPC 配置](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-configuration.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateFirewallConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/update-firewall-config.html)。
### `update-firewall-domains`
以下代码示例演示了如何使用 `update-firewall-domains`。
**AWS CLI**
**更新域列表**
以下 `update-firewall-domains` 示例使用您提供的 ID 将域添加到域列表中。
```
aws route53resolver update-firewall-domains \
--firewall-domain-list-id rslvr-fdl-42b60677cexampleb \
--operation ADD \
--domains test1.com test2.com test3.com
```
输出:
```
{
"Id": "rslvr-fdl-42b60677cexample",
"Name": "test",
"Status": "UPDATING",
"StatusMessage": "Updating the Firewall Domain List"
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理您自己的域列表](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-user-managed-domain-lists.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateFirewallDomains](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/update-firewall-domains.html)。
### `update-firewall-rule-group-association`
以下代码示例演示了如何使用 `update-firewall-rule-group-association`。
**AWS CLI**
**更新防火墙规则组关联**
以下 `update-firewall-rule-group-association` 示例更新了防火墙规则组关联。
```
aws route53resolver update-firewall-rule-group-association \
--firewall-rule-group-association-id rslvr-frgassoc-57e8873d7example \
--priority 103
```
输出:
```
{
"FirewallRuleGroupAssociation": {
"Id": "rslvr-frgassoc-57e8873d7example",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example",
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"VpcId": "vpc-31e92222",
"Name": "test-association",
"Priority": 103,
"MutationProtection": "DISABLED",
"Status": "UPDATING",
"StatusMessage": "Updating the Firewall Rule Group Association Attributes",
"CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111",
"CreationTime": "2021-05-25T21:47:48.755768Z",
"ModificationTime": "2021-05-25T21:50:09.272569Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 VPC 与 Route 53 Resolver DNS Firewall 规则组之间的关联](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-associating-rule-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateFirewallRuleGroupAssociation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/update-firewall-rule-group-association.html)。
### `update-firewall-rule`
以下代码示例演示了如何使用 `update-firewall-rule`。
**AWS CLI**
**更新防火墙规则**
以下 `update-firewall-rule` 示例使用您指定的参数更新了防火墙规则。
```
aws route53resolver update-firewall-rule \
--firewall-rule-group-id rslvr-frg-47f93271fexample \
--firewall-domain-list-id rslvr-fdl-9e956e9ffexample \
--priority 102
```
输出:
```
{
"FirewallRule": {
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-9e956e9ffexample",
"Name": "allow-rule",
"Priority": 102,
"Action": "ALLOW",
"CreatorRequestId": "d81e3fb7-020b-415e-939f-EXAMPLE11111",
"CreationTime": "2021-05-25T21:44:00.346093Z",
"ModificationTime": "2021-05-25T21:45:59.611600Z"
}
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[管理 DNS 防火墙中的规则组和规则](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateFirewallRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/update-firewall-rule.html)。
### `update-resolver-endpoint`
以下代码示例演示了如何使用 `update-resolver-endpoint`。
**AWS CLI**
**更新 Resolver 端点的名称**
以下 `update-resolver-endpoint` 示例更新了 Resolver 端点的名称。不支持更新其他值。
```
aws route53resolver update-resolver-endpoint \
--resolver-endpoint-id rslvr-in-b5d45e32bdc445f09 \
--name my-renamed-inbound-endpoint
```
输出:
```
{
"ResolverEndpoint": {
"Id": "rslvr-in-b5d45e32bdexample",
"CreatorRequestId": "2020-01-02-18:48",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-b5d45e32bdexample",
"Name": "my-renamed-inbound-endpoint",
"SecurityGroupIds": [
"sg-f62bexam"
],
"Direction": "INBOUND",
"IpAddressCount": 2,
"HostVPCId": "vpc-304bexam",
"Status": "OPERATIONAL",
"StatusMessage": "This Resolver Endpoint is operational.",
"CreationTime": "2020-01-01T18:33:59.265Z",
"ModificationTime": "2020-01-08T18:33:59.265Z"
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateResolverEndpoint](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/update-resolver-endpoint.html)。
### `update-resolver-rule`
以下代码示例演示了如何使用 `update-resolver-rule`。
**AWS CLI**
**示例 1:更新 Resolver 端点的设置**
以下 `update-resolver-rule` 示例更新了规则的名称、将 DNS 查询转发到的本地网络上的 IP 地址以及用于将查询转发到网络的 Resolver 出站端点的 ID。
**注意**:`TargetIps` 的现有值会被覆盖,因此您必须指定在更新后希望规则具有的所有 IP 地址。
```
aws route53resolver update-resolver-rule \
--resolver-rule-id rslvr-rr-1247fa64f3example \
--config Name="my-2nd-rule",TargetIps=[{Ip=192.0.2.45,Port=53},{Ip=192.0.2.46,Port=53}],ResolverEndpointId=rslvr-out-7b89ed0d25example
```
输出:
```
{
"ResolverRule": {
"Id": "rslvr-rr-1247fa64f3example",
"CreatorRequestId": "2020-01-02-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-1247fa64f3example",
"DomainName": "www.example.com.",
"Status": "COMPLETE",
"StatusMessage": "[Trace id: 1-5dcc90b9-8a8ee860aba1ebd89example] Successfully updated Resolver Rule.",
"RuleType": "FORWARD",
"Name": "my-2nd-rule",
"TargetIps": [
{
"Ip": "192.0.2.45",
"Port": 53
},
{
"Ip": "192.0.2.46",
"Port": 53
}
],
"ResolverEndpointId": "rslvr-out-7b89ed0d25example",
"OwnerId": "111122223333",
"ShareStatus": "NOT_SHARED"
}
}
```
**示例 2:使用用于“config”设置的文件更新 Resolver 端点的设置**
或者,您可以将 `config` 设置包含在 JSON 文件中,然后在调用 `update-resolver-rule` 时指定该文件。
```
aws route53resolver update-resolver-rule \
--resolver-rule-id rslvr-rr-1247fa64f3example \
--config file://c:\temp\update-resolver-rule.json
```
`update-resolver-rule.json` 的内容。
```
{
"Name": "my-2nd-rule",
"TargetIps": [
{
"Ip": "192.0.2.45",
"Port": 53
},
{
"Ip": "192.0.2.46",
"Port": 53
}
],
"ResolverEndpointId": "rslvr-out-7b89ed0d25example"
}
```
有关更多信息,请参阅《Amazon Route 53 开发人员指南》**中的[创建或编辑规则时指定的值](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html#resolver-forwarding-outbound-queries-rule-values)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateResolverRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/update-resolver-rule.html)。