本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 使用 的 Route 53 Resolver 範例 AWS CLI
下列程式碼範例示範如何使用 AWS Command Line Interface 搭配 Route 53 Resolver 執行動作和實作常見案例。
*Actions* 是大型程式的程式碼摘錄,必須在內容中執行。雖然動作會告訴您如何呼叫個別服務函數,但您可以在其相關情境中查看內容中的動作。
每個範例均包含完整原始碼的連結,您可在連結中找到如何設定和執行內容中程式碼的相關指示。
**Topics**
+ [動作](#actions)
## 動作
### `associate-firewall-rule-group`
以下程式碼範例顯示如何使用 `associate-firewall-rule-group`。
**AWS CLI**
**將防火牆規則群組與 VPC 相關聯**
下列 `associate-firewall-rule-group` 範例會將 DNS 防火牆規則群組與 Amazon VPC 相關聯。
```
aws route53resolver associate-firewall-rule-group \
--name test-association \
--firewall-rule-group-id rslvr-frg-47f93271fexample \
--vpc-id vpc-31e92222 \
--priority 101
```
輸出:
```
{
"FirewallRuleGroupAssociation": {
"Id": "rslvr-frgassoc-57e8873d7example",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example",
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"VpcId": "vpc-31e92222",
"Name": "test-association",
"Priority": 101,
"MutationProtection": "DISABLED",
"Status": "UPDATING",
"StatusMessage": "Creating Firewall Rule Group Association",
"CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111",
"CreationTime": "2021-05-25T21:47:48.755768Z",
"ModificationTime": "2021-05-25T21:47:48.755768Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 VPC 與 Route 53 Resolver DNS 防火牆規則群組之間的關聯](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-associating-rule-group.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AssociateFirewallRuleGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/associate-firewall-rule-group.html)。
### `associate-resolver-endpoint-ip-address`
以下程式碼範例顯示如何使用 `associate-resolver-endpoint-ip-address`。
**AWS CLI**
**將另一個 IP 位址與 Resolver 端點相關聯**
下列 `associate-resolver-endpoint-ip-address` 範例會將另一個 IP 位址與傳入 Resolver 端點相關聯。如果您僅指定子網路 ID,並從 `--ip-address` 參數省略 IP 位址,Resolver 會從指定子網路中的可用 IP 位址中,為您選擇 IP 位址。
```
aws route53resolver associate-resolver-endpoint-ip-address \
--resolver-endpoint-id rslvr-in-497098ad5example \
--ip-address="SubnetId=subnet-12d8exam,Ip=192.0.2.118"
```
輸出:
```
{
"ResolverEndpoint": {
"Id": "rslvr-in-497098ad5example",
"CreatorRequestId": "AWSConsole.25.0123456789",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-497098ad5example",
"Name": "my-inbound-endpoint",
"SecurityGroupIds": [
"sg-05cd7b25d6example"
],
"Direction": "INBOUND",
"IpAddressCount": 3,
"HostVPCId": "vpc-304bexam",
"Status": "UPDATING",
"StatusMessage": "Updating the Resolver Endpoint",
"CreationTime": "2020-01-02T23:25:45.538Z",
"ModificationTime": "2020-01-02T23:25:45.538Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[當您建立或編輯傳入端點時所指定的值](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.html#resolver-forwarding-inbound-queries-values)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AssociateResolverEndpointIpAddress](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/associate-resolver-endpoint-ip-address.html)。
### `associate-resolver-rule`
以下程式碼範例顯示如何使用 `associate-resolver-rule`。
**AWS CLI**
**將 Resolver 規則與 VPC 相關聯**
下列 `associate-resolver-rule` 範例會將 Resolver 規則與 Amazon VPC 相關聯。在您執行命令之後,Resolver 會根據規則中的設定,開始將 DNS 查詢轉送到您的網路,例如轉送的查詢網域名稱。
```
aws route53resolver associate-resolver-rule \
--name my-resolver-rule-association \
--resolver-rule-id rslvr-rr-42b60677c0example \
--vpc-id vpc-304bexam
```
輸出:
```
{
"ResolverRuleAssociation": {
"Id": "rslvr-rrassoc-d61cbb2c8bexample",
"ResolverRuleId": "rslvr-rr-42b60677c0example",
"Name": "my-resolver-rule-association",
"VPCId": "vpc-304bexam",
"Status": "CREATING",
"StatusMessage": "[Trace id: 1-5dc5a8fa-ec2cc480d2ef07617example] Creating the association."
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[將傳出 DNS 查詢轉送到您的網路](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AssociateResolverRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/associate-resolver-rule.html)。
### `create-firewall-domain-list`
以下程式碼範例顯示如何使用 `create-firewall-domain-list`。
**AWS CLI**
**建立 Route 53 Resolver DNS 防火牆網域清單**
下列`create-firewall-domain-list`範例會在您的帳戶中建立 Route 53 Resolver DNS Firewall 網域清單,名為 test AWS 。
```
aws route53resolver create-firewall-domain-list \
--creator-request-id my-request-id \
--name test
```
輸出:
```
{
"FirewallDomainList": {
"Id": "rslvr-fdl-d61cbb2cbexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-domain-list/rslvr-fdl-d61cbb2cbexample",
"Name": "test",
"DomainCount": 0,
"Status": "COMPLETE",
"StatusMessage": "Created Firewall Domain List",
"CreatorRequestId": "my-request-id",
"CreationTime": "2021-05-25T15:55:51.115365Z",
"ModificationTime": "2021-05-25T15:55:51.115365Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理您自己的網域清單](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-user-managed-domain-lists.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateFirewallDomainList](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/create-firewall-domain-list.html)。
### `create-firewall-rule-group`
以下程式碼範例顯示如何使用 `create-firewall-rule-group`。
**AWS CLI**
**建立防火牆規則群組**
下列 `create-firewall-rule-group` 範例會建立 DNS 防火牆規則群組。
```
aws route53resolver create-firewall-rule-group \
--creator-request-id my-request-id \
--name test
```
輸出:
```
{
"FirewallRuleGroup": {
"Id": "rslvr-frg-47f93271fexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group/rslvr-frg-47f93271fexample",
"Name": "test",
"RuleCount": 0,
"Status": "COMPLETE",
"StatusMessage": "Created Firewall Rule Group",
"OwnerId": "123456789012",
"CreatorRequestId": "my-request-id",
"ShareStatus": "NOT_SHARED",
"CreationTime": "2021-05-25T18:59:26.490017Z",
"ModificationTime": "2021-05-25T18:59:26.490017Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 DNS 防火牆中的規則群組和規則](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateFirewallRuleGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/create-firewall-rule-group.html)。
### `create-firewall-rule`
以下程式碼範例顯示如何使用 `create-firewall-rule`。
**AWS CLI**
**建立防火牆規則**
下列 `create-firewall-rule` 範例會在 DNS 防火牆規則中,為 DNS 防火牆網域清單中列出的網域建立防火牆規則。
```
aws route53resolver create-firewall-rule \
--name allow-rule \
--firewall-rule-group-id rslvr-frg-47f93271fexample \
--firewall-domain-list-id rslvr-fdl-9e956e9ffexample \
--priority 101 \
--action ALLOW
```
輸出:
```
{
"FirewallRule": {
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-9e956e9ffexample",
"Name": "allow-rule",
"Priority": 101,
"Action": "ALLOW",
"CreatorRequestId": "d81e3fb7-020b-415e-939f-EXAMPLE11111",
"CreationTime": "2021-05-25T21:44:00.346093Z",
"ModificationTime": "2021-05-25T21:44:00.346093Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 DNS 防火牆中的規則群組和規則](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateFirewallRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/create-firewall-rule.html)。
### `create-resolver-endpoint`
以下程式碼範例顯示如何使用 `create-resolver-endpoint`。
**AWS CLI**
**建立傳入解析程式端點**
以下 `create-resolver-endpoint` 範例會建立傳入解析程式端點。您可以使用相同的命令來建立傳入和傳出端點。
aws route53resolver create-resolver-endpoint --name my-inbound-endpoint --creator-request-id 2020-01-01-18:47 --security-group-ids "sg-f62bexam" --direction INBOUND --ip-addresses SubnetId=subnet-ba47exam,Ip=192.0.2.255 SubnetId=subnet-12d8exam,Ip=192.0.2.254
輸出:
```
{
"ResolverEndpoint": {
"Id": "rslvr-in-f9ab8a03f1example",
"CreatorRequestId": "2020-01-01-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-f9ab8a03f1example",
"Name": "my-inbound-endpoint",
"SecurityGroupIds": [
"sg-f62bexam"
],
"Direction": "INBOUND",
"IpAddressCount": 2,
"HostVPCId": "vpc-304examp",
"Status": "CREATING",
"StatusMessage": "[Trace id: 1-5dc1ff84-f3477826e4a190025example] Creating the Resolver Endpoint",
"CreationTime": "2020-01-01T23:02:29.583Z",
"ModificationTime": "2020-01-01T23:02:29.583Z"
}
}
```
**建立傳出解析程式端點**
下列 `create-resolver-endpoint` 範例會使用 JSON 格式文件 `create-outbound-resolver-endpoint.json` 中的值來建立傳出解析程式端點。
```
aws route53resolver create-resolver-endpoint \
--cli-input-json file://c:\temp\create-outbound-resolver-endpoint.json
```
`create-outbound-resolver-endpoint.json` 的內容:
```
{
"CreatorRequestId": "2020-01-01-18:47",
"Direction": "OUTBOUND",
"IpAddresses": [
{
"Ip": "192.0.2.255",
"SubnetId": "subnet-ba47exam"
},
{
"Ip": "192.0.2.254",
"SubnetId": "subnet-12d8exam"
}
],
"Name": "my-outbound-endpoint",
"SecurityGroupIds": [ "sg-05cd7b25d6example" ],
"Tags": [
{
"Key": "my-key-name",
"Value": "my-key-value"
}
]
}
```
如需詳細資訊,請參閱《*Amazon Route 53 開發人員指南*》中的[在 VPC 和網路之間解析 DNS 查詢](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateResolverEndpoint](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/create-resolver-endpoint.html)。
### `create-resolver-rule`
以下程式碼範例顯示如何使用 `create-resolver-rule`。
**AWS CLI**
**建立解析程式規則**
下列 `create-resolver-rule` 範例會建立解析程式轉送規則。此規則使用傳出端點 rslvr-out-d5e5920e37example,將 `example.com` 的 DNS 查詢轉送至 IP 位址 10.24.8.75 和 10.24.8.156。
```
aws route53resolver create-resolver-rule \
--creator-request-id 2020-01-02-18:47 \
--domain-name example.com \
--name my-rule \
--resolver-endpoint-id rslvr-out-d5e5920e37example \
--rule-type FORWARD \
--target-ips "Ip=10.24.8.75" "Ip=10.24.8.156"
```
輸出:
```
{
"ResolverRule": {
"Status": "COMPLETE",
"RuleType": "FORWARD",
"ResolverEndpointId": "rslvr-out-d5e5920e37example",
"Name": "my-rule",
"DomainName": "example.com.",
"CreationTime": "2022-05-10T21:35:30.923187Z",
"TargetIps": [
{
"Ip": "10.24.8.75",
"Port": 53
},
{
"Ip": "10.24.8.156",
"Port": 53
}
],
"CreatorRequestId": "2022-05-10-16:33",
"ModificationTime": "2022-05-10T21:35:30.923187Z",
"ShareStatus": "NOT_SHARED",
"Arn": "arn:aws:route53resolver:us-east-1:111117012054:resolver-rule/rslvr-rr-b1e0b905e93611111",
"OwnerId": "111111111111",
"Id": "rslvr-rr-rslvr-rr-b1e0b905e93611111",
"StatusMessage": "[Trace id: 1-22222222-3e56afcc71a3724664f22e24] Successfully created Resolver Rule."
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateResolverRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/create-resolver-rule.html)。
### `delete-firewall-domain-list`
以下程式碼範例顯示如何使用 `delete-firewall-domain-list`。
**AWS CLI**
**Route 53 Resolver DNS 防火牆網域清單**
下列`delete-firewall-domain-list`範例會刪除您 AWS 帳戶中名為 test 的 Route 53 Resolver DNS Firewall 網域清單。
```
aws route53resolver delete-firewall-domain-list \
--firewall-domain-list-id rslvr-fdl-9e956e9ffexample
```
輸出:
```
{
"FirewallDomainList": {
"Id": "rslvr-fdl-9e956e9ffexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-domain-list/rslvr-fdl-9e956e9ffexample",
"Name": "test",
"DomainCount": 6,
"Status": "DELETING",
"StatusMessage": "Deleting the Firewall Domain List",
"CreatorRequestId": "my-request-id",
"CreationTime": "2021-05-25T15:55:51.115365Z",
"ModificationTime": "2021-05-25T18:58:05.588024Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理您自己的網域清單](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-user-managed-domain-lists.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteFirewallDomainList](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/delete-firewall-domain-list.html)。
### `delete-firewall-rule-group`
以下程式碼範例顯示如何使用 `delete-firewall-rule-group`。
**AWS CLI**
**刪除防火牆規則群組**
下列 `delete-firewall-rule-group` 範例會刪除防火牆規則群組。
```
aws route53resolver delete-firewall-rule-group \
--firewall-rule-group-id rslvr-frg-47f93271fexample
```
輸出:
```
{
"FirewallRuleGroup": {
"Id": "rslvr-frg-47f93271fexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group/rslvr-frg-47f93271fexample",
"Name": "test",
"RuleCount": 0,
"Status": "UPDATING",
"StatusMessage": "Updating Firewall Rule Group",
"OwnerId": "123456789012",
"CreatorRequestId": "my-request-id",
"ShareStatus": "NOT_SHARED",
"CreationTime": "2021-05-25T18:59:26.490017Z",
"ModificationTime": "2021-05-25T21:51:53.028688Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 DNS 防火牆中的規則群組和規則](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteFirewallRuleGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/delete-firewall-rule-group.html)。
### `delete-firewall-rule`
以下程式碼範例顯示如何使用 `delete-firewall-rule`。
**AWS CLI**
**刪除防火牆規則**
下列 `delete-firewall-rule` 範例會刪除指定的防火牆規則。
```
aws route53resolver delete-firewall-rule \
--firewall-rule-group-id rslvr-frg-47f93271fexample \
--firewall-domain-list-id rslvr-fdl-9e956e9ffexample
```
輸出:
```
{
"FirewallRule": {
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-9e956e9ffexample",
"Name": "allow-rule",
"Priority": 102,
"Action": "ALLOW",
"CreatorRequestId": "d81e3fb7-020b-415e-939f-EXAMPLE11111",
"CreationTime": "2021-05-25T21:44:00.346093Z",
"ModificationTime": "2021-05-25T21:45:59.611600Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 DNS 防火牆中的規則群組和規則](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteFirewallRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/delete-firewall-rule.html)。
### `delete-resolver-endpoint`
以下程式碼範例顯示如何使用 `delete-resolver-endpoint`。
**AWS CLI**
**刪除解析程式端點**
以下 `delete-resolver-endpoint` 範例會刪除指定的端點。
**重要**如果刪除傳入端點,您網路的 DNS 查詢即不再轉送到您於端點中指定之 VPC 中的 Resolver。如果您刪除傳出端點,則針對指定已刪除傳出端點的那些規則,Resolver 會停止將 DNS 查詢從您的 VPC 轉送到您的網路。
```
aws route53resolver delete-resolver-endpoint \
--resolver-endpoint-id rslvr-in-497098ad59example
```
輸出:
```
{
"ResolverEndpoint": {
"Id": "rslvr-in-497098ad59example",
"CreatorRequestId": "AWSConsole.25.157290example",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-497098ad59example",
"Name": "my-inbound-endpoint",
"SecurityGroupIds": [
"sg-05cd7b25d6example"
],
"Direction": "INBOUND",
"IpAddressCount": 5,
"HostVPCId": "vpc-304bexam",
"Status": "DELETING",
"StatusMessage": "[Trace id: 1-5dc5b658-811b5be0922bbc382example] Deleting ResolverEndpoint.",
"CreationTime": "2020-01-01T23:25:45.538Z",
"ModificationTime": "2020-01-02T23:25:45.538Z"
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteResolverEndpoint](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/delete-resolver-endpoint.html)。
### `delete-resolver-rule`
以下程式碼範例顯示如何使用 `delete-resolver-rule`。
**AWS CLI**
**刪除解析程式規則**
以下 `delete-resolver-rule` 範例會刪除指定規則。
**注意**如果規則與任何 VPC 相關聯,您必須先取消規則與該 VPC 的關聯,才能刪除規則。
```
aws route53resolver delete-resolver-rule \
--resolver-rule-id rslvr-rr-5b3809426bexample
```
輸出:
```
{
"ResolverRule": {
"Id": "rslvr-rr-5b3809426bexample",
"CreatorRequestId": "2020-01-03-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-5b3809426bexample",
"DomainName": "zenith.example.com.",
"Status": "DELETING",
"StatusMessage": "[Trace id: 1-5dc5e05b-602e67b052cb74f05example] Deleting Resolver Rule.",
"RuleType": "FORWARD",
"Name": "my-resolver-rule",
"TargetIps": [
{
"Ip": "192.0.2.50",
"Port": 53
}
],
"ResolverEndpointId": "rslvr-out-d5e5920e3example",
"OwnerId": "111122223333",
"ShareStatus": "NOT_SHARED"
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteResolverRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/delete-resolver-rule.html)。
### `disassociate-firewall-rule-group`
以下程式碼範例顯示如何使用 `disassociate-firewall-rule-group`。
**AWS CLI**
**取消防火牆規則群組與 VPC 的關聯**
下列 `disassociate-firewall-rule-group` 範例會取消 DNS 防火牆規則群組與 Amazon VPC 的關聯。
```
aws route53resolver disassociate-firewall-rule-group \
--firewall-rule-group-association-id rslvr-frgassoc-57e8873d7example
```
輸出:
```
{
"FirewallRuleGroupAssociation": {
"Id": "rslvr-frgassoc-57e8873d7example",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example",
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"VpcId": "vpc-31e92222",
"Name": "test-association",
"Priority": 103,
"MutationProtection": "DISABLED",
"Status": "DELETING",
"StatusMessage": "Deleting the Firewall Rule Group Association",
"CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111",
"CreationTime": "2021-05-25T21:47:48.755768Z",
"ModificationTime": "2021-05-25T21:51:02.377887Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 VPC 與 Route 53 Resolver DNS 防火牆規則群組之間的關聯](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-associating-rule-group.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DisassociateFirewallRuleGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/disassociate-firewall-rule-group.html)。
### `disassociate-resolver-endpoint-ip-address`
以下程式碼範例顯示如何使用 `disassociate-resolver-endpoint-ip-address`。
**AWS CLI**
**取消 IP 位址與解析程式端點的關聯**
下列 `disassociate-resolver-endpoint-ip-address` 範例會從指定的解析程式傳入或傳出端點移除 IP 位址。
**注意**端點必須至少有兩個 IP 位址。如果端點目前只有兩個 IP 位址,而您想要將一個位址取代為另一個位址,則必須先使用 [associate-resolver-endpoint-ip-address](https://docs.aws.amazon.com/cli/latest/reference/route53resolver/associate-resolver-endpoint-ip-address.html) 來關聯新的 IP 位址。然後,您可以取消其中一個原始 IP 位址與端點的關聯。
```
aws route53resolver disassociate-resolver-endpoint-ip-address \
--resolver-endpoint-id rslvr-in-f9ab8a03f1example \
--ip-address="SubnetId=subnet-12d8a459,Ip=172.31.40.121"
```
輸出:
```
{
"ResolverEndpoint": {
"Id": "rslvr-in-f9ab8a03f1example",
"CreatorRequestId": "2020-01-01-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-f9ab8a03f1example",
"Name": "my-inbound-endpoint",
"SecurityGroupIds": [
"sg-f62bexam"
],
"Direction": "INBOUND",
"IpAddressCount": 3,
"HostVPCId": "vpc-304bexam",
"Status": "UPDATING",
"StatusMessage": "Updating the Resolver Endpoint",
"CreationTime": "2020-01-01T23:02:29.583Z",
"ModificationTime": "2020-01-05T23:02:29.583Z"
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DisassociateResolverEndpointIpAddress](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/disassociate-resolver-endpoint-ip-address.html)。
### `disassociate-resolver-rule`
以下程式碼範例顯示如何使用 `disassociate-resolver-rule`。
**AWS CLI**
**取消解析程式規則與 Amazon VPC 的關聯**
下列 `disassociate-resolver-rule` 範例會移除指定解析程式規則與指定 VPC 之間的關聯。在下列情況,您可以取消規則與 VPC 的關聯:
針對在此 VPC 產生的 DNS 查詢,您希望解析程式停止將規則中指定之網域名稱的查詢轉送到您的網路。您要刪除轉送規則。如果規則目前與一或多個 VPC 相關聯,您必須先取消規則與所有 VPC 的關聯,才能刪除規則。
```
aws route53resolver disassociate-resolver-rule \
--resolver-rule-id rslvr-rr-4955cb98ceexample \
--vpc-id vpc-304bexam
```
輸出:
```
{
"ResolverRuleAssociation": {
"Id": "rslvr-rrassoc-322f4e8b9cexample",
"ResolverRuleId": "rslvr-rr-4955cb98ceexample",
"Name": "my-resolver-rule-association",
"VPCId": "vpc-304bexam",
"Status": "DELETING",
"StatusMessage": "[Trace id: 1-5dc5ffa2-a26c38004c1f94006example] Deleting Association"
}
}
```
+ 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [DisassociateResolverRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/disassociate-resolver-rule.html)。
### `get-firewall-config`
以下程式碼範例顯示如何使用 `get-firewall-config`。
**AWS CLI**
**取得 VPC 的防火牆組態**
下列 `get-firewall-config` 範例會擷取指定 VPC 的 DNS 防火牆行為。
```
aws route53resolver get-firewall-config \
--resource-id vpc-31e92222
```
輸出:
```
{
"FirewallConfig": {
"Id": "rslvr-fc-86016850cexample",
"ResourceId": "vpc-31e9222",
"OwnerId": "123456789012",
"FirewallFailOpen": "DISABLED"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的 [DNS 防火牆 VPC 組態](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-configuration.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetFirewallConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-firewall-config.html)。
### `get-firewall-domain-list`
以下程式碼範例顯示如何使用 `get-firewall-domain-list`。
**AWS CLI**
**取得 Route 53 Resolver DNS 防火牆網域清單**
下列 `get-firewall-domain-list` 範例會擷取具您指定 ID 的網域清單。
```
aws route53resolver get-firewall-domain-list \
--firewall-domain-list-id rslvr-fdl-42b60677cexample
```
輸出:
```
{
"FirewallDomainList": {
"Id": "rslvr-fdl-9e956e9ffexample",
"Arn": "arn:aws:route53resolver:us-west-2:123457689012:firewall-domain-list/rslvr-fdl-42b60677cexample",
"Name": "test",
"DomainCount": 0,
"Status": "COMPLETE",
"StatusMessage": "Created Firewall Domain List",
"CreatorRequestId": "my-request-id",
"CreationTime": "2021-05-25T15:55:51.115365Z",
"ModificationTime": "2021-05-25T15:55:51.115365Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理您自己的網域清單](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-user-managed-domain-lists.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetFirewallDomainList](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-firewall-domain-list.html)。
### `get-firewall-rule-group-association`
以下程式碼範例顯示如何使用 `get-firewall-rule-group-association`。
**AWS CLI**
**取得防火牆規則群組關聯**
下列 `get-firewall-rule-group-association` 範例會擷取防火牆規則群組關聯。
```
aws route53resolver get-firewall-rule-group-association \
--firewall-rule-group-association-id rslvr-frgassoc-57e8873d7example
```
輸出:
```
{
"FirewallRuleGroupAssociation": {
"Id": "rslvr-frgassoc-57e8873d7example",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example",
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"VpcId": "vpc-31e92222",
"Name": "test-association",
"Priority": 101,
"MutationProtection": "DISABLED",
"Status": "COMPLETE",
"StatusMessage": "Finished rule group association update",
"CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111",
"CreationTime": "2021-05-25T21:47:48.755768Z",
"ModificationTime": "2021-05-25T21:47:48.755768Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 VPC 與 Route 53 Resolver DNS 防火牆規則群組之間的關聯](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-associating-rule-group.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetFirewallRuleGroupAssociation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-firewall-rule-group-association.html)。
### `get-firewall-rule-group-policy`
以下程式碼範例顯示如何使用 `get-firewall-rule-group-policy`。
**AWS CLI**
**取得 AWS IAM 政策**
下列`get-firewall-rule-group-policy`範例取得用於共用指定規則群組的 AWS Identity and Access Management (AWS IAM) 政策。
```
aws route53resolver get-firewall-rule-group-policy \
--arn arn:aws:route53resolver:us-west-2:AWS_ACCOUNT_ID:firewall-rule-group/rslvr-frg-47f93271fexample
```
輸出:
```
{
"FirewallRuleGroupPolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"test\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::AWS_ACCOUNT_ID:root\"},\"Action\":[\"route53resolver:GetFirewallRuleGroup\",\"route53resolver:ListFirewallRuleGroups\"],\"Resource\":\"arn:aws:route53resolver:us-east-1:AWS_ACCOUNT_ID:firewall-rule-group/rslvr-frg-47f93271fexample\"}]}"
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 DNS 防火牆中的規則群組和規則](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetFirewallRuleGroupPolicy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-firewall-rule-group-policy.html)。
### `get-firewall-rule-group`
以下程式碼範例顯示如何使用 `get-firewall-rule-group`。
**AWS CLI**
**取得防火牆規則群組**
下列 `get-firewall-rule-group` 範例會使用您提供的 ID 擷取 DNS 防火牆規則群組的相關資訊。
```
aws route53resolver get-firewall-rule-group \
--firewall-rule-group-id rslvr-frg-47f93271fexample
```
輸出:
```
{
"FirewallRuleGroup": {
"Id": "rslvr-frg-47f93271fexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group/rslvr-frg-47f93271fexample",
"Name": "test",
"RuleCount": 0,
"Status": "COMPLETE",
"StatusMessage": "Created Firewall Rule Group",
"OwnerId": "123456789012",
"CreatorRequestId": "my-request-id",
"ShareStatus": "NOT_SHARED",
"CreationTime": "2021-05-25T18:59:26.490017Z",
"ModificationTime": "2021-05-25T18:59:26.490017Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 DNS 防火牆中的規則群組和規則](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetFirewallRuleGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-firewall-rule-group.html)。
### `get-resolver-endpoint`
以下程式碼範例顯示如何使用 `get-resolver-endpoint`。
**AWS CLI**
**取得解析程式端點的相關資訊**
下列 `get-resolver-endpoint` 範例顯示傳出指定端點的詳細資訊。您可以透過指定適用的端點 ID,將 `get-resolver-endpoint` 用於傳入和傳出端點。
```
aws route53resolver get-resolver-endpoint \
--resolver-endpoint-id rslvr-out-d5e5920e37example
```
輸出:
```
{
"ResolverEndpoint": {
"Id": "rslvr-out-d5e5920e37example",
"CreatorRequestId": "2020-01-01-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-out-d5e5920e37example",
"Name": "my-outbound-endpoint",
"SecurityGroupIds": [
"sg-05cd7b25d6example"
],
"Direction": "OUTBOUND",
"IpAddressCount": 2,
"HostVPCId": "vpc-304bexam",
"Status": "OPERATIONAL",
"StatusMessage": "This Resolver Endpoint is operational.",
"CreationTime": "2020-01-01T23:50:50.979Z",
"ModificationTime": "2020-01-02T23:50:50.979Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[當您建立或編輯傳入端點時所指定的值](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.html#resolver-forwarding-inbound-queries-values)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetResolverEndpoint](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-resolver-endpoint.html)。
### `get-resolver-rule-association`
以下程式碼範例顯示如何使用 `get-resolver-rule-association`。
**AWS CLI**
**取得解析程式規則與 VPC 之間關聯的相關資訊**
下列 `get-resolver-rule-association` 範例顯示指定解析程式規則與 VPC 之間關聯的詳細資訊。您使用 [associate-resolver-rule](https://docs.aws.amazon.com/cli/latest/reference/route53resolver/associate-resolver-rule.html) 建立解析程式規則和 VPC 的關聯。
```
aws route53resolver get-resolver-rule-association \
--resolver-rule-association-id rslvr-rrassoc-d61cbb2c8bexample
```
輸出:
```
{
"ResolverRuleAssociation": {
"Id": "rslvr-rrassoc-d61cbb2c8bexample",
"ResolverRuleId": "rslvr-rr-42b60677c0example",
"Name": "my-resolver-rule-association",
"VPCId": "vpc-304bexam",
"Status": "COMPLETE",
"StatusMessage": ""
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetResolverRuleAssociation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-resolver-rule-association.html)。
### `get-resolver-rule`
以下程式碼範例顯示如何使用 `get-resolver-rule`。
**AWS CLI**
**取得解析程式規則的相關資訊**
下列 `get-resolver-rule` 範例顯示指定 Resolver 規則的詳細資訊,例如規則轉送 DNS 查詢的網域名稱,以及與規則相關聯的傳出解析程式端點 ID。
```
aws route53resolver get-resolver-rule \
--resolver-rule-id rslvr-rr-42b60677c0example
```
輸出:
```
{
"ResolverRule": {
"Id": "rslvr-rr-42b60677c0example",
"CreatorRequestId": "2020-01-01-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0example",
"DomainName": "example.com.",
"Status": "COMPLETE",
"StatusMessage": "[Trace id: 1-5dc4b177-ff1d9d001a0f80005example] Successfully created Resolver Rule.",
"RuleType": "FORWARD",
"Name": "my-rule",
"TargetIps": [
{
"Ip": "192.0.2.45",
"Port": 53
}
],
"ResolverEndpointId": "rslvr-out-d5e5920e37example",
"OwnerId": "111122223333",
"ShareStatus": "NOT_SHARED"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[當您建立或編輯規則時所指定的值](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html#resolver-forwarding-outbound-queries-rule-values)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetResolverRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/get-resolver-rule.html)。
### `import-firewall-domains`
以下程式碼範例顯示如何使用 `import-firewall-domains`。
**AWS CLI**
**將網域匯入網域清單**
下列 `import-firewall-domains` 範例會將一組網域,從檔案匯入您指定的 DNS 防火牆網域清單。
```
aws route53resolver import-firewall-domains \
--firewall-domain-list-id rslvr-fdl-d61cbb2cbexample \
--operation REPLACE \
--domain-file-url s3://PATH/TO/YOUR/FILE
```
輸出:
```
{
"Id": "rslvr-fdl-d61cbb2cbexample",
"Name": "test",
"Status": "IMPORTING",
"StatusMessage": "Importing domains from provided file."
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理您自己的網域清單](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-user-managed-domain-lists.html)。
+ 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [ImportFirewallDomains](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/import-firewall-domains.html)。
### `list-firewall-configs`
以下程式碼範例顯示如何使用 `list-firewall-configs`。
**AWS CLI**
**列出防火牆組態**
下列 `list-firewall-configs` 範例列出您的 DNS 防火牆組態。
```
aws route53resolver list-firewall-configs
```
輸出:
```
{
"FirewallConfigs": [
{
"Id": "rslvr-fc-86016850cexample",
"ResourceId": "vpc-31e92222",
"OwnerId": "123456789012",
"FirewallFailOpen": "DISABLED"
}
]
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的 [DNS 防火牆 VPC 組態](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-configuration.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListFirewallConfigs](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-firewall-configs.html)。
### `list-firewall-domain-lists`
以下程式碼範例顯示如何使用 `list-firewall-domain-lists`。
**AWS CLI**
**列出所有的 Route 53 Resolver DNS 防火牆網域清單**
以下 `list-firewall-domain-lists` 範例會列出所有網域清單。
```
aws route53resolver list-firewall-domain-lists
```
輸出:
```
{
"FirewallDomainLists": [
{
"Id": "rslvr-fdl-2c46f2ecfexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-domain-list/rslvr-fdl-2c46f2ecfexample",
"Name": "AWSManagedDomainsMalwareDomainList",
"CreatorRequestId": "AWSManagedDomainsMalwareDomainList",
"ManagedOwnerName": "Route 53 Resolver DNS Firewall"
},
{
"Id": "rslvr-fdl-aa970e9e1example",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-domain-list/rslvr-fdl-aa970e9e1example",
"Name": "AWSManagedDomainsBotnetCommandandControl",
"CreatorRequestId": "AWSManagedDomainsBotnetCommandandControl",
"ManagedOwnerName": "Route 53 Resolver DNS Firewall"
},
{
"Id": "rslvr-fdl-42b60677cexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789111:firewall-domain-list/rslvr-fdl-42b60677cexample",
"Name": "test",
"CreatorRequestId": "my-request-id"
}
]
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的 [Route 53 Resolver DNS 防火牆網域清單](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-domain-lists.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListFirewallDomainLists](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-firewall-domain-lists.html)。
### `list-firewall-domains`
以下程式碼範例顯示如何使用 `list-firewall-domains`。
**AWS CLI**
**列出網域清單中的網域**
下列 `list-firewall-domains` 範例列出您指定的 DNS 防火牆網域清單中的網域。
```
aws route53resolver list-firewall-domains \
--firewall-domain-list-id rslvr-fdl-d61cbb2cbexample
```
輸出:
```
{
"Domains": [
"test1.com.",
"test2.com.",
"test3.com."
]
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理您自己的網域清單](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-user-managed-domain-lists.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListFirewallDomains](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-firewall-domains.html)。
### `list-firewall-rule-group-associations`
以下程式碼範例顯示如何使用 `list-firewall-rule-group-associations`。
**AWS CLI**
**列出 DNS 防火牆規則群組關聯**
下列 `list-firewall-rule-group-associations` 範例列出您的 DNS 防火牆規則群組與 Amazon VPC 的關聯。
```
aws route53resolver list-firewall-rule-group-associations
```
輸出:
```
{
"FirewallRuleGroupAssociations": [
{
"Id": "rslvr-frgassoc-57e8873d7example",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example",
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"VpcId": "vpc-31e92222",
"Name": "test-association",
"Priority": 101,
"MutationProtection": "DISABLED",
"Status": "UPDATING",
"StatusMessage": "Creating Firewall Rule Group Association",
"CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111",
"CreationTime": "2021-05-25T21:47:48.755768Z",
"ModificationTime": "2021-05-25T21:47:48.755768Z"
}
]
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 VPC 與 Route 53 Resolver DNS 防火牆規則群組之間的關聯](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-associating-rule-group.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListFirewallRuleGroupAssociations](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-firewall-rule-group-associations.html)。
### `list-firewall-rule-groups`
以下程式碼範例顯示如何使用 `list-firewall-rule-groups`。
**AWS CLI**
**取得防火牆規則群組的清單**
下列 `list-firewall-rule-groups` 範例列出您的 DNS 防火牆規則群組。
```
aws route53resolver list-firewall-rule-groups
```
輸出:
```
{
"FirewallRuleGroups": [
{
"Id": "rslvr-frg-47f93271fexample",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group/rslvr-frg-47f93271fexample",
"Name": "test",
"OwnerId": "123456789012",
"CreatorRequestId": "my-request-id",
"ShareStatus": "NOT_SHARED"
}
]
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 DNS 防火牆中的規則群組和規則](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListFirewallRuleGroups](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-firewall-rule-groups.html)。
### `list-firewall-rules`
以下程式碼範例顯示如何使用 `list-firewall-rules`。
**AWS CLI**
**列出防火牆規則**
下列 `list-firewall-rules` 範例列出防火牆規則群組中的所有 DNS 防火牆規則。
```
aws route53resolver list-firewall-rules \
--firewall-rule-group-id rslvr-frg-47f93271fexample
```
輸出:
```
{
"FirewallRules": [
{
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-9e956e9ffexample",
"Name": "allow-rule",
"Priority": 101,
"Action": "ALLOW",
"CreatorRequestId": "d81e3fb7-020b-415e-939f-EXAMPLE11111",
"CreationTime": "2021-05-25T21:44:00.346093Z",
"ModificationTime": "2021-05-25T21:44:00.346093Z"
}
]
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 DNS 防火牆中的規則群組和規則](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListFirewallRules](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-firewall-rules.html)。
### `list-resolver-endpoint-ip-addresses`
以下程式碼範例顯示如何使用 `list-resolver-endpoint-ip-addresses`。
**AWS CLI**
**列出指定之傳入或傳出端點的 IP 位址**
下列 `list-resolver-endpoint-ip-addresses` 範例列出與傳入端點 `rslvr-in-f9ab8a03f1example` 相關聯的 IP 位址相關資訊。您也可以透過指定適用的端點 ID,將 `list-resolver-endpoint-ip-addresses` 用於傳出端點。
```
aws route53resolver list-resolver-endpoint-ip-addresses \
--resolver-endpoint-id rslvr-in-f9ab8a03f1example
```
輸出:
```
{
"MaxResults": 10,
"IpAddresses": [
{
"IpId": "rni-1de60cdbfeexample",
"SubnetId": "subnet-ba47exam",
"Ip": "192.0.2.44",
"Status": "ATTACHED",
"StatusMessage": "This IP address is operational.",
"CreationTime": "2020-01-03T23:02:29.587Z",
"ModificationTime": "2020-01-03T23:03:05.555Z"
},
{
"IpId": "rni-aac7085e38example",
"SubnetId": "subnet-12d8exam",
"Ip": "192.0.2.45",
"Status": "ATTACHED",
"StatusMessage": "This IP address is operational.",
"CreationTime": "2020-01-03T23:02:29.593Z",
"ModificationTime": "2020-01-03T23:02:55.060Z"
}
]
}
```
如需輸出值的詳細資訊,請參閱《*Amazon Route 53 開發人員指南*》中的[當您建立或編輯傳入端點時所指定的值](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.html#resolver-forwarding-inbound-queries-values),以及[當您建立或編輯傳出端點時所指定的值](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html#resolver-forwarding-outbound-queries-endpoint-values)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListResolverEndpointIpAddresses](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-resolver-endpoint-ip-addresses.html)。
### `list-resolver-endpoints`
以下程式碼範例顯示如何使用 `list-resolver-endpoints`。
**AWS CLI**
**列出 AWS 區域中的解析程式端點**
下列 `list-resolver-endpoints` 範例列出目前帳戶中存在的傳入和傳出解析程式端點。
```
aws route53resolver list-resolver-endpoints
```
輸出:
```
{
"MaxResults": 10,
"ResolverEndpoints": [
{
"Id": "rslvr-in-497098ad59example",
"CreatorRequestId": "2020-01-01-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-497098ad59example",
"Name": "my-inbound-endpoint",
"SecurityGroupIds": [
"sg-05cd7b25d6example"
],
"Direction": "INBOUND",
"IpAddressCount": 2,
"HostVPCId": "vpc-304bexam",
"Status": "OPERATIONAL",
"StatusMessage": "This Resolver Endpoint is operational.",
"CreationTime": "2020-01-01T23:25:45.538Z",
"ModificationTime": "2020-01-01T23:25:45.538Z"
},
{
"Id": "rslvr-out-d5e5920e37example",
"CreatorRequestId": "2020-01-01-18:48",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-out-d5e5920e37example",
"Name": "my-outbound-endpoint",
"SecurityGroupIds": [
"sg-05cd7b25d6example"
],
"Direction": "OUTBOUND",
"IpAddressCount": 2,
"HostVPCId": "vpc-304bexam",
"Status": "OPERATIONAL",
"StatusMessage": "This Resolver Endpoint is operational.",
"CreationTime": "2020-01-01T23:50:50.979Z",
"ModificationTime": "2020-01-01T23:50:50.979Z"
}
]
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListResolverEndpoints](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-resolver-endpoints.html)。
### `list-resolver-rule-associations`
以下程式碼範例顯示如何使用 `list-resolver-rule-associations`。
**AWS CLI**
**列出解析程式規則與 VPCs之間的關聯**
下列`list-resolver-rule-associations`範例列出解析程式規則與目前 AWS 帳戶中 VPCs之間的關聯。
```
aws route53resolver list-resolver-rule-associations
```
輸出:
```
{
"MaxResults": 30,
"ResolverRuleAssociations": [
{
"Id": "rslvr-autodefined-assoc-vpc-304bexam-internet-resolver",
"ResolverRuleId": "rslvr-autodefined-rr-internet-resolver",
"Name": "System Rule Association",
"VPCId": "vpc-304bexam",
"Status": "COMPLETE",
"StatusMessage": ""
},
{
"Id": "rslvr-rrassoc-d61cbb2c8bexample",
"ResolverRuleId": "rslvr-rr-42b60677c0example",
"Name": "my-resolver-rule-association",
"VPCId": "vpc-304bexam",
"Status": "COMPLETE",
"StatusMessage": ""
}
]
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的 [Route 53 Resolver 如何從您的 VPC 轉送 DNS 查詢到您的網路](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html#resolver-overview-forward-vpc-to-network)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListResolverRuleAssociations](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-resolver-rule-associations.html)。
### `list-resolver-rules`
以下程式碼範例顯示如何使用 `list-resolver-rules`。
**AWS CLI**
**列出解析程式規則**
下列`list-resolver-rules`範例列出目前 AWS 帳戶中的所有解析程式規則。
```
aws route53resolver list-resolver-rules
```
輸出:
```
{
"MaxResults": 30,
"ResolverRules": [
{
"Id": "rslvr-autodefined-rr-internet-resolver",
"CreatorRequestId": "",
"Arn": "arn:aws:route53resolver:us-west-2::autodefined-rule/rslvr-autodefined-rr-internet-resolver",
"DomainName": ".",
"Status": "COMPLETE",
"RuleType": "RECURSIVE",
"Name": "Internet Resolver",
"OwnerId": "Route 53 Resolver",
"ShareStatus": "NOT_SHARED"
},
{
"Id": "rslvr-rr-42b60677c0example",
"CreatorRequestId": "2020-01-01-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0bc4e299",
"DomainName": "example.com.",
"Status": "COMPLETE",
"StatusMessage": "[Trace id: 1-5dc4b177-ff1d9d001a0f80005example] Successfully created Resolver Rule.",
"RuleType": "FORWARD",
"Name": "my-rule",
"TargetIps": [
{
"Ip": "192.0.2.45",
"Port": 53
}
],
"ResolverEndpointId": "rslvr-out-d5e5920e37example",
"OwnerId": "111122223333",
"ShareStatus": "NOT_SHARED"
}
]
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的 [Route 53 Resolver 如何從您的 VPC 轉送 DNS 查詢到您的網路](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html#resolver-overview-forward-vpc-to-network)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListResolverRules](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-resolver-rules.html)。
### `list-tags-for-resource`
以下程式碼範例顯示如何使用 `list-tags-for-resource`。
**AWS CLI**
**列出解析程式資源的標籤**
下列 `list-tags-for-resource` 範例列出指派給指定解析程式規則的標籤。
```
aws route53resolver list-tags-for-resource \
--resource-arn "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0example"
```
輸出:
```
{
"Tags": [
{
"Key": "my-key-1",
"Value": "my-value-1"
},
{
"Key": "my-key-2",
"Value": "my-value-2"
}
]
}
```
如需使用標籤進行成本分配的詳細資訊,請參閱《AWS 帳單與成本管理使用者指南》**中的[使用成本分配標籤](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListTagsForResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/list-tags-for-resource.html)。
### `put-firewall-rule-group-policy`
以下程式碼範例顯示如何使用 `put-firewall-rule-group-policy`。
**AWS CLI**
**連接 AWS IAM 政策以共用防火牆規則群組政策**
下列`put-firewall-rule-group-policy`範例會連接 AWS Identity and Access Management (AWS IAM) 政策來共用規則群組。
```
aws route53resolver put-firewall-rule-group-policy \
--firewall-rule-group-policy "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"test\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::AWS_ACCOUNT_ID:root\"},\"Action\":[\"route53resolver:GetFirewallRuleGroup\",\"route53resolver:ListFirewallRuleGroups\"],\"Resource\":\"arn:aws:route53resolver:us-east-1:AWS_ACCOUNT_ID:firewall-rule-group/rslvr-frg-47f93271fexample\"}]}"
```
輸出:
```
{
"ReturnValue": true
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 DNS 防火牆中的規則群組和規則](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [PutFirewallRuleGroupPolicy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/put-firewall-rule-group-policy.html)。
### `put-resolver-rule-policy`
以下程式碼範例顯示如何使用 `put-resolver-rule-policy`。
**AWS CLI**
**與其他 AWS 帳戶共用解析程式規則**
下列`put-resolver-rule-policy`範例會指定您要與其他 AWS 帳戶共用的 Resolver 規則、您要共用規則的帳戶,以及您希望帳戶能夠在規則上執行的規則相關操作。
**注意**您必須使用來自建立規則之相同帳戶的憑證,執行此命令。
```
aws route53resolver put-resolver-rule-policy \
--region us-east-1 \
--arn "arn:aws:route53resolver:us-east-1:111122223333:resolver-rule/rslvr-rr-42b60677c0example" \
--resolver-rule-policy "{\"Version\": \"2012-10-17\", \
\"Statement\": [ { \
\"Effect\" : \"Allow\", \
\"Principal\" : {\"AWS\" : \"444455556666\" }, \
\"Action\" : [ \
\"route53resolver:GetResolverRule\", \
\"route53resolver:AssociateResolverRule\", \
\"route53resolver:DisassociateResolverRule\", \
\"route53resolver:ListResolverRules\", \
\"route53resolver:ListResolverRuleAssociations\" ], \
\"Resource\" : [ \"arn:aws:route53resolver:us-east-1:111122223333:resolver-rule/rslvr-rr-42b60677c0example\" ] } ] }"
```
輸出:
```
{
"ReturnValue": true
}
```
執行 `put-resolver-rule-policy` 之後,您可以執行下列兩個 Resource Access Manager (RAM) 命令。您必須使用要與之共享規則的帳戶:
`get-resource-share-invitations` 傳回值 `resourceShareInvitationArn`。您需要此值才能接受使用共享規則的邀請。`accept-resource-share-invitation` 接受使用共享規則的邀請。
如需詳細資訊,請參閱下列 文件:
《*Amazon Route 53 開發人員指南*》中的 [get-resource-share-invitations](https://docs.aws.amazon.com/cli/latest/reference/ram/get-resource-share-invitations.html)[accept-resource-share-invitations](https://docs.aws.amazon.com/cli/latest/reference/ram/accept-resource-share-invitation.html)[與其他 AWS 帳戶共享轉送規則和使用共用規則](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-rules-managing.html#resolver-rules-managing-sharing)
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [PutResolverRulePolicy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/put-resolver-rule-policy.html)。
### `tag-resource`
以下程式碼範例顯示如何使用 `tag-resource`。
**AWS CLI**
**為標籤與解析程式資源建立關聯**
下列 `tag-resource` 範例會為兩個標籤鍵值對與指定的解析程式規則建立關聯。
```
aws route53resolver tag-resource \
--resource-arn "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0example" \
--tags "Key=my-key-1,Value=my-value-1" "Key=my-key-2,Value=my-value-2"
```
此命令不會產生輸出。
如需使用標籤進行成本分配的詳細資訊,請參閱《AWS 帳單與成本管理使用者指南》**中的[使用成本分配標籤](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [TagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/tag-resource.html)。
### `untag-resource`
以下程式碼範例顯示如何使用 `untag-resource`。
**AWS CLI**
**將標籤從解析程式資源移除**
下列 `untag-resource` 範例會從指定的解析程式規則中移除兩個標籤。
```
aws route53resolver untag-resource \
--resource-arn "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-42b60677c0example" \
--tag-keys my-key-1 my-key-2
```
此命令不會產生輸出。若要確認標籤已移除,您可以使用 [list-tags-for-resource](https://docs.aws.amazon.com/cli/latest/reference/route53resolver/list-tags-for-resource.html)。
如需使用標籤進行成本分配的詳細資訊,請參閱《AWS 帳單與成本管理使用者指南》**中的[使用成本分配標籤](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UntagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/untag-resource.html)。
### `update-firewall-config`
以下程式碼範例顯示如何使用 `update-firewall-config`。
**AWS CLI**
**更新防火牆組態**
下列 `update-firewall-config` 範例會更新 DNS 防火牆組態。
```
aws route53resolver update-firewall-config \
--resource-id vpc-31e92222 \
--firewall-fail-open DISABLED
```
輸出:
```
{
"FirewallConfig": {
"Id": "rslvr-fc-86016850cexample",
"ResourceId": "vpc-31e92222",
"OwnerId": "123456789012",
"FirewallFailOpen": "DISABLED"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的 [DNS 防火牆 VPC 組態](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-configuration.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateFirewallConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/update-firewall-config.html)。
### `update-firewall-domains`
以下程式碼範例顯示如何使用 `update-firewall-domains`。
**AWS CLI**
**更新網域清單**
下列 `update-firewall-domains` 範例會使用您提供的 ID,將網域新增至網域清單。
```
aws route53resolver update-firewall-domains \
--firewall-domain-list-id rslvr-fdl-42b60677cexampleb \
--operation ADD \
--domains test1.com test2.com test3.com
```
輸出:
```
{
"Id": "rslvr-fdl-42b60677cexample",
"Name": "test",
"Status": "UPDATING",
"StatusMessage": "Updating the Firewall Domain List"
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理您自己的網域清單](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-user-managed-domain-lists.html)。
+ 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [UpdateFirewallDomains](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/update-firewall-domains.html)。
### `update-firewall-rule-group-association`
以下程式碼範例顯示如何使用 `update-firewall-rule-group-association`。
**AWS CLI**
**更新防火牆規則群組關聯**
下列 `update-firewall-rule-group-association` 範例會更新防火牆規則群組關聯。
```
aws route53resolver update-firewall-rule-group-association \
--firewall-rule-group-association-id rslvr-frgassoc-57e8873d7example \
--priority 103
```
輸出:
```
{
"FirewallRuleGroupAssociation": {
"Id": "rslvr-frgassoc-57e8873d7example",
"Arn": "arn:aws:route53resolver:us-west-2:123456789012:firewall-rule-group-association/rslvr-frgassoc-57e8873d7example",
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"VpcId": "vpc-31e92222",
"Name": "test-association",
"Priority": 103,
"MutationProtection": "DISABLED",
"Status": "UPDATING",
"StatusMessage": "Updating the Firewall Rule Group Association Attributes",
"CreatorRequestId": "2ca1a304-32b3-4f5f-bc4c-EXAMPLE11111",
"CreationTime": "2021-05-25T21:47:48.755768Z",
"ModificationTime": "2021-05-25T21:50:09.272569Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 VPC 與 Route 53 Resolver DNS 防火牆規則群組之間的關聯](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-vpc-associating-rule-group.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateFirewallRuleGroupAssociation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/update-firewall-rule-group-association.html)。
### `update-firewall-rule`
以下程式碼範例顯示如何使用 `update-firewall-rule`。
**AWS CLI**
**更新防火牆規則**
下列 `update-firewall-rule` 範例會使用您指定的參數更新防火牆規則。
```
aws route53resolver update-firewall-rule \
--firewall-rule-group-id rslvr-frg-47f93271fexample \
--firewall-domain-list-id rslvr-fdl-9e956e9ffexample \
--priority 102
```
輸出:
```
{
"FirewallRule": {
"FirewallRuleGroupId": "rslvr-frg-47f93271fexample",
"FirewallDomainListId": "rslvr-fdl-9e956e9ffexample",
"Name": "allow-rule",
"Priority": 102,
"Action": "ALLOW",
"CreatorRequestId": "d81e3fb7-020b-415e-939f-EXAMPLE11111",
"CreationTime": "2021-05-25T21:44:00.346093Z",
"ModificationTime": "2021-05-25T21:45:59.611600Z"
}
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[管理 DNS 防火牆中的規則群組和規則](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-rule-group-managing.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateFirewallRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/update-firewall-rule.html)。
### `update-resolver-endpoint`
以下程式碼範例顯示如何使用 `update-resolver-endpoint`。
**AWS CLI**
**更新解析程式端點的名稱**
下列 `update-resolver-endpoint` 範例會更新解析程式端點的名稱。不支援更新其他值。
```
aws route53resolver update-resolver-endpoint \
--resolver-endpoint-id rslvr-in-b5d45e32bdc445f09 \
--name my-renamed-inbound-endpoint
```
輸出:
```
{
"ResolverEndpoint": {
"Id": "rslvr-in-b5d45e32bdexample",
"CreatorRequestId": "2020-01-02-18:48",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-endpoint/rslvr-in-b5d45e32bdexample",
"Name": "my-renamed-inbound-endpoint",
"SecurityGroupIds": [
"sg-f62bexam"
],
"Direction": "INBOUND",
"IpAddressCount": 2,
"HostVPCId": "vpc-304bexam",
"Status": "OPERATIONAL",
"StatusMessage": "This Resolver Endpoint is operational.",
"CreationTime": "2020-01-01T18:33:59.265Z",
"ModificationTime": "2020-01-08T18:33:59.265Z"
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateResolverEndpoint](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/update-resolver-endpoint.html)。
### `update-resolver-rule`
以下程式碼範例顯示如何使用 `update-resolver-rule`。
**AWS CLI**
**範例 1:更新設定解析程式端點**
下列 `update-resolver-rule` 範例會更新規則的名稱、DNS 查詢轉送至的內部部署網路上的 IP 位址,以及您用來將查詢轉送至網路的傳出解析程式端點 ID。
**注意**`TargetIps` 的現有值會遭到覆寫,因此您必須指定您希望更新後規則能擁有的所有 IP 位址。
```
aws route53resolver update-resolver-rule \
--resolver-rule-id rslvr-rr-1247fa64f3example \
--config Name="my-2nd-rule",TargetIps=[{Ip=192.0.2.45,Port=53},{Ip=192.0.2.46,Port=53}],ResolverEndpointId=rslvr-out-7b89ed0d25example
```
輸出:
```
{
"ResolverRule": {
"Id": "rslvr-rr-1247fa64f3example",
"CreatorRequestId": "2020-01-02-18:47",
"Arn": "arn:aws:route53resolver:us-west-2:111122223333:resolver-rule/rslvr-rr-1247fa64f3example",
"DomainName": "www.example.com.",
"Status": "COMPLETE",
"StatusMessage": "[Trace id: 1-5dcc90b9-8a8ee860aba1ebd89example] Successfully updated Resolver Rule.",
"RuleType": "FORWARD",
"Name": "my-2nd-rule",
"TargetIps": [
{
"Ip": "192.0.2.45",
"Port": 53
},
{
"Ip": "192.0.2.46",
"Port": 53
}
],
"ResolverEndpointId": "rslvr-out-7b89ed0d25example",
"OwnerId": "111122223333",
"ShareStatus": "NOT_SHARED"
}
}
```
**範例 2:使用 ``config`` 設定的檔案來更新解析程式端點設定**
或者,您可以在 JSON 檔案中包含 `config` 設定,然後在呼叫 `update-resolver-rule` 時指定該檔案。
```
aws route53resolver update-resolver-rule \
--resolver-rule-id rslvr-rr-1247fa64f3example \
--config file://c:\temp\update-resolver-rule.json
```
`update-resolver-rule.json` 的內容。
```
{
"Name": "my-2nd-rule",
"TargetIps": [
{
"Ip": "192.0.2.45",
"Port": 53
},
{
"Ip": "192.0.2.46",
"Port": 53
}
],
"ResolverEndpointId": "rslvr-out-7b89ed0d25example"
}
```
如需詳細資訊,請參閱《Amazon Route 53 開發人員指南》**中的[當您建立或編輯規則時所指定的值](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html#resolver-forwarding-outbound-queries-rule-values)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateResolverRule](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/route53resolver/update-resolver-rule.html)。