createResolverEndpoint method

Future<CreateResolverEndpointResponse> createResolverEndpoint({
  1. required String creatorRequestId,
  2. required ResolverEndpointDirection direction,
  3. required List<IpAddressRequest> ipAddresses,
  4. required List<String> securityGroupIds,
  5. bool? dns64Enabled,
  6. bool? ipv6InternetAccessEnabled,
  7. String? name,
  8. String? outpostArn,
  9. String? preferredInstanceType,
  10. List<Protocol>? protocols,
  11. ResolverEndpointType? resolverEndpointType,
  12. bool? rniEnhancedMetricsEnabled,
  13. List<Tag>? tags,
  14. bool? targetNameServerMetricsEnabled,
})

Creates a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound:

  • An inbound Resolver endpoint forwards DNS queries to the DNS service for a VPC from your network.
  • An outbound Resolver endpoint forwards DNS queries from the DNS service for a VPC to your network.

May throw AccessDeniedException. May throw InternalServiceErrorException. May throw InvalidParameterException. May throw InvalidRequestException. May throw LimitExceededException. May throw ResourceExistsException. May throw ResourceNotFoundException. May throw ThrottlingException.

Parameter creatorRequestId : A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp.

Parameter direction : Specify the applicable value:

  • INBOUND: Resolver forwards DNS queries to the DNS service for a VPC from your network.
  • OUTBOUND: Resolver forwards DNS queries from the DNS service for a VPC to your network.
  • INBOUND_DELEGATION: Resolver delegates queries to Route 53 private hosted zones from your network.

Parameter ipAddresses : The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC.

Parameter securityGroupIds : The ID of one or more security groups that you want to use to control access to this VPC. The security group that you specify must include one or more inbound rules (for inbound Resolver endpoints) or outbound rules (for outbound Resolver endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.

Some security group rules will cause your connection to be tracked. For outbound resolver endpoint, it can potentially impact the maximum queries per second from outbound endpoint to your target name server. For inbound resolver endpoint, it can bring down the overall maximum queries per second per IP address to as low as 1500. To avoid connection tracking caused by security group, see Untracked connections.

Parameter dns64Enabled : Specifies whether DNS64 is enabled for the inbound Resolver endpoint. When set to true, Route 53 Resolver synthesizes AAAA (IPv6) records for IPv4-only services by prepending the 64:ff9b::/96 prefix to the IPv4 address. This enables IPv6-only clients that send queries through the inbound endpoint to reach IPv4-only services. DNS64 works with NAT64 to provide complete IPv6-to-IPv4 translation. Default is false.

Parameter ipv6InternetAccessEnabled : Specifies whether IPv6 internet access is enabled for the outbound Resolver endpoint. When set to true, the endpoint elastic network interfaces (ENIs) can forward DNS queries to public IPv6 targets through an internet gateway. Default is false.

Parameter name : A friendly name that lets you easily find a configuration in the Resolver dashboard in the Route 53 console.

Parameter outpostArn : The Amazon Resource Name (ARN) of the Outpost. If you specify this, you must also specify a value for the PreferredInstanceType.

Parameter preferredInstanceType : The instance type. If you specify this, you must also specify a value for the OutpostArn.

Parameter protocols : The protocols you want to use for the endpoint. DoH-FIPS is applicable for default inbound endpoints only.

For a default inbound endpoint you can apply the protocols as follows:

  • Do53 and DoH in combination.
  • Do53 and DoH-FIPS in combination.
  • Do53 alone.
  • DoH alone.
  • DoH-FIPS alone.
  • None, which is treated as Do53.
For a delegation inbound endpoint you can use Do53 only.

For an outbound endpoint you can apply the protocols as follows:

  • Do53 and DoH in combination.
  • Do53 alone.
  • DoH alone.
  • None, which is treated as Do53.

Parameter resolverEndpointType : For the endpoint type you can choose either IPv4, IPv6, or dual-stack. A dual-stack endpoint means that it will resolve via both IPv4 and IPv6. This endpoint type is applied to all IP addresses.

Parameter rniEnhancedMetricsEnabled : Specifies whether RNI enhanced metrics are enabled for the Resolver endpoints. When set to true, one-minute granular metrics are published in CloudWatch for each RNI associated with this endpoint. When set to false, metrics are not published. Default is false.

Parameter tags : A list of the tag keys and values that you want to associate with the endpoint.

Parameter targetNameServerMetricsEnabled : Specifies whether target name server metrics are enabled for the outbound Resolver endpoints. When set to true, one-minute granular metrics are published in CloudWatch for each target name server associated with this endpoint. When set to false, metrics are not published. Default is false. This is not supported for inbound Resolver endpoints.

Implementation

Future<CreateResolverEndpointResponse> createResolverEndpoint({
  required String creatorRequestId,
  required ResolverEndpointDirection direction,
  required List<IpAddressRequest> ipAddresses,
  required List<String> securityGroupIds,
  bool? dns64Enabled,
  bool? ipv6InternetAccessEnabled,
  String? name,
  String? outpostArn,
  String? preferredInstanceType,
  List<Protocol>? protocols,
  ResolverEndpointType? resolverEndpointType,
  bool? rniEnhancedMetricsEnabled,
  List<Tag>? tags,
  bool? targetNameServerMetricsEnabled,
}) async {
  final headers = <String, String>{
    'Content-Type': 'application/x-amz-json-1.1',
    'X-Amz-Target': 'Route53Resolver.CreateResolverEndpoint'
  };
  final jsonResponse = await _protocol.send(
    method: 'POST',
    requestUri: '/',
    exceptionFnMap: _exceptionFns,
    // TODO queryParams
    headers: headers,
    payload: {
      'CreatorRequestId': creatorRequestId,
      'Direction': direction.value,
      'IpAddresses': ipAddresses,
      'SecurityGroupIds': securityGroupIds,
      if (dns64Enabled != null) 'Dns64Enabled': dns64Enabled,
      if (ipv6InternetAccessEnabled != null)
        'Ipv6InternetAccessEnabled': ipv6InternetAccessEnabled,
      if (name != null) 'Name': name,
      if (outpostArn != null) 'OutpostArn': outpostArn,
      if (preferredInstanceType != null)
        'PreferredInstanceType': preferredInstanceType,
      if (protocols != null)
        'Protocols': protocols.map((e) => e.value).toList(),
      if (resolverEndpointType != null)
        'ResolverEndpointType': resolverEndpointType.value,
      if (rniEnhancedMetricsEnabled != null)
        'RniEnhancedMetricsEnabled': rniEnhancedMetricsEnabled,
      if (tags != null) 'Tags': tags,
      if (targetNameServerMetricsEnabled != null)
        'TargetNameServerMetricsEnabled': targetNameServerMetricsEnabled,
    },
  );

  return CreateResolverEndpointResponse.fromJson(jsonResponse.body);
}