The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link ConflictException} (client fault) *The requested state transition isn't valid. For example, you can't delete a firewall diff --git a/clients/client-route53resolver/src/commands/AssociateResolverQueryLogConfigCommand.ts b/clients/client-route53resolver/src/commands/AssociateResolverQueryLogConfigCommand.ts index 529b2fe0d4e9..b2db2b2b0f4a 100644 --- a/clients/client-route53resolver/src/commands/AssociateResolverQueryLogConfigCommand.ts +++ b/clients/client-route53resolver/src/commands/AssociateResolverQueryLogConfigCommand.ts @@ -75,6 +75,8 @@ export interface AssociateResolverQueryLogConfigCommandOutput * * @throws {@link AccessDeniedException} (client fault) *
The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/CreateFirewallDomainListCommand.ts b/clients/client-route53resolver/src/commands/CreateFirewallDomainListCommand.ts index 21873414d32d..982fbc1921cc 100644 --- a/clients/client-route53resolver/src/commands/CreateFirewallDomainListCommand.ts +++ b/clients/client-route53resolver/src/commands/CreateFirewallDomainListCommand.ts @@ -71,6 +71,8 @@ export interface CreateFirewallDomainListCommandOutput extends CreateFirewallDom * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/CreateFirewallRuleCommand.ts b/clients/client-route53resolver/src/commands/CreateFirewallRuleCommand.ts index 75cbc32302e2..e10651b5fb1e 100644 --- a/clients/client-route53resolver/src/commands/CreateFirewallRuleCommand.ts +++ b/clients/client-route53resolver/src/commands/CreateFirewallRuleCommand.ts @@ -45,6 +45,7 @@ export interface CreateFirewallRuleCommandOutput extends CreateFirewallRuleRespo * BlockOverrideDnsType: "CNAME", * BlockOverrideTtl: Number("int"), * Name: "STRING_VALUE", // required + * FirewallDomainRedirectionAction: "INSPECT_REDIRECTION_DOMAIN" || "TRUST_REDIRECTION_DOMAIN", * Qtype: "STRING_VALUE", * }; * const command = new CreateFirewallRuleCommand(input); @@ -63,6 +64,7 @@ export interface CreateFirewallRuleCommandOutput extends CreateFirewallRuleRespo * // CreatorRequestId: "STRING_VALUE", * // CreationTime: "STRING_VALUE", * // ModificationTime: "STRING_VALUE", + * // FirewallDomainRedirectionAction: "INSPECT_REDIRECTION_DOMAIN" || "TRUST_REDIRECTION_DOMAIN", * // Qtype: "STRING_VALUE", * // }, * // }; @@ -77,6 +79,8 @@ export interface CreateFirewallRuleCommandOutput extends CreateFirewallRuleRespo * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/CreateFirewallRuleGroupCommand.ts b/clients/client-route53resolver/src/commands/CreateFirewallRuleGroupCommand.ts index a47d57f7770f..4a308aa93b97 100644 --- a/clients/client-route53resolver/src/commands/CreateFirewallRuleGroupCommand.ts +++ b/clients/client-route53resolver/src/commands/CreateFirewallRuleGroupCommand.ts @@ -73,6 +73,8 @@ export interface CreateFirewallRuleGroupCommandOutput extends CreateFirewallRule * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/CreateOutpostResolverCommand.ts b/clients/client-route53resolver/src/commands/CreateOutpostResolverCommand.ts index f0524b7eb62b..e92265b35ba2 100644 --- a/clients/client-route53resolver/src/commands/CreateOutpostResolverCommand.ts +++ b/clients/client-route53resolver/src/commands/CreateOutpostResolverCommand.ts @@ -75,6 +75,8 @@ export interface CreateOutpostResolverCommandOutput extends CreateOutpostResolve * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/CreateResolverEndpointCommand.ts b/clients/client-route53resolver/src/commands/CreateResolverEndpointCommand.ts index b98e31691e93..74042f83d452 100644 --- a/clients/client-route53resolver/src/commands/CreateResolverEndpointCommand.ts +++ b/clients/client-route53resolver/src/commands/CreateResolverEndpointCommand.ts @@ -108,6 +108,8 @@ export interface CreateResolverEndpointCommandOutput extends CreateResolverEndpo * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/CreateResolverQueryLogConfigCommand.ts b/clients/client-route53resolver/src/commands/CreateResolverQueryLogConfigCommand.ts index b2b424b78040..6780d8c17569 100644 --- a/clients/client-route53resolver/src/commands/CreateResolverQueryLogConfigCommand.ts +++ b/clients/client-route53resolver/src/commands/CreateResolverQueryLogConfigCommand.ts @@ -83,6 +83,8 @@ export interface CreateResolverQueryLogConfigCommandOutput * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/CreateResolverRuleCommand.ts b/clients/client-route53resolver/src/commands/CreateResolverRuleCommand.ts index e49c81248b38..d8af6a22ba9a 100644 --- a/clients/client-route53resolver/src/commands/CreateResolverRuleCommand.ts +++ b/clients/client-route53resolver/src/commands/CreateResolverRuleCommand.ts @@ -94,6 +94,8 @@ export interface CreateResolverRuleCommandOutput extends CreateResolverRuleRespo * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/DeleteFirewallDomainListCommand.ts b/clients/client-route53resolver/src/commands/DeleteFirewallDomainListCommand.ts index 38cb6e98ba91..13977a5ae831 100644 --- a/clients/client-route53resolver/src/commands/DeleteFirewallDomainListCommand.ts +++ b/clients/client-route53resolver/src/commands/DeleteFirewallDomainListCommand.ts @@ -64,6 +64,8 @@ export interface DeleteFirewallDomainListCommandOutput extends DeleteFirewallDom * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link ConflictException} (client fault) *The requested state transition isn't valid. For example, you can't delete a firewall diff --git a/clients/client-route53resolver/src/commands/DeleteFirewallRuleCommand.ts b/clients/client-route53resolver/src/commands/DeleteFirewallRuleCommand.ts index d45654ec73a4..dd8ed7657848 100644 --- a/clients/client-route53resolver/src/commands/DeleteFirewallRuleCommand.ts +++ b/clients/client-route53resolver/src/commands/DeleteFirewallRuleCommand.ts @@ -55,6 +55,7 @@ export interface DeleteFirewallRuleCommandOutput extends DeleteFirewallRuleRespo * // CreatorRequestId: "STRING_VALUE", * // CreationTime: "STRING_VALUE", * // ModificationTime: "STRING_VALUE", + * // FirewallDomainRedirectionAction: "INSPECT_REDIRECTION_DOMAIN" || "TRUST_REDIRECTION_DOMAIN", * // Qtype: "STRING_VALUE", * // }, * // }; @@ -69,6 +70,8 @@ export interface DeleteFirewallRuleCommandOutput extends DeleteFirewallRuleRespo * * @throws {@link AccessDeniedException} (client fault) *
The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/DeleteFirewallRuleGroupCommand.ts b/clients/client-route53resolver/src/commands/DeleteFirewallRuleGroupCommand.ts index c957ff489e11..9de291a6b7eb 100644 --- a/clients/client-route53resolver/src/commands/DeleteFirewallRuleGroupCommand.ts +++ b/clients/client-route53resolver/src/commands/DeleteFirewallRuleGroupCommand.ts @@ -65,6 +65,8 @@ export interface DeleteFirewallRuleGroupCommandOutput extends DeleteFirewallRule * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link ConflictException} (client fault) *The requested state transition isn't valid. For example, you can't delete a firewall diff --git a/clients/client-route53resolver/src/commands/DeleteOutpostResolverCommand.ts b/clients/client-route53resolver/src/commands/DeleteOutpostResolverCommand.ts index e871299d7189..3376223404e9 100644 --- a/clients/client-route53resolver/src/commands/DeleteOutpostResolverCommand.ts +++ b/clients/client-route53resolver/src/commands/DeleteOutpostResolverCommand.ts @@ -65,6 +65,8 @@ export interface DeleteOutpostResolverCommandOutput extends DeleteOutpostResolve * * @throws {@link AccessDeniedException} (client fault) *
The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link ConflictException} (client fault) *The requested state transition isn't valid. For example, you can't delete a firewall diff --git a/clients/client-route53resolver/src/commands/DeleteResolverQueryLogConfigCommand.ts b/clients/client-route53resolver/src/commands/DeleteResolverQueryLogConfigCommand.ts index 09385df6c53d..f154605e9262 100644 --- a/clients/client-route53resolver/src/commands/DeleteResolverQueryLogConfigCommand.ts +++ b/clients/client-route53resolver/src/commands/DeleteResolverQueryLogConfigCommand.ts @@ -77,6 +77,8 @@ export interface DeleteResolverQueryLogConfigCommandOutput * * @throws {@link AccessDeniedException} (client fault) *
The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/DisassociateFirewallRuleGroupCommand.ts b/clients/client-route53resolver/src/commands/DisassociateFirewallRuleGroupCommand.ts index 59e4cf8188be..65500dea61d5 100644 --- a/clients/client-route53resolver/src/commands/DisassociateFirewallRuleGroupCommand.ts +++ b/clients/client-route53resolver/src/commands/DisassociateFirewallRuleGroupCommand.ts @@ -72,6 +72,8 @@ export interface DisassociateFirewallRuleGroupCommandOutput * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link ConflictException} (client fault) *The requested state transition isn't valid. For example, you can't delete a firewall diff --git a/clients/client-route53resolver/src/commands/DisassociateResolverQueryLogConfigCommand.ts b/clients/client-route53resolver/src/commands/DisassociateResolverQueryLogConfigCommand.ts index c036d8c9c6fd..418d5c1c1c52 100644 --- a/clients/client-route53resolver/src/commands/DisassociateResolverQueryLogConfigCommand.ts +++ b/clients/client-route53resolver/src/commands/DisassociateResolverQueryLogConfigCommand.ts @@ -84,6 +84,8 @@ export interface DisassociateResolverQueryLogConfigCommandOutput * * @throws {@link AccessDeniedException} (client fault) *
The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/GetFirewallConfigCommand.ts b/clients/client-route53resolver/src/commands/GetFirewallConfigCommand.ts index fcf69cb0e716..4f27057a7db6 100644 --- a/clients/client-route53resolver/src/commands/GetFirewallConfigCommand.ts +++ b/clients/client-route53resolver/src/commands/GetFirewallConfigCommand.ts @@ -59,6 +59,8 @@ export interface GetFirewallConfigCommandOutput extends GetFirewallConfigRespons * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/GetFirewallDomainListCommand.ts b/clients/client-route53resolver/src/commands/GetFirewallDomainListCommand.ts index b74a6d190c0c..ba5b77c882dd 100644 --- a/clients/client-route53resolver/src/commands/GetFirewallDomainListCommand.ts +++ b/clients/client-route53resolver/src/commands/GetFirewallDomainListCommand.ts @@ -64,6 +64,8 @@ export interface GetFirewallDomainListCommandOutput extends GetFirewallDomainLis * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/GetFirewallRuleGroupAssociationCommand.ts b/clients/client-route53resolver/src/commands/GetFirewallRuleGroupAssociationCommand.ts index 0d578b95b4a0..53ad44455d08 100644 --- a/clients/client-route53resolver/src/commands/GetFirewallRuleGroupAssociationCommand.ts +++ b/clients/client-route53resolver/src/commands/GetFirewallRuleGroupAssociationCommand.ts @@ -72,6 +72,8 @@ export interface GetFirewallRuleGroupAssociationCommandOutput * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/GetFirewallRuleGroupCommand.ts b/clients/client-route53resolver/src/commands/GetFirewallRuleGroupCommand.ts index c552f83dcddb..724c3798e7b7 100644 --- a/clients/client-route53resolver/src/commands/GetFirewallRuleGroupCommand.ts +++ b/clients/client-route53resolver/src/commands/GetFirewallRuleGroupCommand.ts @@ -65,6 +65,8 @@ export interface GetFirewallRuleGroupCommandOutput extends GetFirewallRuleGroupR * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/GetFirewallRuleGroupPolicyCommand.ts b/clients/client-route53resolver/src/commands/GetFirewallRuleGroupPolicyCommand.ts index f481511a4269..938e6d0eed5f 100644 --- a/clients/client-route53resolver/src/commands/GetFirewallRuleGroupPolicyCommand.ts +++ b/clients/client-route53resolver/src/commands/GetFirewallRuleGroupPolicyCommand.ts @@ -54,6 +54,8 @@ export interface GetFirewallRuleGroupPolicyCommandOutput extends GetFirewallRule * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/GetOutpostResolverCommand.ts b/clients/client-route53resolver/src/commands/GetOutpostResolverCommand.ts index 7cc01c93dcd3..d5331a69c3ca 100644 --- a/clients/client-route53resolver/src/commands/GetOutpostResolverCommand.ts +++ b/clients/client-route53resolver/src/commands/GetOutpostResolverCommand.ts @@ -66,6 +66,8 @@ export interface GetOutpostResolverCommandOutput extends GetOutpostResolverRespo * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/GetResolverConfigCommand.ts b/clients/client-route53resolver/src/commands/GetResolverConfigCommand.ts index 245beba0c1b5..edd62642a17a 100644 --- a/clients/client-route53resolver/src/commands/GetResolverConfigCommand.ts +++ b/clients/client-route53resolver/src/commands/GetResolverConfigCommand.ts @@ -59,6 +59,8 @@ export interface GetResolverConfigCommandOutput extends GetResolverConfigRespons * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/GetResolverDnssecConfigCommand.ts b/clients/client-route53resolver/src/commands/GetResolverDnssecConfigCommand.ts index 54bc304b6fec..e53ac0a0eda1 100644 --- a/clients/client-route53resolver/src/commands/GetResolverDnssecConfigCommand.ts +++ b/clients/client-route53resolver/src/commands/GetResolverDnssecConfigCommand.ts @@ -58,6 +58,8 @@ export interface GetResolverDnssecConfigCommandOutput extends GetResolverDnssecC * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/GetResolverQueryLogConfigAssociationCommand.ts b/clients/client-route53resolver/src/commands/GetResolverQueryLogConfigAssociationCommand.ts index b4a384991601..b575912eec7d 100644 --- a/clients/client-route53resolver/src/commands/GetResolverQueryLogConfigAssociationCommand.ts +++ b/clients/client-route53resolver/src/commands/GetResolverQueryLogConfigAssociationCommand.ts @@ -70,6 +70,8 @@ export interface GetResolverQueryLogConfigAssociationCommandOutput * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/GetResolverQueryLogConfigCommand.ts b/clients/client-route53resolver/src/commands/GetResolverQueryLogConfigCommand.ts index d4e66e5ec29a..a417557fd201 100644 --- a/clients/client-route53resolver/src/commands/GetResolverQueryLogConfigCommand.ts +++ b/clients/client-route53resolver/src/commands/GetResolverQueryLogConfigCommand.ts @@ -65,6 +65,8 @@ export interface GetResolverQueryLogConfigCommandOutput extends GetResolverQuery * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/GetResolverQueryLogConfigPolicyCommand.ts b/clients/client-route53resolver/src/commands/GetResolverQueryLogConfigPolicyCommand.ts index 4e49704c829c..8015497cadcc 100644 --- a/clients/client-route53resolver/src/commands/GetResolverQueryLogConfigPolicyCommand.ts +++ b/clients/client-route53resolver/src/commands/GetResolverQueryLogConfigPolicyCommand.ts @@ -59,6 +59,8 @@ export interface GetResolverQueryLogConfigPolicyCommandOutput * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/GetResolverRulePolicyCommand.ts b/clients/client-route53resolver/src/commands/GetResolverRulePolicyCommand.ts index bb75fc4cc2d6..3b7412d48bfe 100644 --- a/clients/client-route53resolver/src/commands/GetResolverRulePolicyCommand.ts +++ b/clients/client-route53resolver/src/commands/GetResolverRulePolicyCommand.ts @@ -54,6 +54,8 @@ export interface GetResolverRulePolicyCommandOutput extends GetResolverRulePolic * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/ImportFirewallDomainsCommand.ts b/clients/client-route53resolver/src/commands/ImportFirewallDomainsCommand.ts index 7e496826ea2b..d17766b20934 100644 --- a/clients/client-route53resolver/src/commands/ImportFirewallDomainsCommand.ts +++ b/clients/client-route53resolver/src/commands/ImportFirewallDomainsCommand.ts @@ -73,6 +73,8 @@ export interface ImportFirewallDomainsCommandOutput extends ImportFirewallDomain * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link ConflictException} (client fault) *The requested state transition isn't valid. For example, you can't delete a firewall diff --git a/clients/client-route53resolver/src/commands/ListFirewallConfigsCommand.ts b/clients/client-route53resolver/src/commands/ListFirewallConfigsCommand.ts index 0cb6638575e0..2d13b76d500d 100644 --- a/clients/client-route53resolver/src/commands/ListFirewallConfigsCommand.ts +++ b/clients/client-route53resolver/src/commands/ListFirewallConfigsCommand.ts @@ -63,6 +63,8 @@ export interface ListFirewallConfigsCommandOutput extends ListFirewallConfigsRes * * @throws {@link AccessDeniedException} (client fault) *
The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/ListFirewallDomainListsCommand.ts b/clients/client-route53resolver/src/commands/ListFirewallDomainListsCommand.ts index 0740177c0311..0dd51b69babf 100644 --- a/clients/client-route53resolver/src/commands/ListFirewallDomainListsCommand.ts +++ b/clients/client-route53resolver/src/commands/ListFirewallDomainListsCommand.ts @@ -64,6 +64,8 @@ export interface ListFirewallDomainListsCommandOutput extends ListFirewallDomain * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/ListFirewallDomainsCommand.ts b/clients/client-route53resolver/src/commands/ListFirewallDomainsCommand.ts index cc505dd3e10f..4fa1cf332ac3 100644 --- a/clients/client-route53resolver/src/commands/ListFirewallDomainsCommand.ts +++ b/clients/client-route53resolver/src/commands/ListFirewallDomainsCommand.ts @@ -59,6 +59,8 @@ export interface ListFirewallDomainsCommandOutput extends ListFirewallDomainsRes * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/ListFirewallRuleGroupAssociationsCommand.ts b/clients/client-route53resolver/src/commands/ListFirewallRuleGroupAssociationsCommand.ts index f3d9e5eb2555..74fdcb584813 100644 --- a/clients/client-route53resolver/src/commands/ListFirewallRuleGroupAssociationsCommand.ts +++ b/clients/client-route53resolver/src/commands/ListFirewallRuleGroupAssociationsCommand.ts @@ -84,6 +84,8 @@ export interface ListFirewallRuleGroupAssociationsCommandOutput * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/ListFirewallRuleGroupsCommand.ts b/clients/client-route53resolver/src/commands/ListFirewallRuleGroupsCommand.ts index 8b4385da1892..f0d683295f7c 100644 --- a/clients/client-route53resolver/src/commands/ListFirewallRuleGroupsCommand.ts +++ b/clients/client-route53resolver/src/commands/ListFirewallRuleGroupsCommand.ts @@ -65,6 +65,8 @@ export interface ListFirewallRuleGroupsCommandOutput extends ListFirewallRuleGro * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/ListFirewallRulesCommand.ts b/clients/client-route53resolver/src/commands/ListFirewallRulesCommand.ts index 2efd711def0b..09238c1cd8e5 100644 --- a/clients/client-route53resolver/src/commands/ListFirewallRulesCommand.ts +++ b/clients/client-route53resolver/src/commands/ListFirewallRulesCommand.ts @@ -60,6 +60,7 @@ export interface ListFirewallRulesCommandOutput extends ListFirewallRulesRespons * // CreatorRequestId: "STRING_VALUE", * // CreationTime: "STRING_VALUE", * // ModificationTime: "STRING_VALUE", + * // FirewallDomainRedirectionAction: "INSPECT_REDIRECTION_DOMAIN" || "TRUST_REDIRECTION_DOMAIN", * // Qtype: "STRING_VALUE", * // }, * // ], @@ -75,6 +76,8 @@ export interface ListFirewallRulesCommandOutput extends ListFirewallRulesRespons * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/ListOutpostResolversCommand.ts b/clients/client-route53resolver/src/commands/ListOutpostResolversCommand.ts index 06661075008f..8a61501c5b19 100644 --- a/clients/client-route53resolver/src/commands/ListOutpostResolversCommand.ts +++ b/clients/client-route53resolver/src/commands/ListOutpostResolversCommand.ts @@ -70,6 +70,8 @@ export interface ListOutpostResolversCommandOutput extends ListOutpostResolversR * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/ListResolverConfigsCommand.ts b/clients/client-route53resolver/src/commands/ListResolverConfigsCommand.ts index b3c893bad393..aa19281ac402 100644 --- a/clients/client-route53resolver/src/commands/ListResolverConfigsCommand.ts +++ b/clients/client-route53resolver/src/commands/ListResolverConfigsCommand.ts @@ -63,6 +63,8 @@ export interface ListResolverConfigsCommandOutput extends ListResolverConfigsRes * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/ListResolverDnssecConfigsCommand.ts b/clients/client-route53resolver/src/commands/ListResolverDnssecConfigsCommand.ts index 28925dad88e9..19a31cbc2188 100644 --- a/clients/client-route53resolver/src/commands/ListResolverDnssecConfigsCommand.ts +++ b/clients/client-route53resolver/src/commands/ListResolverDnssecConfigsCommand.ts @@ -70,6 +70,8 @@ export interface ListResolverDnssecConfigsCommandOutput extends ListResolverDnss * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/ListResolverQueryLogConfigAssociationsCommand.ts b/clients/client-route53resolver/src/commands/ListResolverQueryLogConfigAssociationsCommand.ts index f205544fc038..8de77ee9bed8 100644 --- a/clients/client-route53resolver/src/commands/ListResolverQueryLogConfigAssociationsCommand.ts +++ b/clients/client-route53resolver/src/commands/ListResolverQueryLogConfigAssociationsCommand.ts @@ -86,6 +86,8 @@ export interface ListResolverQueryLogConfigAssociationsCommandOutput * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/ListResolverQueryLogConfigsCommand.ts b/clients/client-route53resolver/src/commands/ListResolverQueryLogConfigsCommand.ts index 8c6bbb65c913..e119731141d3 100644 --- a/clients/client-route53resolver/src/commands/ListResolverQueryLogConfigsCommand.ts +++ b/clients/client-route53resolver/src/commands/ListResolverQueryLogConfigsCommand.ts @@ -83,6 +83,8 @@ export interface ListResolverQueryLogConfigsCommandOutput * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/PutFirewallRuleGroupPolicyCommand.ts b/clients/client-route53resolver/src/commands/PutFirewallRuleGroupPolicyCommand.ts index b0bebe41020b..3dd1cd6b55e1 100644 --- a/clients/client-route53resolver/src/commands/PutFirewallRuleGroupPolicyCommand.ts +++ b/clients/client-route53resolver/src/commands/PutFirewallRuleGroupPolicyCommand.ts @@ -56,6 +56,8 @@ export interface PutFirewallRuleGroupPolicyCommandOutput extends PutFirewallRule * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/PutResolverQueryLogConfigPolicyCommand.ts b/clients/client-route53resolver/src/commands/PutResolverQueryLogConfigPolicyCommand.ts index e136a7f537cb..d749ae2785d7 100644 --- a/clients/client-route53resolver/src/commands/PutResolverQueryLogConfigPolicyCommand.ts +++ b/clients/client-route53resolver/src/commands/PutResolverQueryLogConfigPolicyCommand.ts @@ -60,6 +60,8 @@ export interface PutResolverQueryLogConfigPolicyCommandOutput * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/PutResolverRulePolicyCommand.ts b/clients/client-route53resolver/src/commands/PutResolverRulePolicyCommand.ts index 55a2806411da..c50f305a7ca8 100644 --- a/clients/client-route53resolver/src/commands/PutResolverRulePolicyCommand.ts +++ b/clients/client-route53resolver/src/commands/PutResolverRulePolicyCommand.ts @@ -55,6 +55,8 @@ export interface PutResolverRulePolicyCommandOutput extends PutResolverRulePolic * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/UpdateFirewallConfigCommand.ts b/clients/client-route53resolver/src/commands/UpdateFirewallConfigCommand.ts index 44f4b05bab8c..507fee88b30b 100644 --- a/clients/client-route53resolver/src/commands/UpdateFirewallConfigCommand.ts +++ b/clients/client-route53resolver/src/commands/UpdateFirewallConfigCommand.ts @@ -60,6 +60,8 @@ export interface UpdateFirewallConfigCommandOutput extends UpdateFirewallConfigR * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/UpdateFirewallDomainsCommand.ts b/clients/client-route53resolver/src/commands/UpdateFirewallDomainsCommand.ts index 30d3b19bea81..4d6bdb8f3fba 100644 --- a/clients/client-route53resolver/src/commands/UpdateFirewallDomainsCommand.ts +++ b/clients/client-route53resolver/src/commands/UpdateFirewallDomainsCommand.ts @@ -60,6 +60,8 @@ export interface UpdateFirewallDomainsCommandOutput extends UpdateFirewallDomain * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link ConflictException} (client fault) *The requested state transition isn't valid. For example, you can't delete a firewall diff --git a/clients/client-route53resolver/src/commands/UpdateFirewallRuleCommand.ts b/clients/client-route53resolver/src/commands/UpdateFirewallRuleCommand.ts index bacaeaf5576f..2f771ffe12b7 100644 --- a/clients/client-route53resolver/src/commands/UpdateFirewallRuleCommand.ts +++ b/clients/client-route53resolver/src/commands/UpdateFirewallRuleCommand.ts @@ -44,6 +44,7 @@ export interface UpdateFirewallRuleCommandOutput extends UpdateFirewallRuleRespo * BlockOverrideDnsType: "CNAME", * BlockOverrideTtl: Number("int"), * Name: "STRING_VALUE", + * FirewallDomainRedirectionAction: "INSPECT_REDIRECTION_DOMAIN" || "TRUST_REDIRECTION_DOMAIN", * Qtype: "STRING_VALUE", * }; * const command = new UpdateFirewallRuleCommand(input); @@ -62,6 +63,7 @@ export interface UpdateFirewallRuleCommandOutput extends UpdateFirewallRuleRespo * // CreatorRequestId: "STRING_VALUE", * // CreationTime: "STRING_VALUE", * // ModificationTime: "STRING_VALUE", + * // FirewallDomainRedirectionAction: "INSPECT_REDIRECTION_DOMAIN" || "TRUST_REDIRECTION_DOMAIN", * // Qtype: "STRING_VALUE", * // }, * // }; @@ -76,6 +78,8 @@ export interface UpdateFirewallRuleCommandOutput extends UpdateFirewallRuleRespo * * @throws {@link AccessDeniedException} (client fault) *
The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link ConflictException} (client fault) *The requested state transition isn't valid. For example, you can't delete a firewall diff --git a/clients/client-route53resolver/src/commands/UpdateFirewallRuleGroupAssociationCommand.ts b/clients/client-route53resolver/src/commands/UpdateFirewallRuleGroupAssociationCommand.ts index e9e3d805a29a..8a5c0173e9b5 100644 --- a/clients/client-route53resolver/src/commands/UpdateFirewallRuleGroupAssociationCommand.ts +++ b/clients/client-route53resolver/src/commands/UpdateFirewallRuleGroupAssociationCommand.ts @@ -78,6 +78,8 @@ export interface UpdateFirewallRuleGroupAssociationCommandOutput * * @throws {@link AccessDeniedException} (client fault) *
The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link ConflictException} (client fault) *The requested state transition isn't valid. For example, you can't delete a firewall diff --git a/clients/client-route53resolver/src/commands/UpdateOutpostResolverCommand.ts b/clients/client-route53resolver/src/commands/UpdateOutpostResolverCommand.ts index 79df15ed1ef0..34922c2e24de 100644 --- a/clients/client-route53resolver/src/commands/UpdateOutpostResolverCommand.ts +++ b/clients/client-route53resolver/src/commands/UpdateOutpostResolverCommand.ts @@ -68,6 +68,8 @@ export interface UpdateOutpostResolverCommandOutput extends UpdateOutpostResolve * * @throws {@link AccessDeniedException} (client fault) *
The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link ConflictException} (client fault) *The requested state transition isn't valid. For example, you can't delete a firewall diff --git a/clients/client-route53resolver/src/commands/UpdateResolverConfigCommand.ts b/clients/client-route53resolver/src/commands/UpdateResolverConfigCommand.ts index a7fdd0b9d3e9..7584cc661eba 100644 --- a/clients/client-route53resolver/src/commands/UpdateResolverConfigCommand.ts +++ b/clients/client-route53resolver/src/commands/UpdateResolverConfigCommand.ts @@ -60,6 +60,8 @@ export interface UpdateResolverConfigCommandOutput extends UpdateResolverConfigR * * @throws {@link AccessDeniedException} (client fault) *
The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/UpdateResolverDnssecConfigCommand.ts b/clients/client-route53resolver/src/commands/UpdateResolverDnssecConfigCommand.ts index e32f90b00466..348d35971e18 100644 --- a/clients/client-route53resolver/src/commands/UpdateResolverDnssecConfigCommand.ts +++ b/clients/client-route53resolver/src/commands/UpdateResolverDnssecConfigCommand.ts @@ -59,6 +59,8 @@ export interface UpdateResolverDnssecConfigCommandOutput extends UpdateResolverD * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/UpdateResolverEndpointCommand.ts b/clients/client-route53resolver/src/commands/UpdateResolverEndpointCommand.ts index 496effeb67bf..b00385fc7849 100644 --- a/clients/client-route53resolver/src/commands/UpdateResolverEndpointCommand.ts +++ b/clients/client-route53resolver/src/commands/UpdateResolverEndpointCommand.ts @@ -86,6 +86,8 @@ export interface UpdateResolverEndpointCommandOutput extends UpdateResolverEndpo * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/commands/UpdateResolverRuleCommand.ts b/clients/client-route53resolver/src/commands/UpdateResolverRuleCommand.ts index dd92f147ba27..7c14234a9799 100644 --- a/clients/client-route53resolver/src/commands/UpdateResolverRuleCommand.ts +++ b/clients/client-route53resolver/src/commands/UpdateResolverRuleCommand.ts @@ -88,6 +88,8 @@ export interface UpdateResolverRuleCommandOutput extends UpdateResolverRuleRespo * * @throws {@link AccessDeniedException} (client fault) *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* * @throws {@link InternalServiceErrorException} (client fault) *We encountered an unknown error. Try again in a few minutes.
diff --git a/clients/client-route53resolver/src/models/models_0.ts b/clients/client-route53resolver/src/models/models_0.ts index df30f0b0e1eb..00143403bd70 100644 --- a/clients/client-route53resolver/src/models/models_0.ts +++ b/clients/client-route53resolver/src/models/models_0.ts @@ -5,6 +5,8 @@ import { Route53ResolverServiceException as __BaseException } from "./Route53Res /** *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
+ *This error can also be thrown when a customer has reached the 5120 character limit for a + * resource policy for CloudWatch Logs.
* @public */ export class AccessDeniedException extends __BaseException { @@ -1257,6 +1259,21 @@ export interface CreateFirewallDomainListResponse { FirewallDomainList?: FirewallDomainList; } +/** + * @public + * @enum + */ +export const FirewallDomainRedirectionAction = { + INSPECT_REDIRECTION_DOMAIN: "INSPECT_REDIRECTION_DOMAIN", + TRUST_REDIRECTION_DOMAIN: "TRUST_REDIRECTION_DOMAIN", +} as const; + +/** + * @public + */ +export type FirewallDomainRedirectionAction = + (typeof FirewallDomainRedirectionAction)[keyof typeof FirewallDomainRedirectionAction]; + /** * @public */ @@ -1360,6 +1377,20 @@ export interface CreateFirewallRuleRequest { */ Name: string | undefined; + /** + *+ * How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. + *
+ *
+ * Inspect_Redirection_Domain (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be
+ * added to the allow domain list.
+ * Trust_Redirection_Domain inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the redirection list to
+ * the domain alloww list.
* The DNS query type you want the rule to evaluate. Allowed values are; @@ -1405,6 +1436,13 @@ export interface CreateFirewallRuleRequest { *
TXT: Verifies email senders and application-specific values.
*A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be + * defined as TYPENUMBER, where the + * NUMBER can be 1-65334, for + * example, TYPE28. For more information, see + * List of DNS record types.
+ *+ * How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. + *
+ *
+ * Inspect_Redirection_Domain (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be
+ * added to the allow domain list.
+ * Trust_Redirection_Domain inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to
+ * the domain alloww list.
* The DNS query type you want the rule to evaluate. Allowed values are; @@ -1562,6 +1614,13 @@ export interface FirewallRule { *
TXT: Verifies email senders and application-specific values.
*A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be + * defined as TYPENUMBER, where the + * NUMBER can be 1-65334, for + * example, TYPE28. For more information, see + * List of DNS record types.
+ *Some security group rules will cause your connection to be tracked. For outbound resolver endpoint, it can potentially impact the + * maximum queries per second from outbound endpoint to your target name server. For inbound resolver endpoint, it can bring down the overall maximum queries per second per IP address to as low as 1500. + * To avoid connection tracking caused by security group, see + * Untracked connections.
* @public */ SecurityGroupIds: string[] | undefined; @@ -2626,6 +2689,13 @@ export interface DeleteFirewallRuleRequest { *TXT: Verifies email senders and application-specific values.
*A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be + * defined as TYPENUMBER, where the + * NUMBER can be 1-65334, for + * example, TYPE28. For more information, see + * List of DNS record types.
+ *+ * How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. + *
+ *
+ * Inspect_Redirection_Domain (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be
+ * added to the allow domain list.
+ * Trust_Redirection_Domain inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to
+ * the domain alloww list.
* The DNS query type you want the rule to evaluate. Allowed values are; @@ -5621,6 +5705,13 @@ export interface UpdateFirewallRuleRequest { *
TXT: Verifies email senders and application-specific values.
*A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be + * defined as TYPENUMBER, where the + * NUMBER can be 1-65334, for + * example, TYPE28. For more information, see + * List of DNS record types.
+ *The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
", + "smithy.api#documentation": "The current account doesn't have the IAM permissions required to perform the specified Resolver operation.
\nThis error can also be thrown when a customer has reached the 5120 character limit for a\n\t\t\tresource policy for CloudWatch Logs.
", "smithy.api#error": "client" } }, @@ -757,10 +757,16 @@ "smithy.api#required": {} } }, + "FirewallDomainRedirectionAction": { + "target": "com.amazonaws.route53resolver#FirewallDomainRedirectionAction", + "traits": { + "smithy.api#documentation": "\n\t\t\tHow you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. \n\t\t
\n\n Inspect_Redirection_Domain (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be \n\t\t\tadded to the allow domain list.
\n Trust_Redirection_Domain inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the redirection list to \n\t\tthe domain alloww list.
\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t
\n\n\t\t\t\tA: Returns an IPv4 address.
\nAAAA: Returns an Ipv6 address.
\nCAA: Restricts CAs that can create SSL/TLS certifications for the domain.
\nCNAME: Returns another domain name.
\nDS: Record that identifies the DNSSEC signing key of a delegated zone.
\nMX: Specifies mail servers.
\nNAPTR: Regular-expression-based rewriting of domain names.
\nNS: Authoritative name servers.
\nPTR: Maps an IP address to a domain name.
\nSOA: Start of authority record for the zone.
\nSPF: Lists the servers authorized to send emails from a domain.
\nSRV: Application specific values that identify servers.
\nTXT: Verifies email senders and application-specific values.
\n\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t
\n\n\t\t\t\tA: Returns an IPv4 address.
\nAAAA: Returns an Ipv6 address.
\nCAA: Restricts CAs that can create SSL/TLS certifications for the domain.
\nCNAME: Returns another domain name.
\nDS: Record that identifies the DNSSEC signing key of a delegated zone.
\nMX: Specifies mail servers.
\nNAPTR: Regular-expression-based rewriting of domain names.
\nNS: Authoritative name servers.
\nPTR: Maps an IP address to a domain name.
\nSOA: Start of authority record for the zone.
\nSPF: Lists the servers authorized to send emails from a domain.
\nSRV: Application specific values that identify servers.
\nTXT: Verifies email senders and application-specific values.
\nA query type you define by using the DNS type ID, for example 28 for AAAA. The values must be\n\t\t\t\tdefined as TYPENUMBER, where the\n\t\t\t\tNUMBER can be 1-65334, for\n\t\t\t\texample, TYPE28. For more information, see \n\t\t\t\tList of DNS record types.
\nThe ID of one or more security groups that you want to use to control access to this VPC. The security group that you specify \n\t\t\tmust include one or more inbound rules (for inbound Resolver endpoints) or outbound rules (for outbound Resolver endpoints). \n\t\t\tInbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port \n\t\t\tthat you're using for DNS queries on your network.
", + "smithy.api#documentation": "The ID of one or more security groups that you want to use to control access to this VPC. The security group that you specify \n\t\t\tmust include one or more inbound rules (for inbound Resolver endpoints) or outbound rules (for outbound Resolver endpoints). \n\t\t\tInbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port \n\t\t\tthat you're using for DNS queries on your network.
\nSome security group rules will cause your connection to be tracked. For outbound resolver endpoint, it can potentially impact the \n\t\t\tmaximum queries per second from outbound endpoint to your target name server. For inbound resolver endpoint, it can bring down the overall maximum queries per second per IP address to as low as 1500. \n\t\t\tTo avoid connection tracking caused by security group, see \n\t\t\tUntracked connections.
", "smithy.api#required": {} } }, @@ -1369,7 +1375,7 @@ "Qtype": { "target": "com.amazonaws.route53resolver#Qtype", "traits": { - "smithy.api#documentation": "\n\t\t\tThe DNS query type that the rule you are deleting evaluates. Allowed values are;\n\t\t
\n\n\t\t\t\tA: Returns an IPv4 address.
\nAAAA: Returns an Ipv6 address.
\nCAA: Restricts CAs that can create SSL/TLS certifications for the domain.
\nCNAME: Returns another domain name.
\nDS: Record that identifies the DNSSEC signing key of a delegated zone.
\nMX: Specifies mail servers.
\nNAPTR: Regular-expression-based rewriting of domain names.
\nNS: Authoritative name servers.
\nPTR: Maps an IP address to a domain name.
\nSOA: Start of authority record for the zone.
\nSPF: Lists the servers authorized to send emails from a domain.
\nSRV: Application specific values that identify servers.
\nTXT: Verifies email senders and application-specific values.
\n\n\t\t\tThe DNS query type that the rule you are deleting evaluates. Allowed values are;\n\t\t
\n\n\t\t\t\tA: Returns an IPv4 address.
\nAAAA: Returns an Ipv6 address.
\nCAA: Restricts CAs that can create SSL/TLS certifications for the domain.
\nCNAME: Returns another domain name.
\nDS: Record that identifies the DNSSEC signing key of a delegated zone.
\nMX: Specifies mail servers.
\nNAPTR: Regular-expression-based rewriting of domain names.
\nNS: Authoritative name servers.
\nPTR: Maps an IP address to a domain name.
\nSOA: Start of authority record for the zone.
\nSPF: Lists the servers authorized to send emails from a domain.
\nSRV: Application specific values that identify servers.
\nTXT: Verifies email senders and application-specific values.
\nA query type you define by using the DNS type ID, for example 28 for AAAA. The values must be\n\t\t\t\tdefined as TYPENUMBER, where the\n\t\t\t\tNUMBER can be 1-65334, for\n\t\t\t\texample, TYPE28. For more information, see \n\t\t\t\tList of DNS record types.
\nThe date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC).
" } }, + "FirewallDomainRedirectionAction": { + "target": "com.amazonaws.route53resolver#FirewallDomainRedirectionAction", + "traits": { + "smithy.api#documentation": "\n\t\t\tHow you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. \n\t\t
\n\n Inspect_Redirection_Domain (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be \n\t\t\tadded to the allow domain list.
\n Trust_Redirection_Domain inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to \n\t\t\tthe domain alloww list.
\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t
\n\n\t\t\t\tA: Returns an IPv4 address.
\nAAAA: Returns an Ipv6 address.
\nCAA: Restricts CAs that can create SSL/TLS certifications for the domain.
\nCNAME: Returns another domain name.
\nDS: Record that identifies the DNSSEC signing key of a delegated zone.
\nMX: Specifies mail servers.
\nNAPTR: Regular-expression-based rewriting of domain names.
\nNS: Authoritative name servers.
\nPTR: Maps an IP address to a domain name.
\nSOA: Start of authority record for the zone.
\nSPF: Lists the servers authorized to send emails from a domain.
\nSRV: Application specific values that identify servers.
\nTXT: Verifies email senders and application-specific values.
\n\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t
\n\n\t\t\t\tA: Returns an IPv4 address.
\nAAAA: Returns an Ipv6 address.
\nCAA: Restricts CAs that can create SSL/TLS certifications for the domain.
\nCNAME: Returns another domain name.
\nDS: Record that identifies the DNSSEC signing key of a delegated zone.
\nMX: Specifies mail servers.
\nNAPTR: Regular-expression-based rewriting of domain names.
\nNS: Authoritative name servers.
\nPTR: Maps an IP address to a domain name.
\nSOA: Start of authority record for the zone.
\nSPF: Lists the servers authorized to send emails from a domain.
\nSRV: Application specific values that identify servers.
\nTXT: Verifies email senders and application-specific values.
\nA query type you define by using the DNS type ID, for example 28 for AAAA. The values must be\n\t\t\t\tdefined as TYPENUMBER, where the\n\t\t\t\tNUMBER can be 1-65334, for\n\t\t\t\texample, TYPE28. For more information, see \n\t\t\t\tList of DNS record types.
\nThe name of the rule.
" } }, + "FirewallDomainRedirectionAction": { + "target": "com.amazonaws.route53resolver#FirewallDomainRedirectionAction", + "traits": { + "smithy.api#documentation": "\n\t\t\tHow you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS. \n\t\t
\n\n Inspect_Redirection_Domain (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be \n\t\t\tadded to the allow domain list.
\n Trust_Redirection_Domain inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to \n\t\t\tthe domain alloww list.
\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t
\n\n\t\t\t\tA: Returns an IPv4 address.
\nAAAA: Returns an Ipv6 address.
\nCAA: Restricts CAs that can create SSL/TLS certifications for the domain.
\nCNAME: Returns another domain name.
\nDS: Record that identifies the DNSSEC signing key of a delegated zone.
\nMX: Specifies mail servers.
\nNAPTR: Regular-expression-based rewriting of domain names.
\nNS: Authoritative name servers.
\nPTR: Maps an IP address to a domain name.
\nSOA: Start of authority record for the zone.
\nSPF: Lists the servers authorized to send emails from a domain.
\nSRV: Application specific values that identify servers.
\nTXT: Verifies email senders and application-specific values.
\n\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t
\n\n\t\t\t\tA: Returns an IPv4 address.
\nAAAA: Returns an Ipv6 address.
\nCAA: Restricts CAs that can create SSL/TLS certifications for the domain.
\nCNAME: Returns another domain name.
\nDS: Record that identifies the DNSSEC signing key of a delegated zone.
\nMX: Specifies mail servers.
\nNAPTR: Regular-expression-based rewriting of domain names.
\nNS: Authoritative name servers.
\nPTR: Maps an IP address to a domain name.
\nSOA: Start of authority record for the zone.
\nSPF: Lists the servers authorized to send emails from a domain.
\nSRV: Application specific values that identify servers.
\nTXT: Verifies email senders and application-specific values.
\nA query type you define by using the DNS type ID, for example 28 for AAAA. The values must be\n\t\t\t\tdefined as TYPENUMBER, where the\n\t\t\t\tNUMBER can be 1-65334, for\n\t\t\t\texample, TYPE28. For more information, see \n\t\t\t\tList of DNS record types.
\n