Choose the Route 53 services menu and choose rule groups

Click Rule groups and choose add Rule group

Enter a rule name and optional description if needed and click Next

Click add rule

Choose Add AWS managed Domain list and choose AWS Managed Domains the required domain set
Click the appropriate action, in this case, it should be BLOCK and it is important to repeat the process for the Malware domains

If the block action is used please choose the appropriate response

if the override response is chosen please enter the necessary details required. Ideally, either the NODATA or NXDOMAIN is used

In the eventuality that a custom Domain is needed choose Add my own domain list and create a new domain list unless already created.

If needed a bulk upload is supported. The data needs to be in a S3 bucket

Finally click add rule and click next

Click next and if needed set the rule priorities

If needed click the required rule and choose the available option and click next

Enter a tag if required and click next

Once ready click create rule group. If needed click edit to modify the previous steps done

Once the rule group is created the Route 53 Resolver DNS Firewall can block or allow or alert DNS queries depending on the rule conditions

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.