This repository contains CloudFormation templates and automation scripts for Amazon Route 53 Resolver DNS Firewall configurations.
- Located in
/Abuse.ch
This solution demonstrates an automated approach for creating a DNS Firewall domain list, leveraging an AWS Lambda function to parse an external source (https://abuse.ch), and keep the rule group automatically up to date.
- Located in
/sample-rule-group
A CloudFormation template that creates a DNS Firewall rule group with recommended AWS managed domain list and DNS Firewall Advanced rules for protecting against advanced DNS threats:
- BLOCK - AWS Managed Aggregate Threat List
- BLOCK - DNS Tunneling (High Confidence)
- BLOCK - Domain Generation Algorithms (High Confidence)
- ALERT - DNS Tunneling (Low Confidence)
- ALERT - Domain Generation Algorithms (Low Confidence)
- Located in
/AllowListGenerator
This solution automates the creation of allow lists for Amazon Route 53 Resolver DNS Firewall based on Route 53 query logs. It analyzes DNS queries stored in CloudWatch Logs and generates domain lists with metrics, helping build allow list-based architectures for controlling outbound DNS traffic from your workloads.
- Clone the repository
- Navigate to the desired solution folder
- Follow the deployment instructions in each solution's README
This sample code is made available under the MIT-0 license. See the LICENSE file.