%global _empty_manifest_terminate_build 0 Name: python-aws-cdk.aws-route53resolver-alpha Version: 2.83.0a0 Release: 1 Summary: The CDK Construct Library for AWS::Route53Resolver License: Apache-2.0 URL: https://github.com/aws/aws-cdk Source0: https://mirrors.aliyun.com/pypi/web/packages/83/c0/2abd6bbdacbb4ef3652bbc62489bf095a58c6cb675cc2ed69fc583ee98e5/aws-cdk.aws-route53resolver-alpha-2.83.0a0.tar.gz BuildArch: noarch Requires: python3-aws-cdk-lib Requires: python3-constructs Requires: python3-jsii Requires: python3-publication Requires: python3-typeguard %description ## DNS Firewall With Route 53 Resolver DNS Firewall, you can filter and regulate outbound DNS traffic for your virtual private connections (VPCs). To do this, you create reusable collections of filtering rules in DNS Firewall rule groups and associate the rule groups to your VPC. DNS Firewall provides protection for outbound DNS requests from your VPCs. These requests route through Resolver for domain name resolution. A primary use of DNS Firewall protections is to help prevent DNS exfiltration of your data. DNS exfiltration can happen when a bad actor compromises an application instance in your VPC and then uses DNS lookup to send data out of the VPC to a domain that they control. With DNS Firewall, you can monitor and control the domains that your applications can query. You can deny access to the domains that you know to be bad and allow all other queries to pass through. Alternately, you can deny access to all domains except for the ones that you explicitly trust. ### Domain lists Domain lists can be created using a list of strings, a text file stored in Amazon S3 or a local text file: ```python block_list = route53resolver.FirewallDomainList(self, "BlockList", domains=route53resolver.FirewallDomains.from_list(["bad-domain.com", "bot-domain.net"]) ) s3_list = route53resolver.FirewallDomainList(self, "S3List", domains=route53resolver.FirewallDomains.from_s3_url("s3://bucket/prefix/object") ) asset_list = route53resolver.FirewallDomainList(self, "AssetList", domains=route53resolver.FirewallDomains.from_asset("/path/to/domains.txt") ) ``` The file must be a text file and must contain a single domain per line. Use `FirewallDomainList.fromFirewallDomainListId()` to import an existing or [AWS managed domain list](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.html): ```python # AWSManagedDomainsMalwareDomainList in us-east-1 malware_list = route53resolver.FirewallDomainList.from_firewall_domain_list_id(self, "Malware", "rslvr-fdl-2c46f2ecbfec4dcc") ``` ### Rule group Create a rule group: ```python # my_block_list: route53resolver.FirewallDomainList route53resolver.FirewallRuleGroup(self, "RuleGroup", rules=[route53resolver.FirewallRule( priority=10, firewall_domain_list=my_block_list, # block and reply with NODATA action=route53resolver.FirewallRuleAction.block() ) ] ) ``` Rules can be added at construction time or using `addRule()`: ```python # my_block_list: route53resolver.FirewallDomainList # rule_group: route53resolver.FirewallRuleGroup rule_group.add_rule( priority=10, firewall_domain_list=my_block_list, # block and reply with NXDOMAIN action=route53resolver.FirewallRuleAction.block(route53resolver.DnsBlockResponse.nx_domain()) ) rule_group.add_rule( priority=20, firewall_domain_list=my_block_list, # block and override DNS response with a custom domain action=route53resolver.FirewallRuleAction.block(route53resolver.DnsBlockResponse.override("amazon.com")) ) ``` Use `associate()` to associate a rule group with a VPC: ```python import aws_cdk.aws_ec2 as ec2 # rule_group: route53resolver.FirewallRuleGroup # my_vpc: ec2.Vpc rule_group.associate("Association", priority=101, vpc=my_vpc ) ``` %package -n python3-aws-cdk.aws-route53resolver-alpha Summary: The CDK Construct Library for AWS::Route53Resolver Provides: python-aws-cdk.aws-route53resolver-alpha BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-aws-cdk.aws-route53resolver-alpha ## DNS Firewall With Route 53 Resolver DNS Firewall, you can filter and regulate outbound DNS traffic for your virtual private connections (VPCs). To do this, you create reusable collections of filtering rules in DNS Firewall rule groups and associate the rule groups to your VPC. DNS Firewall provides protection for outbound DNS requests from your VPCs. These requests route through Resolver for domain name resolution. A primary use of DNS Firewall protections is to help prevent DNS exfiltration of your data. DNS exfiltration can happen when a bad actor compromises an application instance in your VPC and then uses DNS lookup to send data out of the VPC to a domain that they control. With DNS Firewall, you can monitor and control the domains that your applications can query. You can deny access to the domains that you know to be bad and allow all other queries to pass through. Alternately, you can deny access to all domains except for the ones that you explicitly trust. ### Domain lists Domain lists can be created using a list of strings, a text file stored in Amazon S3 or a local text file: ```python block_list = route53resolver.FirewallDomainList(self, "BlockList", domains=route53resolver.FirewallDomains.from_list(["bad-domain.com", "bot-domain.net"]) ) s3_list = route53resolver.FirewallDomainList(self, "S3List", domains=route53resolver.FirewallDomains.from_s3_url("s3://bucket/prefix/object") ) asset_list = route53resolver.FirewallDomainList(self, "AssetList", domains=route53resolver.FirewallDomains.from_asset("/path/to/domains.txt") ) ``` The file must be a text file and must contain a single domain per line. Use `FirewallDomainList.fromFirewallDomainListId()` to import an existing or [AWS managed domain list](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.html): ```python # AWSManagedDomainsMalwareDomainList in us-east-1 malware_list = route53resolver.FirewallDomainList.from_firewall_domain_list_id(self, "Malware", "rslvr-fdl-2c46f2ecbfec4dcc") ``` ### Rule group Create a rule group: ```python # my_block_list: route53resolver.FirewallDomainList route53resolver.FirewallRuleGroup(self, "RuleGroup", rules=[route53resolver.FirewallRule( priority=10, firewall_domain_list=my_block_list, # block and reply with NODATA action=route53resolver.FirewallRuleAction.block() ) ] ) ``` Rules can be added at construction time or using `addRule()`: ```python # my_block_list: route53resolver.FirewallDomainList # rule_group: route53resolver.FirewallRuleGroup rule_group.add_rule( priority=10, firewall_domain_list=my_block_list, # block and reply with NXDOMAIN action=route53resolver.FirewallRuleAction.block(route53resolver.DnsBlockResponse.nx_domain()) ) rule_group.add_rule( priority=20, firewall_domain_list=my_block_list, # block and override DNS response with a custom domain action=route53resolver.FirewallRuleAction.block(route53resolver.DnsBlockResponse.override("amazon.com")) ) ``` Use `associate()` to associate a rule group with a VPC: ```python import aws_cdk.aws_ec2 as ec2 # rule_group: route53resolver.FirewallRuleGroup # my_vpc: ec2.Vpc rule_group.associate("Association", priority=101, vpc=my_vpc ) ``` %package help Summary: Development documents and examples for aws-cdk.aws-route53resolver-alpha Provides: python3-aws-cdk.aws-route53resolver-alpha-doc %description help ## DNS Firewall With Route 53 Resolver DNS Firewall, you can filter and regulate outbound DNS traffic for your virtual private connections (VPCs). To do this, you create reusable collections of filtering rules in DNS Firewall rule groups and associate the rule groups to your VPC. DNS Firewall provides protection for outbound DNS requests from your VPCs. These requests route through Resolver for domain name resolution. A primary use of DNS Firewall protections is to help prevent DNS exfiltration of your data. DNS exfiltration can happen when a bad actor compromises an application instance in your VPC and then uses DNS lookup to send data out of the VPC to a domain that they control. With DNS Firewall, you can monitor and control the domains that your applications can query. You can deny access to the domains that you know to be bad and allow all other queries to pass through. Alternately, you can deny access to all domains except for the ones that you explicitly trust. ### Domain lists Domain lists can be created using a list of strings, a text file stored in Amazon S3 or a local text file: ```python block_list = route53resolver.FirewallDomainList(self, "BlockList", domains=route53resolver.FirewallDomains.from_list(["bad-domain.com", "bot-domain.net"]) ) s3_list = route53resolver.FirewallDomainList(self, "S3List", domains=route53resolver.FirewallDomains.from_s3_url("s3://bucket/prefix/object") ) asset_list = route53resolver.FirewallDomainList(self, "AssetList", domains=route53resolver.FirewallDomains.from_asset("/path/to/domains.txt") ) ``` The file must be a text file and must contain a single domain per line. Use `FirewallDomainList.fromFirewallDomainListId()` to import an existing or [AWS managed domain list](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.html): ```python # AWSManagedDomainsMalwareDomainList in us-east-1 malware_list = route53resolver.FirewallDomainList.from_firewall_domain_list_id(self, "Malware", "rslvr-fdl-2c46f2ecbfec4dcc") ``` ### Rule group Create a rule group: ```python # my_block_list: route53resolver.FirewallDomainList route53resolver.FirewallRuleGroup(self, "RuleGroup", rules=[route53resolver.FirewallRule( priority=10, firewall_domain_list=my_block_list, # block and reply with NODATA action=route53resolver.FirewallRuleAction.block() ) ] ) ``` Rules can be added at construction time or using `addRule()`: ```python # my_block_list: route53resolver.FirewallDomainList # rule_group: route53resolver.FirewallRuleGroup rule_group.add_rule( priority=10, firewall_domain_list=my_block_list, # block and reply with NXDOMAIN action=route53resolver.FirewallRuleAction.block(route53resolver.DnsBlockResponse.nx_domain()) ) rule_group.add_rule( priority=20, firewall_domain_list=my_block_list, # block and override DNS response with a custom domain action=route53resolver.FirewallRuleAction.block(route53resolver.DnsBlockResponse.override("amazon.com")) ) ``` Use `associate()` to associate a rule group with a VPC: ```python import aws_cdk.aws_ec2 as ec2 # rule_group: route53resolver.FirewallRuleGroup # my_vpc: ec2.Vpc rule_group.associate("Association", priority=101, vpc=my_vpc ) ``` %prep %autosetup -n aws-cdk.aws-route53resolver-alpha-2.83.0a0 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-aws-cdk.aws-route53resolver-alpha -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Fri Jun 09 2023 Python_Bot - 2.83.0a0-1 - Package Spec generated