This module enabled resolver DNS query logging so you can see the DNS queries being made by your VPC resources.
Optionally, it can also enable a resolver DNS firewall that only permits DNS queries for specific domains to resolve. This helps prevent unexpected egress from your VPC resources.
Although this module helps prevent egress, it doesn't stop direct IP connections when a DNS query is not required. To fully lock down your VPC egress, you should use Network ACLs and Security Groups that only allow egress to expected destinations.
No requirements.
| Name | Version |
|---|---|
| aws | n/a |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allowed_domains | (Optional) List of domains to allow through the DNS firewall. Required if firewall_enabled is true. |
list(string) |
[ |
no |
| billing_tag_key | (Optional, default 'CostCentre') The name of the billing tag | string |
"CostCentre" |
no |
| billing_tag_value | (Required) The value of the billing tag | string |
n/a | yes |
| firewall_enabled | (Optional) Should the resolver DNS firewall be enabled | bool |
false |
no |
| vpc_id | (Required) The ID of the VPC to associate the query log and firewall with | string |
n/a | yes |
No outputs.