Amazon Route 53 Resolver Query Logging Configuration Association

An Amazon Route 53 Resolver Query Logging Configuration Association links a VPC to a specific query logging configuration. This enables DNS query logs from that VPC to be captured and sent to destinations such as CloudWatch Logs, S3, or Kinesis Data Firehose. It helps with security analysis, troubleshooting, and compliance by recording DNS query activity.

aws.route53resolver_resolver_query_log_config_association

Fields

TitleIDTypeData TypeDescription
_keycorestring
account_idcorestring
creation_timecorestringThe date and time that the VPC was associated with the query logging configuration, in Unix time format and Coordinated Universal Time (UTC).
errorcorestringIf the value of Status is FAILED, the value of Error indicates the cause: DESTINATION_NOT_FOUND: The specified destination (for example, an Amazon S3 bucket) was deleted. ACCESS_DENIED: Permissions don't allow sending logs to the destination. If the value of Status is a value other than FAILED, Error is null.
error_messagecorestringContains additional information about the error. If the value or Error is null, the value of ErrorMessage also is null.
idcorestringThe ID of the query logging association.
resolver_query_log_config_idcorestringThe ID of the query logging configuration that a VPC is associated with.
resource_idcorestringThe ID of the Amazon VPC that is associated with the query logging configuration.
statuscorestringThe status of the specified query logging association. Valid values include the following: CREATING: Resolver is creating an association between an Amazon VPC and a query logging configuration. ACTIVE: The association between an Amazon VPC and a query logging configuration was successfully created. Resolver is logging queries that originate in the specified VPC. DELETING: Resolver is deleting this query logging association. FAILED: Resolver either couldn't create or couldn't delete the query logging association.
tagscorehstore_csv