Module Awso_route53.ValuesSource

A complex type that lists the coordinates for a geoproximity resource record.

Information specific to the resource record. If you're creating an alias resource record set, omit ResourceRecord.

For the metric that the CloudWatch alarm is associated with, a complex type that contains information about one dimension.

Alias resource record sets only: Information about the Amazon Web Services resource, such as a CloudFront distribution or an Amazon S3 bucket, that you want to route traffic to. When creating resource record sets for a private hosted zone, note the following: For information about creating failover resource record sets in a private hosted zone, see Configuring Failover in a Private Hosted Zone.

The object that is specified in resource record set object when you are linking a resource record set to a CIDR location. A LocationName with an asterisk “*” can be used to create a default CIDR record. CollectionId is still required for default record.

A complex type that contains information about a geographic location.

(Resource record sets only): A complex type that lets you specify where your resources are located. Only one of LocalZoneGroup, Coordinates, or Amazon Web ServicesRegion is allowed per request at a time. For more information about geoproximity routing, see Geoproximity routing in the Amazon Route 53 Developer Guide.

A complex type that contains information about a tag that you want to add or edit for the specified health check or hosted zone.

Contains information about why certain features failed to be enabled or configured for the hosted zone.

A complex type that identifies the CloudWatch alarm that you want Amazon Route 53 health checkers to use to determine whether the specified health check is healthy.

Information about the resource record set to create or delete.

(Private hosted zones only) The ID of an Amazon VPC.

A complex type that contains an optional comment about your hosted zone. If you don't want to specify a comment, omit both the HostedZoneConfig and Comment elements.

Represents the features configuration for a hosted zone, including the status of various features and any associated failure reasons.

If a health check or hosted zone was created by another service, LinkedService is a complex type that describes the service that created the resource. When a resource is created by another service, you can't edit or delete it using Amazon Route 53.

A complex type that identifies a hosted zone that a specified Amazon VPC is associated with and the owner of the hosted zone. If there is a value for OwningAccount, there is no value for OwningService, and vice versa.

A complex type that contains information about the CloudWatch alarm that Amazon Route 53 is monitoring for this health check.

A complex type that contains information about the health check.

A complex type that contains the status that one Amazon Route 53 health checker reports and the time of the health check.

The information for each resource record set that you want to change.

A value that Amazon Route 53 returned for this resource record set. A RecordDataEntry element is one of the following: For non-alias resource record sets, a RecordDataEntry element contains one value in the resource record set. If the resource record set contains multiple values, the response includes one RecordDataEntry element for each value. For multiple resource record sets that have the same name and type, which includes weighted, latency, geolocation, and failover, a RecordDataEntry element contains the value from the appropriate resource record set based on the request. For alias resource record sets that refer to Amazon Web Services resources other than another resource record set, the RecordDataEntry element contains an IP address or a domain name for the Amazon Web Services resource, depending on the type of resource. For alias resource record sets that refer to other resource record sets, a RecordDataEntry element contains one value from the referenced resource record set. If the referenced resource record set contains multiple values, the response includes one RecordDataEntry element for each value.

(Private hosted zones only) A complex type that contains information about an Amazon VPC. If you associate a private hosted zone with an Amazon VPC when you make a CreateHostedZone request, the following parameters are also required.

A complex type that contains settings for a traffic policy.

A complex type that contains settings for the new traffic policy instance.

A complex type that contains information about the latest version of one traffic policy that is associated with the current Amazon Web Services account.

A complex type containing a resource and its associated tags.

A complex type that lists the name servers in a delegation set, as well as the CallerReference and the ID for the delegation set.

A complex type that contains information about a configuration for DNS query logging.

A complex type that contains general information about the hosted zone.

In the response to a ListHostedZonesByVPC request, the HostedZoneSummaries element contains one HostedZoneSummary element for each hosted zone that the specified Amazon VPC is associated with. Each HostedZoneSummary element contains the hosted zone name and ID, and information about who owns the hosted zone.

A complex type that contains information about one health check that is associated with the current Amazon Web Services account.

A complex type that contains the codes and full continent, country, and subdivision names for the specified geolocation code.

A complex type that contains information about the CIDR location.

A complex type that is an entry in an CidrCollection array.

A complex type that lists the CIDR blocks.

A complex type that contains the last failure reason as reported by one Amazon Route 53 health checker.

A key-signing key (KSK) is a complex type that represents a public/private key pair. The private key is used to generate a digital signature for the zone signing key (ZSK). The public key is stored in the DNS and is used to authenticate the ZSK. A KSK is always associated with a hosted zone; it cannot exist by itself.

A complex type that contains information about the CIDR collection change.

You tried to update a traffic policy instance by using a traffic policy version that has a different DNS type than the current type for the instance. You specified the type in the JSON document in the CreateTrafficPolicy or CreateTrafficPolicyVersionrequest.

The input is not valid.

No traffic policy exists with the specified ID.

No traffic policy instance exists with the specified ID.

If Amazon Route 53 can't process a request before the next request arrives, it will reject subsequent requests for the same hosted zone and return an HTTP 400 error (Bad request). If Route 53 returns this error repeatedly for the same request, we recommend that you wait, in intervals of increasing duration, before you try the request again.

Another user submitted a request to create, update, or delete the object at the same time that you did. Retry the request.

This operation can't be completed because the current account has reached the limit on the resource you are trying to create. To request a higher limit, create a case with the Amazon Web Services Support Center.

No hosted zone exists with the ID that you specified.

The value of HealthCheckVersion in the request doesn't match the value of HealthCheckVersion in the health check.

No health check exists with the specified ID.

The value that you specified to get the second or subsequent page of results is invalid.

The limit on the number of requests per second was exceeded.

A reusable delegation set with the specified ID does not exist.

A reusable delegation set with the specified ID does not exist.

The specified domain name is not valid.

The resource you're trying to access is unsupported on this Amazon Route 53 endpoint.

The CIDR collection you specified, doesn't exist.

The CIDR collection location doesn't match any locations in your account.

A complex type that contains the type of limit that you specified in the request and the current value for that limit.

There is no DNS query logging configuration with the specified ID.

A complex type that contains the type of limit that you specified in the request and the current value for that limit.

The specified hosted zone is a public hosted zone, not a private hosted zone.

Amazon Route 53 doesn't support the specified geographic location. For a list of supported geolocation codes, see the GeoLocation data type.

A string representing the status of DNSSEC signing.

Parameter name is not valid.

A complex type that describes change information about changes made to your hosted zone.

A change with the specified change ID does not exist.

A complex type that contains the type of limit that you specified in the request and the current value for that limit.

The hosted zone doesn't have any DNSSEC resources.

The hosted zone nameservers don't match the parent nameservers. The hosted zone and parent must have the same nameservers.

The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC signing.

The key-signing key (KSK) status isn't valid or another KSK has the status INTERNAL_FAILURE.

A key-signing key (KSK) with ACTIVE status wasn't found.

The VPC ID that you specified either isn't a valid ID or the current account is not authorized to access this VPC.

The VPC that you're trying to disassociate from the private hosted zone is the last VPC that is associated with the hosted zone. Amazon Route 53 doesn't support disassociating the last VPC from a hosted zone.

The specified VPC and hosted zone are not currently associated.

The key-signing key (KSK) is specified in a parent DS record.

The VPC that you specified is not authorized to be associated with the hosted zone.

One or more traffic policy instances were created by using the specified traffic policy.

The specified delegation contains associated hosted zones which must be deleted before the reusable delegation set can be deleted.

Your hosted zone status isn't valid for this operation. In the hosted zone, change the status to enable DNSSEC or disable DNSSEC.

The specified key-signing key (KSK) doesn't exist.

The hosted zone contains resource records that are not SOA or NS records.

This error code is not in use.

This CIDR collection is in use, and isn't empty.

The key-signing key (KSK) that you specified can't be deactivated because it's the only KSK for a currently-enabled DNSSEC. Disable DNSSEC signing, or add or enable another KSK.

You've created the maximum number of authorizations that can be created for the specified hosted zone. To authorize another VPC to be associated with the hosted zone, submit a DeleteVPCAssociationAuthorization request to remove an existing authorization. To get a list of existing authorizations, submit a ListVPCAssociationAuthorizations request.

The format of the traffic policy document that you specified in the Document element is not valid.

This traffic policy version can't be created because you've reached the limit of 1000 on the number of versions that you can create for the current traffic policy. To create more traffic policy versions, you can use GetTrafficPolicy to get the traffic policy document for a specified traffic policy version, and then use CreateTrafficPolicy to create a new traffic policy using the traffic policy document.

This traffic policy can't be created because the current account has reached the limit on the number of traffic policies. For information about default limits, see Limits in the Amazon Route 53 Developer Guide. To get the current limit for an account, see GetAccountLimit. To request a higher limit, create a case with the Amazon Web Services Support Center.

A traffic policy that has the same value for Name already exists.

This traffic policy instance can't be created because the current account has reached the limit on the number of traffic policy instances. For information about default limits, see Limits in the Amazon Route 53 Developer Guide. For information about how to get the current limit for an account, see GetAccountLimit. To request a higher limit, create a case with the Amazon Web Services Support Center.

There is already a traffic policy instance with the specified ID.

A delegation set with the same owner and caller reference combination has already been created.

The specified delegation set has already been marked as reusable.

You can create a hosted zone that has the same name as an existing hosted zone (example.com is common), but there is a limit to the number of hosted zones that have the same name. If you get this error, Amazon Route 53 has reached that limit. If you own the domain name and Route 53 generates this error, contact Customer Support.

The specified HostedZone can't be found.

Amazon Route 53 doesn't have the permissions required to create log streams and send query logs to log streams. Possible causes include the following: There is no resource policy that specifies the log group ARN in the value for Resource. The resource policy that includes the log group ARN in the value for Resource doesn't have the necessary permissions. The resource policy hasn't finished propagating yet. The Key management service (KMS) key you specified doesn’t exist or it can’t be used with the log group associated with query log. Update or provide a resource policy to grant permissions for the KMS key. The Key management service (KMS) key you specified is marked as disabled for the log group associated with query log. Update or provide a resource policy to grant permissions for the KMS key.

There is no CloudWatch Logs log group with the specified ARN.

You can create only one query logging configuration for a hosted zone, and a query logging configuration already exists for this hosted zone.

The key-signing key (KSK) name that you specified isn't a valid name.

You've already created a key-signing key (KSK) with this name or with the same customer managed key ARN.

You've reached the limit for the number of key-signing keys (KSKs). Remove at least one KSK, and then try again.

The cause of this error depends on the operation that you're performing: Create a public hosted zone: Two hosted zones that have the same name or that have a parent/child relationship (example.com and test.example.com) can't have any common name servers. You tried to create a hosted zone that has the same name as an existing hosted zone or that's the parent or child of an existing hosted zone, and you specified a delegation set that shares one or more name servers with the existing hosted zone. For more information, see CreateReusableDelegationSet. Create a private hosted zone: A hosted zone with the specified name already exists and is already associated with the Amazon VPC that you specified. Associate VPCs with a private hosted zone: The VPC that you specified is already associated with another hosted zone that has the same name.

The hosted zone you're trying to create already exists. Amazon Route 53 returns this error when a hosted zone has already been created with the specified CallerReference.

This operation can't be completed either because the current account has reached the limit on the number of hosted zones or because you've reached the limit on the number of hosted zones that can be associated with a reusable delegation set. For information about default limits, see Limits in the Amazon Route 53 Developer Guide. To get the current limit on hosted zones that can be created by an account, see GetAccountLimit. To get the current limit on hosted zones that can be associated with a reusable delegation set, see GetReusableDelegationSetLimit. To request a higher limit, create a case with the Amazon Web Services Support Center.

The health check you're attempting to create already exists. Amazon Route 53 returns this error when you submit a request that has the following values: The same value for CallerReference as an existing health check, and one or more values that differ from the existing health check that has the same caller reference. The same value for CallerReference as a health check that you created and later deleted, regardless of the other settings in the request.

This health check can't be created because the current account has reached the limit on the number of active health checks. For information about default limits, see Limits in the Amazon Route 53 Developer Guide. For information about how to get the current limit for an account, see GetAccountLimit. To request a higher limit, create a case with the Amazon Web Services Support Center. You have reached the maximum number of active health checks for an Amazon Web Services account. To request a higher limit, create a case with the Amazon Web Services Support Center.

A complex type that identifies a CIDR collection.

A CIDR collection with this name and a different caller reference already exists in this account.

This exception contains a list of messages that might contain one or more error messages. Each error message indicates one error in the change batch.

The information for a change request.

This CIDR block is already in use.

The CIDR collection version you provided, doesn't match the one in the ListCidrCollections operation.

Associating the specified VPC with the specified hosted zone has not been authorized.

You're trying to associate a VPC with a public hosted zone. Amazon Route 53 doesn't support associating a VPC with a public hosted zone.

A complex type that contains information about the resource record sets that Amazon Route 53 created based on a specified traffic policy.

A complex type that contains information about the resource record sets that you want to update based on a specified traffic policy instance.

A complex type that contains the response information for the traffic policy.

A complex type that contains information about the traffic policy that you want to update the comment for.

Updates the features configuration for a hosted zone. This operation allows you to enable or disable specific features for your hosted zone, such as accelerated recovery. Accelerated recovery enables you to update DNS records in your public hosted zone even when the us-east-1 region is unavailable.

Updates the features configuration for a hosted zone. This operation allows you to enable or disable specific features for your hosted zone, such as accelerated recovery. Accelerated recovery enables you to update DNS records in your public hosted zone even when the us-east-1 region is unavailable.

A complex type that contains the response to the UpdateHostedZoneComment request.

A request to update the comment for a hosted zone.

A complex type that contains the response to the UpdateHealthCheck request.

A complex type that contains information about a request to update a health check.

A complex type that contains the response to a TestDNSAnswer request.

Gets the value that Amazon Route 53 returns in response to a DNS request for a specified record name and type. You can optionally specify the IP address of a DNS resolver, an EDNS0 client subnet IP address, and a subnet mask.

A complex type that contains the response information for the request.

A complex type that contains information about that can be associated with your hosted zone.

A complex type that contains the response information for the request.

A complex type that contains the information about the request to list your traffic policies.

A complex type that contains the response information for the request.

A request to get information about the traffic policy instances that you created by using the current Amazon Web Services account.

A complex type that contains the response information for the request.

A complex type that contains the information about the request to list your traffic policy instances.

A complex type that contains the response information for the request.

A request for the traffic policy instances that you created in a specified hosted zone.

A complex type that contains the response information for the request.

A complex type that contains the information about the request to list the traffic policies that are associated with the current Amazon Web Services account.

A complex type containing tags for the specified resources.

A complex type that contains information about the health checks or hosted zones for which you want to list tags.

A complex type that contains information about the health checks or hosted zones for which you want to list tags.

A complex type containing information about a request for a list of the tags that are associated with an individual resource.

A complex type that contains information about the reusable delegation sets that are associated with the current Amazon Web Services account.

A request to get a list of the reusable delegation sets that are associated with the current Amazon Web Services account.

A complex type that contains list information for the resource record set.

A request for the resource record sets that are associated with a specified hosted zone.

Lists the configurations for DNS query logging that are associated with the current Amazon Web Services account or the configuration that is associated with a specified hosted zone. For more information about DNS query logs, see CreateQueryLoggingConfig. Additional information, including the format of DNS query logs, appears in Logging DNS Queries in the Amazon Route 53 Developer Guide.

Lists the configurations for DNS query logging that are associated with the current Amazon Web Services account or the configuration that is associated with a specified hosted zone. For more information about DNS query logs, see CreateQueryLoggingConfig. Additional information, including the format of DNS query logs, appears in Logging DNS Queries in the Amazon Route 53 Developer Guide.

Retrieves a list of the public and private hosted zones that are associated with the current Amazon Web Services account. The response includes a HostedZones child element for each hosted zone. Amazon Route 53 returns a maximum of 100 items in each response. If you have a lot of hosted zones, you can use the maxitems parameter to list them in groups of up to 100.

A request to retrieve a list of the public and private hosted zones that are associated with the current Amazon Web Services account.

Lists all the private hosted zones that a specified VPC is associated with, regardless of which Amazon Web Services account or Amazon Web Services service owns the hosted zones. The HostedZoneOwner structure in the response contains one of the following values: An OwningAccount element, which contains the account number of either the current Amazon Web Services account or another Amazon Web Services account. Some services, such as Cloud Map, create hosted zones using the current account. An OwningService element, which identifies the Amazon Web Services service that created and owns the hosted zone. For example, if a hosted zone was created by Amazon Elastic File System (Amazon EFS), the value of Owner is efs.amazonaws.com. ListHostedZonesByVPC returns the hosted zones associated with the specified VPC and does not reflect the hosted zone associations to VPCs via Route 53 Profiles. To get the associations to a Profile, call the ListProfileResourceAssociations API. When listing private hosted zones, the hosted zone and the Amazon VPC must belong to the same partition where the hosted zones were created. A partition is a group of Amazon Web Services Regions. Each Amazon Web Services account is scoped to one partition. The following are the supported partitions: aws - Amazon Web Services Regions aws-cn - China Regions aws-us-gov - Amazon Web Services GovCloud (US) Region For more information, see Access Management in the Amazon Web Services General Reference.

Lists all the private hosted zones that a specified VPC is associated with, regardless of which Amazon Web Services account created the hosted zones.

A complex type that contains the response information for the request.

Retrieves a list of the public and private hosted zones that are associated with the current Amazon Web Services account in ASCII order by domain name.

A complex type that contains the response to a ListHealthChecks request.

A request to retrieve a list of the health checks that are associated with the current Amazon Web Services account.

A complex type containing the response information for the request.

A request to get a list of geographic locations that Amazon Route 53 supports for geolocation resource record sets.

Returns a paginated list of CIDR locations for the given collection (metadata only, does not include CIDR blocks).

Returns a paginated list of CIDR locations for the given collection (metadata only, does not include CIDR blocks).

Returns a paginated list of CIDR collections in the Amazon Web Services account (metadata only).

Returns a paginated list of CIDR collections in the Amazon Web Services account (metadata only).

Returns a paginated list of location objects and their CIDR blocks.

Returns a paginated list of location objects and their CIDR blocks.

A complex type that contains the response information for the request.

Gets information about a specific traffic policy version.

A complex type that contains information about the resource record sets that Amazon Route 53 created based on a specified traffic policy.

Gets information about a specified traffic policy instance.

A complex type that contains information about the resource record sets that Amazon Route 53 created based on a specified traffic policy.

Request to get the number of traffic policy instances that are associated with the current Amazon Web Services account.

A complex type that contains the response to the GetReusableDelegationSet request.

A request to get information about a specified reusable delegation set.

A complex type that contains the requested limit.

A complex type that contains information about the request to create a hosted zone.

Gets information about a specified configuration for DNS query logging. For more information about DNS query logs, see CreateQueryLoggingConfig and Logging DNS Queries.

Gets information about a specified configuration for DNS query logging. For more information about DNS query logs, see CreateQueryLoggingConfig and Logging DNS Queries.

A complex type that contain the response to a GetHostedZone request.

A request to get information about a specified hosted zone.

A complex type that contains the requested limit.

A complex type that contains information about the request to create a hosted zone.

A complex type that contains the response to a GetHostedZoneCount request.

A request to retrieve a count of all the hosted zones that are associated with the current Amazon Web Services account.

A complex type that contains the response to a GetHealthCheck request.

A request to get the status for a health check.

A complex type that contains the response to a GetHealthCheck request.

A request to get information about a specified health check.

A complex type that contains the response to a GetHealthCheckLastFailureReason request.

A request for the reason that a health check failed most recently.

A complex type that contains the response to a GetHealthCheckCount request.

A request for the number of health checks that are associated with the current Amazon Web Services account.

A complex type that contains the response information for the specified geolocation code.

A request for information about whether a specified geographic location is supported for Amazon Route 53 geolocation resource record sets.

Returns information about DNSSEC for a specific hosted zone, including the key-signing keys (KSKs) in the hosted zone.

Returns information about DNSSEC for a specific hosted zone, including the key-signing keys (KSKs) in the hosted zone.

A complex type that contains the CheckerIpRanges element.

Empty request.

A complex type that contains the ChangeInfo element.

The input for a GetChange request.

A complex type that contains the requested limit.

A complex type that contains information about the request to create a hosted zone.

Enables DNSSEC signing in a specific hosted zone.

Enables DNSSEC signing in a specific hosted zone.

A complex type that contains the response information for the disassociate request.

A complex type that contains information about the VPC that you want to disassociate from a specified private hosted zone.

Disables DNSSEC signing in a specific hosted zone. This action does not deactivate any key-signing keys (KSKs) that are active in the hosted zone.

Disables DNSSEC signing in a specific hosted zone. This action does not deactivate any key-signing keys (KSKs) that are active in the hosted zone.

Empty response for the request.

A complex type that contains information about the request to remove authorization to associate a VPC that was created by one Amazon Web Services account with a hosted zone that was created with a different Amazon Web Services account.

An empty element.

A request to delete a specified traffic policy version.

An empty element.

A request to delete a specified traffic policy instance.

An empty element.

A request to delete a reusable delegation set.

Deletes a configuration for DNS query logging. If you delete a configuration, Amazon Route 53 stops sending query logs to CloudWatch Logs. Route 53 doesn't delete any logs that are already in CloudWatch Logs. For more information about DNS query logs, see CreateQueryLoggingConfig.

Deletes a configuration for DNS query logging. If you delete a configuration, Amazon Route 53 stops sending query logs to CloudWatch Logs. Route 53 doesn't delete any logs that are already in CloudWatch Logs. For more information about DNS query logs, see CreateQueryLoggingConfig.

Deletes a key-signing key (KSK). Before you can delete a KSK, you must deactivate it. The KSK must be deactivated before you can delete it regardless of whether the hosted zone is enabled for DNSSEC signing. You can use DeactivateKeySigningKey to deactivate the key before you delete it. Use GetDNSSEC to verify that the KSK is in an INACTIVE status.

Deletes a key-signing key (KSK). Before you can delete a KSK, you must deactivate it. The KSK must be deactivated before you can delete it regardless of whether the hosted zone is enabled for DNSSEC signing. You can use DeactivateKeySigningKey to deactivate the key before you delete it. Use GetDNSSEC to verify that the KSK is in an INACTIVE status.

A complex type that contains the response to a DeleteHostedZone request.

A request to delete a hosted zone.

An empty element.

This action deletes a health check.

Deletes a CIDR collection in the current Amazon Web Services account. The collection must be empty before it can be deleted.

Deletes a CIDR collection in the current Amazon Web Services account. The collection must be empty before it can be deleted.

Deactivates a key-signing key (KSK) so that it will not be used for signing by DNSSEC. This operation changes the KSK status to INACTIVE.

Deactivates a key-signing key (KSK) so that it will not be used for signing by DNSSEC. This operation changes the KSK status to INACTIVE.

A complex type that contains the response information from a CreateVPCAssociationAuthorization request.

A complex type that contains information about the request to authorize associating a VPC with your private hosted zone. Authorization is only required when a private hosted zone and a VPC were created by using different accounts.

A complex type that contains the response information for the CreateTrafficPolicyVersion request.

A complex type that contains information about the traffic policy that you want to create a new version for.

A complex type that contains the response information for the CreateTrafficPolicy request.

A complex type that contains information about the traffic policy that you want to create.

A complex type that contains the response information for the CreateTrafficPolicyInstance request.

A complex type that contains information about the resource record sets that you want to create based on a specified traffic policy.

Creates a delegation set (a group of four name servers) that can be reused by multiple hosted zones that were created by the same Amazon Web Services account. You can also create a reusable delegation set that uses the four name servers that are associated with an existing hosted zone. Specify the hosted zone ID in the CreateReusableDelegationSet request. You can't associate a reusable delegation set with a private hosted zone. For information about using a reusable delegation set to configure white label name servers, see Configuring White Label Name Servers. The process for migrating existing hosted zones to use a reusable delegation set is comparable to the process for configuring white label name servers. You need to perform the following steps: Create a reusable delegation set. Recreate hosted zones, and reduce the TTL to 60 seconds or less. Recreate resource record sets in the new hosted zones. Change the registrar's name servers to use the name servers for the new hosted zones. Monitor traffic for the website or application. Change TTLs back to their original values. If you want to migrate existing hosted zones to use a reusable delegation set, the existing hosted zones can't use any of the name servers that are assigned to the reusable delegation set. If one or more hosted zones do use one or more name servers that are assigned to the reusable delegation set, you can do one of the following: For small numbers of hosted zones—up to a few hundred—it's relatively easy to create reusable delegation sets until you get one that has four name servers that don't overlap with any of the name servers in your hosted zones. For larger numbers of hosted zones, the easiest solution is to use more than one reusable delegation set. For larger numbers of hosted zones, you can also migrate hosted zones that have overlapping name servers to hosted zones that don't have overlapping name servers, then migrate the hosted zones again to use the reusable delegation set.

Creates a delegation set (a group of four name servers) that can be reused by multiple hosted zones that were created by the same Amazon Web Services account. You can also create a reusable delegation set that uses the four name servers that are associated with an existing hosted zone. Specify the hosted zone ID in the CreateReusableDelegationSet request. You can't associate a reusable delegation set with a private hosted zone. For information about using a reusable delegation set to configure white label name servers, see Configuring White Label Name Servers. The process for migrating existing hosted zones to use a reusable delegation set is comparable to the process for configuring white label name servers. You need to perform the following steps: Create a reusable delegation set. Recreate hosted zones, and reduce the TTL to 60 seconds or less. Recreate resource record sets in the new hosted zones. Change the registrar's name servers to use the name servers for the new hosted zones. Monitor traffic for the website or application. Change TTLs back to their original values. If you want to migrate existing hosted zones to use a reusable delegation set, the existing hosted zones can't use any of the name servers that are assigned to the reusable delegation set. If one or more hosted zones do use one or more name servers that are assigned to the reusable delegation set, you can do one of the following: For small numbers of hosted zones—up to a few hundred—it's relatively easy to create reusable delegation sets until you get one that has four name servers that don't overlap with any of the name servers in your hosted zones. For larger numbers of hosted zones, the easiest solution is to use more than one reusable delegation set. For larger numbers of hosted zones, you can also migrate hosted zones that have overlapping name servers to hosted zones that don't have overlapping name servers, then migrate the hosted zones again to use the reusable delegation set.

Creates a configuration for DNS query logging. After you create a query logging configuration, Amazon Route 53 begins to publish log data to an Amazon CloudWatch Logs log group. DNS query logs contain information about the queries that Route 53 receives for a specified public hosted zone, such as the following: Route 53 edge location that responded to the DNS query Domain or subdomain that was requested DNS record type, such as A or AAAA DNS response code, such as NoError or ServFail Log Group and Resource Policy Before you create a query logging configuration, perform the following operations. If you create a query logging configuration using the Route 53 console, Route 53 performs these operations automatically. Create a CloudWatch Logs log group, and make note of the ARN, which you specify when you create a query logging configuration. Note the following: You must create the log group in the us-east-1 region. You must use the same Amazon Web Services account to create the log group and the hosted zone that you want to configure query logging for. When you create log groups for query logging, we recommend that you use a consistent prefix, for example: /aws/route53/hosted zone name In the next step, you'll create a resource policy, which controls access to one or more log groups and the associated Amazon Web Services resources, such as Route 53 hosted zones. There's a limit on the number of resource policies that you can create, so we recommend that you use a consistent prefix so you can use the same resource policy for all the log groups that you create for query logging. Create a CloudWatch Logs resource policy, and give it the permissions that Route 53 needs to create log streams and to send query logs to log streams. You must create the CloudWatch Logs resource policy in the us-east-1 region. For the value of Resource, specify the ARN for the log group that you created in the previous step. To use the same resource policy for all the CloudWatch Logs log groups that you created for query logging configurations, replace the hosted zone name with *, for example: arn:aws:logs:us-east-1:123412341234:log-group:/aws/route53/* To avoid the confused deputy problem, a security issue where an entity without a permission for an action can coerce a more-privileged entity to perform it, you can optionally limit the permissions that a service has to a resource in a resource-based policy by supplying the following values: For aws:SourceArn, supply the hosted zone ARN used in creating the query logging configuration. For example, aws:SourceArn: arn:aws:route53:::hostedzone/hosted zone ID. For aws:SourceAccount, supply the account ID for the account that creates the query logging configuration. For example, aws:SourceAccount:111111111111. For more information, see The confused deputy problem in the Amazon Web Services IAM User Guide. You can't use the CloudWatch console to create or edit a resource policy. You must use the CloudWatch API, one of the Amazon Web Services SDKs, or the CLI. Log Streams and Edge Locations When Route 53 finishes creating the configuration for DNS query logging, it does the following: Creates a log stream for an edge location the first time that the edge location responds to DNS queries for the specified hosted zone. That log stream is used to log all queries that Route 53 responds to for that edge location. Begins to send query logs to the applicable log stream. The name of each log stream is in the following format: hosted zone ID/edge location code The edge location code is a three-letter code and an arbitrarily assigned number, for example, DFW3. The three-letter code typically corresponds with the International Air Transport Association airport code for an airport near the edge location. (These abbreviations might change in the future.) For a list of edge locations, see "The Route 53 Global Network" on the Route 53 Product Details page. Queries That Are Logged Query logs contain only the queries that DNS resolvers forward to Route 53. If a DNS resolver has already cached the response to a query (such as the IP address for a load balancer for example.com), the resolver will continue to return the cached response. It doesn't forward another query to Route 53 until the TTL for the corresponding resource record set expires. Depending on how many DNS queries are submitted for a resource record set, and depending on the TTL for that resource record set, query logs might contain information about only one query out of every several thousand queries that are submitted to DNS. For more information about how DNS works, see Routing Internet Traffic to Your Website or Web Application in the Amazon Route 53 Developer Guide. Log File Format For a list of the values in each query log and the format of each value, see Logging DNS Queries in the Amazon Route 53 Developer Guide. Pricing For information about charges for query logs, see Amazon CloudWatch Pricing. How to Stop Logging If you want Route 53 to stop sending query logs to CloudWatch Logs, delete the query logging configuration. For more information, see DeleteQueryLoggingConfig.

Creates a configuration for DNS query logging. After you create a query logging configuration, Amazon Route 53 begins to publish log data to an Amazon CloudWatch Logs log group. DNS query logs contain information about the queries that Route 53 receives for a specified public hosted zone, such as the following: Route 53 edge location that responded to the DNS query Domain or subdomain that was requested DNS record type, such as A or AAAA DNS response code, such as NoError or ServFail Log Group and Resource Policy Before you create a query logging configuration, perform the following operations. If you create a query logging configuration using the Route 53 console, Route 53 performs these operations automatically. Create a CloudWatch Logs log group, and make note of the ARN, which you specify when you create a query logging configuration. Note the following: You must create the log group in the us-east-1 region. You must use the same Amazon Web Services account to create the log group and the hosted zone that you want to configure query logging for. When you create log groups for query logging, we recommend that you use a consistent prefix, for example: /aws/route53/hosted zone name In the next step, you'll create a resource policy, which controls access to one or more log groups and the associated Amazon Web Services resources, such as Route 53 hosted zones. There's a limit on the number of resource policies that you can create, so we recommend that you use a consistent prefix so you can use the same resource policy for all the log groups that you create for query logging. Create a CloudWatch Logs resource policy, and give it the permissions that Route 53 needs to create log streams and to send query logs to log streams. You must create the CloudWatch Logs resource policy in the us-east-1 region. For the value of Resource, specify the ARN for the log group that you created in the previous step. To use the same resource policy for all the CloudWatch Logs log groups that you created for query logging configurations, replace the hosted zone name with *, for example: arn:aws:logs:us-east-1:123412341234:log-group:/aws/route53/* To avoid the confused deputy problem, a security issue where an entity without a permission for an action can coerce a more-privileged entity to perform it, you can optionally limit the permissions that a service has to a resource in a resource-based policy by supplying the following values: For aws:SourceArn, supply the hosted zone ARN used in creating the query logging configuration. For example, aws:SourceArn: arn:aws:route53:::hostedzone/hosted zone ID. For aws:SourceAccount, supply the account ID for the account that creates the query logging configuration. For example, aws:SourceAccount:111111111111. For more information, see The confused deputy problem in the Amazon Web Services IAM User Guide. You can't use the CloudWatch console to create or edit a resource policy. You must use the CloudWatch API, one of the Amazon Web Services SDKs, or the CLI. Log Streams and Edge Locations When Route 53 finishes creating the configuration for DNS query logging, it does the following: Creates a log stream for an edge location the first time that the edge location responds to DNS queries for the specified hosted zone. That log stream is used to log all queries that Route 53 responds to for that edge location. Begins to send query logs to the applicable log stream. The name of each log stream is in the following format: hosted zone ID/edge location code The edge location code is a three-letter code and an arbitrarily assigned number, for example, DFW3. The three-letter code typically corresponds with the International Air Transport Association airport code for an airport near the edge location. (These abbreviations might change in the future.) For a list of edge locations, see "The Route 53 Global Network" on the Route 53 Product Details page. Queries That Are Logged Query logs contain only the queries that DNS resolvers forward to Route 53. If a DNS resolver has already cached the response to a query (such as the IP address for a load balancer for example.com), the resolver will continue to return the cached response. It doesn't forward another query to Route 53 until the TTL for the corresponding resource record set expires. Depending on how many DNS queries are submitted for a resource record set, and depending on the TTL for that resource record set, query logs might contain information about only one query out of every several thousand queries that are submitted to DNS. For more information about how DNS works, see Routing Internet Traffic to Your Website or Web Application in the Amazon Route 53 Developer Guide. Log File Format For a list of the values in each query log and the format of each value, see Logging DNS Queries in the Amazon Route 53 Developer Guide. Pricing For information about charges for query logs, see Amazon CloudWatch Pricing. How to Stop Logging If you want Route 53 to stop sending query logs to CloudWatch Logs, delete the query logging configuration. For more information, see DeleteQueryLoggingConfig.

Creates a new key-signing key (KSK) associated with a hosted zone. You can only have two KSKs per hosted zone.

Creates a new key-signing key (KSK) associated with a hosted zone. You can only have two KSKs per hosted zone.

A complex type containing the response information for the hosted zone.

A complex type that contains information about the request to create a public or private hosted zone.

A complex type containing the response information for the new health check.

A complex type that contains the health check request information.

Creates a CIDR collection in the current Amazon Web Services account.

Creates a CIDR collection in the current Amazon Web Services account.

Empty response for the request.

A complex type that contains information about the tags that you want to add, edit, or delete.

A complex type containing the response for the request.

A complex type that contains change information for the resource record set.

Creates, changes, or deletes CIDR blocks within a collection. Contains authoritative IP information mapping blocks to one or multiple locations. A change request can update multiple locations in a collection at a time, which is helpful if you want to move one or more CIDR blocks from one location to another in one transaction, without downtime. Limits The max number of CIDR blocks included in the request is 1000. As a result, big updates require multiple API calls. PUT and DELETE_IF_EXISTS Use ChangeCidrCollection to perform the following actions: PUT: Create a CIDR block within the specified collection. DELETE_IF_EXISTS: Delete an existing CIDR block from the collection.

Creates, changes, or deletes CIDR blocks within a collection. Contains authoritative IP information mapping blocks to one or multiple locations. A change request can update multiple locations in a collection at a time, which is helpful if you want to move one or more CIDR blocks from one location to another in one transaction, without downtime. Limits The max number of CIDR blocks included in the request is 1000. As a result, big updates require multiple API calls. PUT and DELETE_IF_EXISTS Use ChangeCidrCollection to perform the following actions: PUT: Create a CIDR block within the specified collection. DELETE_IF_EXISTS: Delete an existing CIDR block from the collection.

A complex type that contains the response information for the AssociateVPCWithHostedZone request.

A complex type that contains information about the request to associate a VPC with a private hosted zone.

Activates a key-signing key (KSK) so that it can be used for signing by DNSSEC. This operation changes the KSK status to ACTIVE.

Activates a key-signing key (KSK) so that it can be used for signing by DNSSEC. This operation changes the KSK status to ACTIVE.