AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-05-31 · Documentation high

File: cli/latest/reference/route53resolver/update-firewall-rule.md

Summary

Added new '--firewall-rule-type' parameter with advanced threat detection capabilities including content/threat categories and DNS threat protection (DGA/DNS tunneling detection). Updated DNS record type range from 1-65334 to 1-65534.

Security assessment

The change introduces documentation for new DNS threat protection features (DGA, DNS tunneling, dictionary DGA) which are security capabilities. However, there's no evidence this addresses a specific existing vulnerability. The DNS range correction appears to be a documentation fix without security implications.

Diff

diff --git a/cli/latest/reference/route53resolver/update-firewall-rule.md b/cli/latest/reference/route53resolver/update-firewall-rule.md
index 13d9ecb44..5c0b599fa 100644
--- a//cli/latest/reference/route53resolver/update-firewall-rule.md
+++ b//cli/latest/reference/route53resolver/update-firewall-rule.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.55 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.57 Command Reference](../../index.html) »
@@ -81,0 +82 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/route5
+    [--firewall-rule-type <value>]
@@ -257 +258 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/route5
->   * A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65334, for example, TYPE28. For more information, see [List of DNS record types](https://en.wikipedia.org/wiki/List_of_DNS_record_types) .
+>   * A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65534, for example, TYPE28. For more information, see [List of DNS record types](https://en.wikipedia.org/wiki/List_of_DNS_record_types) .
@@ -306,0 +308,96 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/route5
+`--firewall-rule-type` (structure)
+
+> The rule type configuration for the firewall rule. This setting is mutually exclusive with the top-level `FirewallDomainListId` and `DnsThreatProtection` fields.
+> 
+> FirewallAdvancedContentCategory -> (structure)
+>
+>> The configuration for a content category-based filtering rule.
+>> 
+>> Category -> (string) [required]
+>>
+>>> The content category identifier. To retrieve the list of available content categories, call ListFirewallRuleTypes with `RuleType` set to `FirewallAdvancedContentCategory` .
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `128`
+>>> 
+
+> 
+> FirewallAdvancedThreatCategory -> (structure)
+>
+>> The configuration for a threat category-based filtering rule.
+>> 
+>> Category -> (string) [required]
+>>
+>>> The threat category identifier. To retrieve the list of available threat categories, call ListFirewallRuleTypes with `RuleType` set to `FirewallAdvancedThreatCategory` .
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `128`
+>>> 
+
+> 
+> DnsThreatProtection -> (structure)
+>
+>> The configuration for a DNS threat protection rule type, such as DGA or DNS tunneling detection.
+>> 
+>> Value -> (string) [required]
+>>
+>>> The type of DNS threat protection. Valid values are:
+>>> 
+>>>   * `DGA` : Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to launch malware attacks.
+>>>   * `DNS_TUNNELING` : DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client.
+>>>   * `DICT_DGA` : Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.
+>>> 
+
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `128`
+>>> 
+
+>> 
+>> ConfidenceThreshold -> (string) [required]
+>>
+>>> The confidence threshold for DNS Firewall Advanced. You must provide this value when you create or update a DNS Firewall Advanced rule. The confidence level values mean:
+>>> 
+>>>   * `LOW` : Provides the highest detection rate for threats, but also increases false positives.
+>>>   * `MEDIUM` : Provides a balance between detecting threats and false positives.
+>>>   * `HIGH` : Detects only the most well corroborated threats with a low rate of false positives.
+>>> 
+
+>>> 
+>>> Possible values:
+>>> 
+>>>   * `LOW`
+>>>   * `MEDIUM`
+>>>   * `HIGH`
+>>> 
+
+
+Shorthand Syntax:
+    
+    
+    FirewallAdvancedContentCategory={Category=string},FirewallAdvancedThreatCategory={Category=string},DnsThreatProtection={Value=string,ConfidenceThreshold=string}
+    
+
+JSON Syntax:
+    
+    
+    {
+      "FirewallAdvancedContentCategory": {
+        "Category": "string"
+      },
+      "FirewallAdvancedThreatCategory": {
+        "Category": "string"
+      },
+      "DnsThreatProtection": {
+        "Value": "string",
+        "ConfidenceThreshold": "LOW"|"MEDIUM"|"HIGH"
+      }
+    }
+    
+
@@ -636 +733 @@ FirewallRule -> (structure)
->>   * A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65334, for example, TYPE28. For more information, see [List of DNS record types](https://en.wikipedia.org/wiki/List_of_DNS_record_types) .
+>>   * A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65534, for example, TYPE28. For more information, see [List of DNS record types](https://en.wikipedia.org/wiki/List_of_DNS_record_types) .
@@ -680,0 +778,73 @@ FirewallRule -> (structure)
+> 
+> FirewallRuleType -> (structure)
+>
+>> The rule type configuration for the firewall rule. Exactly one member of this union should be set.
+>> 
+>> FirewallAdvancedContentCategory -> (structure)
+>>
+>>> The configuration for a content category-based filtering rule.
+>>> 
+>>> Category -> (string) [required]
+>>>
+>>>> The content category identifier. To retrieve the list of available content categories, call ListFirewallRuleTypes with `RuleType` set to `FirewallAdvancedContentCategory` .
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `128`
+>>>> 
+
+>> 
+>> FirewallAdvancedThreatCategory -> (structure)
+>>
+>>> The configuration for a threat category-based filtering rule.
+>>> 
+>>> Category -> (string) [required]
+>>>
+>>>> The threat category identifier. To retrieve the list of available threat categories, call ListFirewallRuleTypes with `RuleType` set to `FirewallAdvancedThreatCategory` .
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `128`
+>>>> 
+
+>> 
+>> DnsThreatProtection -> (structure)
+>>
+>>> The configuration for a DNS threat protection rule type, such as DGA or DNS tunneling detection.
+>>> 
+>>> Value -> (string) [required]
+>>>
+>>>> The type of DNS threat protection. Valid values are:
+>>>> 
+>>>>   * `DGA` : Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to launch malware attacks.
+>>>>   * `DNS_TUNNELING` : DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client.
+>>>>   * `DICT_DGA` : Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.
+>>>> 
+
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `128`
+>>>> 
+
+>>> 
+>>> ConfidenceThreshold -> (string) [required]
+>>>
+>>>> The confidence threshold for DNS Firewall Advanced. You must provide this value when you create or update a DNS Firewall Advanced rule. The confidence level values mean:
+>>>> 
+>>>>   * `LOW` : Provides the highest detection rate for threats, but also increases false positives.
+>>>>   * `MEDIUM` : Provides a balance between detecting threats and false positives.
+>>>>   * `HIGH` : Detects only the most well corroborated threats with a low rate of false positives.
+>>>> 
+
+>>>> 
+>>>> Possible values:
+>>>> 
+>>>>   * `LOW`
+>>>>   * `MEDIUM`
+>>>>   * `HIGH`
+>>>> 
+
@@ -692 +862 @@ FirewallRule -> (structure)
-  * [AWS CLI 2.34.55 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.57 Command Reference](../../index.html) »