How to Create DNS Firewall Rule Group on Amazon Web Service(AWS).

A DNS Firewall firewall is a network security solution that prevents network users and systems from connecting to known malicious Internet locations.DNS Firewall works by employing DNS Response Policy Zones (RPZs) and actionable threat intelligence to prevent data exfiltration.


  • Login to aws portal.
  • Click on Services.


Fig 1


  • Under Networking & Content Delivery select VPC.


Fig 2


  • Click on Rule Groups.


Fig. 3


  • Click on Create rule group.


Fig. 4


  • Provide the rule group name & description.
  • Click on Next.


Fig. 5


  • Click on Add rule.


Fig. 5


  • Provide Rule name.
  • Select Domain list.


Fig. 6


  • Select Add my own domain list.
  • Click on Choose or create a new domain list.


Fig. 5


  • Provide Domain list name. Enter a domain per line for example:


Fig. 6


  • Click on Add rule.
  • Click on Next.

Fig. 8


  • Click on Next.


Fig 9


  • Set the rule priority.
  • Click on Next.


Fig 10


  • Provide the key name & value for DNS Firewall rule group.
  • Click on Next.


Fig 11


  • Review all the configurations.


Fig 12


  • Click on Create rule group.


Fig 13


  • After sometime DNS firewall rule group is ready.


Fig 14


  • Click on New Rule group name .


Fig 15


  • Select Associated VPCs.
  • Click on Associate VPC.


Fig 15


  • Select existing VPC,
  • Click on Associate.


Fig 16


  • After sometime VPC is successfully associated.


Fig 17


Create DNS firewall rule group using Shell

create-firewall-rule –firewall-rule-group-id <value> –firewall-domain-list-id <value> –priority <value> –action <value>

TO associate VPC.

associate-firewall-rule-group –firewall-rule-group-id <value> –vpc-id <value> –priority <value> –name <value>


Leave a Reply