'Automate DNS Query Logging with Route53 Resolver - Cloud Formation

So, I have about 200 accounts in AWS that need to have the VPC traffic queried and sent to an S3 bucket on a centralized account for monitoring - all VPCs in every account. We manually set up 5 accounts to test the function and it works as we expected. I decided to write up a yaml and deploy the script to all other accounts by means of CloudFormation. There's a problem - AWS has limited options for the Route53Resolver function where yaml is concerned.

I can assign the s3 destination and I can name the query log config, but that's it. The only think that makes that query log useful, associating the VPCs, cannot be done via CloudFormation. I have been tinkering with the cloud formation because it is truly only 10 lines of code:

Description: 
  Configure DNS Resolver Query Logging with all necessary resources

  Route53ResolverQuery-Config:
    Type: AWS::Route53Resolver::ResolverQueryLoggingConfig
    Properties: 
      DestinationArn: *destination*
      Name: route53-dns-query-logging

It is simply missing one single option to add the VPCs that are to be queried. According to the AWS documentation, it is not included:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverqueryloggingconfigassociation.html

Now, I know the alternative, because boto3 has the solution in associating a VPC:

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/route53resolver.html#Route53Resolver.Client.associate_resolver_query_log_config

So, I could create the config log, build a lambda function, build in a maintenance window and the necessary roles and policies to run them, bake it all into a yaml and deploy a stackset to all child accounts and call it good, but that seems like too much extra work for something that could absolutely be done with just one more available property in the yaml function.

So, my question to you all is - is there anything I'm missing that could round out this code simply in a single yaml resource? Or as close to it as possible?

pythondnsamazon-route53


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

pip issue installing almost any library

pip issue installing almost any library

pip issue installing almost any library

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

A simple SMTP server (in Python)

How to specify which pytorch to import, if I have two different versions installed?

How to specify which pytorch to import, if I have two different versions installed?

A simple SMTP server (in Python)

Python: get all months in range?

Python: get all months in range?

Python: get all months in range?

How to specify which pytorch to import, if I have two different versions installed?