aws-cdk-lib.aws_shield.CfnProtectionProps

interface CfnProtectionProps

LanguageType name
.NETAmazon.CDK.aws_shield.CfnProtectionProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsshield#CfnProtectionProps
Javaservices.shield.CfnProtectionProps
Pythonaws_cdk.aws_shield.CfnProtectionProps
TypeScript aws-cdk-lib » aws_shield » CfnProtectionProps

Properties for defining a CfnProtection.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_shield as shield } from 'aws-cdk-lib';

declare const block: any;
declare const count: any;
const cfnProtectionProps: shield.CfnProtectionProps = {
  name: 'name',
  resourceArn: 'resourceArn',

  // the properties below are optional
  applicationLayerAutomaticResponseConfiguration: {
    action: {
      block: block,
      count: count,
    },
    status: 'status',
  },
  healthCheckArns: ['healthCheckArns'],
  tags: [{
    key: 'key',
    value: 'value',
  }],
};

Properties

NameTypeDescription
namestringThe name of the protection. For example, My CloudFront distributions .
resourceArnstringThe ARN (Amazon Resource Name) of the AWS resource that is protected.
applicationLayerAutomaticResponseConfiguration?IResolvable | ApplicationLayerAutomaticResponseConfigurationPropertyThe automatic application layer DDoS mitigation settings for the protection.
healthCheckArns?string[]The ARN (Amazon Resource Name) of the health check to associate with the protection.
tags?CfnTag[]Key:value pairs associated with an AWS resource.

name

Type: string

The name of the protection. For example, My CloudFront distributions .

If you change the name of an existing protection, Shield Advanced deletes the protection and replaces it with a new one. While this is happening, the protection isn't available on the AWS resource.


resourceArn

Type: string

The ARN (Amazon Resource Name) of the AWS resource that is protected.


applicationLayerAutomaticResponseConfiguration?

Type: IResolvable | ApplicationLayerAutomaticResponseConfigurationProperty (optional)

The automatic application layer DDoS mitigation settings for the protection.

This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.


healthCheckArns?

Type: string[] (optional)

The ARN (Amazon Resource Name) of the health check to associate with the protection.

Health-based detection provides improved responsiveness and accuracy in attack detection and mitigation.

You can use this option with any resource type except for Route 53 hosted zones.

For more information, see Configuring health-based detection using health checks in the AWS Shield Advanced Developer Guide .


tags?

Type: CfnTag[] (optional)

Key:value pairs associated with an AWS resource.

The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource.