Enables AWS Shield Advanced for a specific AWS resource. The resource can be an Amazon CloudFront distribution, Amazon Route 53 hosted zone, AWS Global Accelerator standard accelerator, Elastic IP Address, Application Load Balancer, or a Classic Load Balancer. You can protect Amazon EC2 instances and Network Load Balancers by association with protected Amazon EC2 Elastic IP addresses.
name
(String) Friendly name for the Protection.resource_arn
(String) The ARN (Amazon Resource Name) of the resource to be protected.application_layer_automatic_response_configuration
(Attributes) The automatic application layer DDoS mitigation settings for a Protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks. (see below for nested schema)health_check_arns
(List of String) The Amazon Resource Names (ARNs) of the health check to associate with the protection.tags
(Attributes List) One or more tag key-value pairs for the Protection object. (see below for nested schema)id
(String) Uniquely identifies the resource.protection_arn
(String) The ARN (Amazon Resource Name) of the protection.protection_id
(String) The unique identifier (ID) of the protection.application_layer_automatic_response_configuration
Required:
action
(Attributes) Specifies the action setting that Shield Advanced should use in the AWS WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the AWS WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource. (see below for nested schema)status
(String) Indicates whether automatic application layer DDoS mitigation is enabled for the protection.application_layer_automatic_response_configuration.action
Optional:
block
(String) Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Block
action.
You must specify exactly one action, either Block
or Count
.count
(String) Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Count
action.
You must specify exactly one action, either Block
or Count
.tags
Required:
key
(String) Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as "customer." Tag keys are case-sensitive.value
(String) Part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as "companyA" or "companyB." Tag values are case-sensitive.Import is supported using the following syntax:
$ terraform import awscc_shield_protection.example <resource ID>