Package software.amazon.awscdk.services.shield

Class CfnDRTAccess

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.CfnElement
software.amazon.awscdk.core.CfnRefElement
software.amazon.awscdk.core.CfnResource
software.amazon.awscdk.services.shield.CfnDRTAccess
All Implemented Interfaces:
IConstruct, IDependable, IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:30:35.772Z") @Stability(Stable) public class CfnDRTAccess extends CfnResource implements IInspectable
A CloudFormation AWS::Shield::DRTAccess.

Provides permissions for the AWS Shield Advanced Shield response team (SRT) to access your account and your resource protections, to help you mitigate potential distributed denial of service (DDoS) attacks.

To configure this resource through AWS CloudFormation , you must be subscribed to AWS Shield Advanced . You can subscribe through the Shield Advanced console and through the APIs. For more information, see Subscribe to AWS Shield Advanced .

See example templates for Shield Advanced in AWS CloudFormation at aws-samples/aws-shield-advanced-examples .

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.shield.*;
 CfnDRTAccess cfnDRTAccess = CfnDRTAccess.Builder.create(this, "MyCfnDRTAccess")
         .roleArn("roleArn")
         // the properties below are optional
         .logBucketList(List.of("logBucketList"))
         .build();

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnDRTAccess

      protected CfnDRTAccess(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnDRTAccess

      protected CfnDRTAccess(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnDRTAccess

      @Stability(Stable) public CfnDRTAccess(@NotNull Construct scope, @NotNull String id, @NotNull CfnDRTAccessProps props)
      Create a new AWS::Shield::DRTAccess.

      Parameters:
      scope -
      • scope in which this resource is defined.
      This parameter is required.
      id -
      • scoped id of the resource.
      This parameter is required.
      props -
      • resource properties.
      This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector -
      • tree inspector to collect and process attributes.
      This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrAccountId

      @Stability(Stable) @NotNull public String getAttrAccountId()
      The ID of the account that submitted the template.

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getRoleArn

      @Stability(Stable) @NotNull public String getRoleArn()
      Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks.

      This enables the SRT to inspect your AWS WAF configuration and logs and to create or update AWS WAF rules and web ACLs.

      You can associate only one RoleArn with your subscription. If you submit this update for an account that already has an associated role, the new RoleArn will replace the existing RoleArn .

      This change requires the following:

      The SRT will have access only to your AWS WAF and Shield resources. By submitting this request, you provide permissions to the SRT to inspect your AWS WAF and Shield configuration and logs, and to create and update AWS WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.

    • setRoleArn

      @Stability(Stable) public void setRoleArn(@NotNull String value)
      Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks.

      This enables the SRT to inspect your AWS WAF configuration and logs and to create or update AWS WAF rules and web ACLs.

      You can associate only one RoleArn with your subscription. If you submit this update for an account that already has an associated role, the new RoleArn will replace the existing RoleArn .

      This change requires the following:

      The SRT will have access only to your AWS WAF and Shield resources. By submitting this request, you provide permissions to the SRT to inspect your AWS WAF and Shield configuration and logs, and to create and update AWS WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.

    • getLogBucketList

      @Stability(Stable) @Nullable public List<String> getLogBucketList()
      Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources.

      You can associate up to 10 Amazon S3 buckets with your subscription.

      Use this to share information with the SRT that's not available in AWS WAF logs.

      To use the services of the SRT, you must be subscribed to the Business Support plan or the Enterprise Support plan .

    • setLogBucketList

      @Stability(Stable) public void setLogBucketList(@Nullable List<String> value)
      Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources.

      You can associate up to 10 Amazon S3 buckets with your subscription.

      Use this to share information with the SRT that's not available in AWS WAF logs.

      To use the services of the SRT, you must be subscribed to the Business Support plan or the Enterprise Support plan .