CfnProtectionProps

class aws_cdk.aws_shield.CfnProtectionProps(*, name, resource_arn, application_layer_automatic_response_configuration=None, health_check_arns=None, tags=None)

Bases: object

Properties for defining a CfnProtection.

Parameters:

• name (str) – The name of the protection. For example, My CloudFront distributions . .. epigraph:: If you change the name of an existing protection, Shield Advanced deletes the protection and replaces it with a new one. While this is happening, the protection isn’t available on the AWS resource.

• resource_arn (str) – The ARN (Amazon Resource Name) of the AWS resource that is protected.

• application_layer_automatic_response_configuration (Union[IResolvable, ApplicationLayerAutomaticResponseConfigurationProperty, Dict[str, Any], None]) – The automatic application layer DDoS mitigation settings for the protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks. If you use AWS CloudFormation to manage the web ACLs that you use with Shield Advanced automatic mitigation, see the additional guidance about web ACL management in the AWS::WAFv2::WebACL resource description.

• health_check_arns (Optional[Sequence[str]]) – The ARN (Amazon Resource Name) of the health check to associate with the protection. Health-based detection provides improved responsiveness and accuracy in attack detection and mitigation. You can use this option with any resource type except for Route 53 hosted zones. For more information, see Configuring health-based detection using health checks in the AWS Shield Advanced Developer Guide .

• tags (Optional[Sequence[Union[CfnTag, Dict[str, Any]]]]) – Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as “environment”) and the tag value represents a specific value within that category (such as “test,” “development,” or “production”). You can add up to 50 tags to each AWS resource.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-shield-protection.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_shield as shield

# block: Any
# count: Any

cfn_protection_props = shield.CfnProtectionProps(
    name="name",
    resource_arn="resourceArn",

    # the properties below are optional
    application_layer_automatic_response_configuration=shield.CfnProtection.ApplicationLayerAutomaticResponseConfigurationProperty(
        action=shield.CfnProtection.ActionProperty(
            block=block,
            count=count
        ),
        status="status"
    ),
    health_check_arns=["healthCheckArns"],
    tags=[CfnTag(
        key="key",
        value="value"
    )]
)

Attributes

application_layer_automatic_response_configuration

The automatic application layer DDoS mitigation settings for the protection.

This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.

If you use AWS CloudFormation to manage the web ACLs that you use with Shield Advanced automatic mitigation, see the additional guidance about web ACL management in the AWS::WAFv2::WebACL resource description.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-shield-protection.html#cfn-shield-protection-applicationlayerautomaticresponseconfiguration

health_check_arns

The ARN (Amazon Resource Name) of the health check to associate with the protection.

Health-based detection provides improved responsiveness and accuracy in attack detection and mitigation.

You can use this option with any resource type except for Route 53 hosted zones.

For more information, see Configuring health-based detection using health checks in the AWS Shield Advanced Developer Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-shield-protection.html#cfn-shield-protection-healthcheckarns

name

The name of the protection. For example, My CloudFront distributions .

If you change the name of an existing protection, Shield Advanced deletes the protection and replaces it with a new one. While this is happening, the protection isn’t available on the AWS resource.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-shield-protection.html#cfn-shield-protection-name

resource_arn

The ARN (Amazon Resource Name) of the AWS resource that is protected.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-shield-protection.html#cfn-shield-protection-resourcearn

tags

value pairs associated with an AWS resource.

The key:value pair can be anything you define. Typically, the tag key represents a category (such as “environment”) and the tag value represents a specific value within that category (such as “test,” “development,” or “production”). You can add up to 50 tags to each AWS resource.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-shield-protection.html#cfn-shield-protection-tags

Type:

Key