AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Authorizes the Shield Response Team (SRT) using the specified role, to access your Amazon Web Services account to assist with DDoS attack mitigation during potential attacks. This enables the SRT to inspect your WAF configuration and create or update WAF rules and web ACLs.
You can associate only one RoleArn with your subscription. If you submit an
AssociateDRTRole request for an account that already has an associated role,
the new RoleArn will replace the existing RoleArn.
Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy
managed policy to the role that you'll specify in the request. You can access this
policy in the IAM console at AWSShieldDRTAccessPolicy.
For more information see Adding
and removing IAM identity permissions. The role must also trust the service principal
drt.shield.amazonaws.com. For more information, see IAM
JSON policy elements: Principal.
The SRT will have access only to your WAF and Shield resources. By submitting this request, you authorize the SRT to inspect your WAF and Shield configuration and create and update WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.
You must have the iam:PassRole permission to make an AssociateDRTRole
request. For more information, see Granting
a user permissions to pass a role to an Amazon Web Services service.
To use the services of the SRT and make an AssociateDRTRole request, you must
be subscribed to the Business
Support plan or the Enterprise
Support plan.
This is an asynchronous operation using the standard naming convention for .NET 4.5 or higher. For .NET 3.5 the operation is implemented as a pair of methods using the standard naming convention of BeginAssociateDRTRole and EndAssociateDRTRole.
Namespace: Amazon.Shield
Assembly: AWSSDK.Shield.dll
Version: 3.x.y.z
public virtual Task<AssociateDRTRoleResponse> AssociateDRTRoleAsync( AssociateDRTRoleRequest request, CancellationToken cancellationToken )
Container for the necessary parameters to execute the AssociateDRTRole service method.
A cancellation token that can be used by other objects or threads to receive notice of cancellation.
| Exception | Condition |
|---|---|
| AccessDeniedForDependencyException | In order to grant the necessary access to the Shield Response Team (SRT) the user submitting the request must have the iam:PassRole permission. This error indicates the user did not have the appropriate permissions. For more information, see Granting a User Permissions to Pass a Role to an Amazon Web Services Service. |
| InternalErrorException | Exception that indicates that a problem occurred with the service infrastructure. You can retry the request. |
| InvalidOperationException | Exception that indicates that the operation would not cause any change to occur. |
| InvalidParameterException | Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties. |
| OptimisticLockException | Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request. |
| ResourceNotFoundException | Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties. |
.NET Core App:
Supported in: 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.5